Category Archives: Mobile Security

Is Employee Negligence Threatening Your Information Security?

Between bring-your-own-device (BYOD) policies, shadow IT and an increasingly mobile workforce, companies today are wrapped up in broad potential attack surfaces from employee negligence. When it comes to information security, offsite and remote workers, vulnerable paper trails, unmanned computers, and a host of other forms of employee negligence pose increasing risks to U.S. companies.

“Risky employee behavior and bad habits, coupled with a lack of employer-led training, is not only breeding a culture of lax information security, but is posing serious legal, financial and reputational risks to U.S. businesses of all sizes,” said Monu Kalsi, vice president of Shred-it.

How Can Companies Train Out Employee Negligence?

Many of the riskiest offenses are ones that employees might not even consider potentially negligent or dangerous behavior, such as leaving a computer unlocked or unattended when leaving the office for the day. These might seem like small oversights, but they can have dire consequences.

Many enterprises now include security training in their onboarding process to teach end users about data protection and cybersecurity best practices. Unfortunately, those efforts often do not extend beyond the first month or so of work.

When training programs occur infrequently, employees are less likely to retain essential information, leaving them unprepared to act in accordance with the security guidelines in place. A lot changes in a year’s time, and you’ll need your employees to know about those changes in order to fix their habits.

Establishing Remote Control Over Mobile Security

Despite the ongoing increase in remote workers, as reported in Gallup’s “State of the American Workplace Report,” security training and best cyber hygiene practices are still not a priority among U.S. businesses, according to Shred-it’s “2018 State of the Industry Report.” The latter survey found that over half of small business owners have no policy in place for remote workers.

“Training needs to address the evolving status of your business and the industry in general, which means it needs to be frequent and ongoing,” Kalsi said.

How to Create a Security-Focused Culture

Forty-seven percent of C-Suite executives and 42 percent of small business owners reported internal human error as the source of data compromise in Shred-it’s study, reinforcing the critical need to increase employee awareness around data security.

“In order to establish a culture that is committed to data security, training must be continuous,” Kalsi said.

The problem is that so many organizations don’t really understand what continuous training entails. What does the curriculum even look like?

“Conducting regular information sessions and providing accessible training opportunities for staffers both old and new is a great rule of thumb to ensure all employees have resources available to them to help them understand your company’s security policies,” Kalsi said.

Implementing regular review procedures can also help to identify issues as soon as they arise so that you can be sure sensitive information is handled properly in daily functions across the business. Vetting and training internal staff is just as important as evaluating external partners before working together and exchanging sensitive information.

Don’t Forget About Non-Cyber Risks

Although seldom discussed, mistakes in the treatment of physical data can also lead to a breach. For example, the U.S. Department of Homeland Security experienced a breach back in February when an employee left Super Bowl security plans in the seat pocket of a commercial passenger plane, as reported by CNN.

“Of course, mistakes happen,” Kalsi conceded, “but establishing a culture that equally prioritizes physical and cybersecurity ensures that employees are as prepared as possible,”

Updating the workplace policy to reflect all of these lesser-known security risks is key to arming staff with the knowledge and skills they need to effectively protect your business. Teaching employees basics like how to properly dispose of a hard drive will significantly reduce your risk of a breach.

“As long as hard drives are still physically intact, all private information can be retrieved,” said Kalsi. “This means that if your hard drive disposal process includes erasing, reformatting, wiping or degaussing, you’re still vulnerable.”

Employees need to understand the pain points where both physical and digital data could be at risk. Consistently reminding employees to be security-aware in their daily habits will help reshape the way they perceive data security and your organization’s priorities overall.

The post Is Employee Negligence Threatening Your Information Security? appeared first on Security Intelligence.

The Importance of Security Awareness in Our Connected Lifestyle

Not very long ago, people could be seen walking around waving their mobile phones in the air, looking for a network connection. Today, we are talking 5G! Our kids just can’t imagine a world without gadgets and internet! Little kids as young as four can turn on and instruct Alexa, search for new games on smartphones and talk to digital devices.

Moving Toward an Increasingly Connected Lifestyle

Ours is a connected world and we are constantly connected to the internet- be it through our smartphones, digital assistants, gaming and reading devices, laptops, wearable devices, remote monitoring devices like CCTV and many more. While this leads to time saving, higher efficiency, and greater comfort, there are a few safety checks, which if ignored, may lead to data and ID thefts.

I was recently reading an article on the 5G revolution. South Korea, I believe, already enjoys phenomenal browsing and download speeds, and so will rest of the world very soon. It will also hopefully reduce lags and connectivity disruptions that we currently experience. More IoT (Internet of Things) devices will come into play and home Wi-Fi routers will have a larger count of devices connected to it. Needless to say, this calls for ensuring maximum security for the router as well as all our devices.

Moreover, we often use public Wi-Fi connections to browse; which expose us to possible cyber attacks. Often, something as innocuous as using external storage devices or delaying the installation of updates can lead to malware entering the device system. What happens if cyber attackers worm into our systems? They can spy on us, regulate our smart devices, and even listen in on our baby monitor, to name a few.

As many countries observe October as Cybersecurity Month, it is the right time to have a discussion on how we can keep our connected homes safe.

Let’s discuss some of the common causes that can lead to device hacking:

  • Software updating not done: Security companies and your OS vendors keep sending patches to give cover for latest viruses and thus enhance protection against cyberattacks. Delay in patch installation exposes our device to attacks. It is therefore advisable to set updates to automatic.
  • Increasing use of IoT devices: Our smartwatch or smartphone, digital assistants or digital toys are all connected to Wi-Fi. This offers cyber criminals a bigger hunting ground. They try to find and exploit vulnerabilities in these devices
  • Outdated security: Despite being aware of safety issues related to not securing devices with licensed comprehensive software, we often neglect this very important step. At best, we download and use free security tools which may not offer cover against more sophisticated attacks.
  • Carelessness of users: But the security chain also includes us, the users. We may click on malicious links or download infected files. We may also visit unsafe websites, making it easy for cyber criminals to target us

How to use smart devices safely:

  • Use unique, complex passphrases: Strong passphrases (not passwords you will notice) will go a long way in keeping hackers at bay. If the thought of remembering several passphrases daunts you, go for a password manager
  • Set up autolock: Set up autolock and PIN protect your devices. Modern devices offer biometric locks as well. Make use of them
  • Keep auto update turned on: This way your OS and security tool would always receive patches and updates on time and you will receive maximum protection
  • Check security settings before buying IoT devices: Before buying any connected toy or device, research the manufacturer to find out if they give security top priority. Check out the security they offer and change default passcodes. Also, do read the terms and conditions to know how the vendor plans to secure your data
  • Secure your home Wi-Fi router: As this will be the point for connecting with the net, this device needs to be secured with a strong passphrase. It’s a good idea to change the passphrase from time to time. Keep an eye on data consumption too
  • Install and run licensed comprehensive security software: Don’t go for free, your devices and your personal data are at stake here. Instead, use a comprehensive security solutionto protect your technology
  • Be aware: Awareness pays. If you know of the latest threats doing the round, you would take necessary precautions and share your knowledge with friends and family accordingly

We can do it, can’t we? A few simple measures help secure our digital lives and allow us to take full advantage of what tech has to offer. Let us be ready to welcome 5G in our lives.

Stay safe, stay secure!

 

The post The Importance of Security Awareness in Our Connected Lifestyle appeared first on McAfee Blogs.

Ready for Door-to-Door Delivery: Mobile Cybersecurity Simulation Training

Without practice or cybersecurity simulation training, how are organizations — all the way up to the C-suite — able to deal with the magnitude of a massive breach? Picture it: Firefighters don’t show up at a blaze without first training under a multitude of scenarios: collapsing houses, multilevel office buildings, construction sites, burning oil tankers, etc. Likewise, pilots and flight crews train and prepare for engine failures, unexpected loss of cabin pressure, cockpit fires, weather anomalies and running out of fuel. They train as individuals, they train together, and they prepare and develop endurance for myriad situations they could potentially face.

However, when it comes to cybersecurity, this type of training is far from the norm. Companies that come under attack should have made adequate preparations, but I regularly experience the opposite. Occasionally, organizations have a security scenario, so at least IT and security staff have some idea of where to start. But many of these professionals have never received real-life training, and without that practice and the ability to take fast and decisive action during an attack, security teams, executives and others in the organization often show up unprepared.

As you can imagine, not training is an ineffective approach. The main question you should be asking is this: Have we been truly tested as a team?

Why Training Is Crucial to Successful Incident Response

Since the successful 2016 launch of our X-Force Command Cyber Range in Cambridge, Massachusetts, something amazing has unfolded: The demand for immersive cybersecurity simulation training is at an all-time high. The IBM Security facility has played host to more than 2,000 people since it opened, and there are no signs of letting up. But it’s no surprise to see the growing popularity of such a facility, and the opportune experience for teams and executives, because they see what we see: Making it through a breach with relative success doesn’t just happen — it needs to be planned and practiced.

The past two years have shown that all parts of an organization need to train like an elite team, each preparing for its role in a breach. Cyber Range participants have learned that time is not on their side, and that fast, measured action is typically the only way to reduce the impact of an attack. People who’ve been to the Cyber Range have remarked that it was more educational and enlightening than they’d expected. Furthermore, they’ve reported not having realized how many moving parts there are in a cyberbreach, and how truly unprepared they were before they arrived in our facility.

With this growing demand and word spreading, we began to hear from organizations around the globe. But the prospect of sending teams to different countries seemed overwhelming due to the time needed for travel, plus the costs of travel and accommodations. We knew we wanted to provide the Cyber Range experience to a broader audience, but choosing a location was not a straightforward task; with so many countries and so many airport hubs, the possibilities were endless. Thankfully, an outstanding suggestion was made: build a mobile cyber range.

An Immersive Cybersecurity Simuation Experience on Wheels

The IBM X-Force Command Cyber Tactical Operations Center (C-TOC) is a state-of-the-art cyber range on wheels. Recently unveiled at our fourth annual IBM Security Summit in New York City on Oct. 15, the C-TOC will go on a short tour to select U.S. cities before heading to Europe in early 2019.

The C-TOC is modeled after mobile command centers, delivering an entire corporate IT environment for immersive breach response training exercises. It can also be configured as a sterile environment for cyber investigations or as an on-site cyber watch floor for special security events.

With this mobile cybersecurity simulation training facility, we will be able to bring the tools and experience of the Cyber Range to a larger, global audience, helping organizations develop the mastery and skills needed for cyberattack preparedness. This is another major stage in our mission to improve incident response (IR) efforts for organizations around the world.

Take a closer look

The post Ready for Door-to-Door Delivery: Mobile Cybersecurity Simulation Training appeared first on Security Intelligence.

Working Together to Ensure Better Cybersecurity

For many, it’s hard to picture a work environment that doesn’t revolve around the use of technology. Digital, cloud-based services coupled with access through mobile and IoT devices have completely reshaped organizations by streamlining business processes and enabling people to work anywhere, anytime. Thanks to these advances, there have also been a variety of recent shifts in how employers and employees interact with each other, ranging from liberal remote work policies companies asking employees to bring their own devices to work.

Often these changes feel remarkable, efficient and convenient, as they make our work lives much more efficient – but these advancements also create concerns around cybersecurity. Many devices contain both personal and professional data , and when we take our work home or on the go with us, we’re not constantly protected by a company firewall, safe Wi-Fi, or other standard cybersecurity measures. Regardless of what industry you are in, online safety is no longer just IT’s problem. Cybersecurity is now a shared responsibility between an organization and its employees.

Naturally, these changes require education and communication around cybersecurity best practices in order to develop positive habits that will keep both employers and employees safe. Getting a habit to stick also requires an organization to develop culture of security in tandem, in which every individual and department is accountable for cybersecurity and bands together with the shared objective of staying secure.

October is National Cybersecurity Awareness Month, which is a great time to look at how everyone can be a part of the cybersecurity solution within their organization. If cybersecurity has not historically not been a priority within an organization, starting a conversation about it can be difficult, whether you’re an employee or an employer. Consider using these tips to start thinking about personal cybersecurity and how that translates into an overall cybersecurity plan within your organization.

Employers can take the following steps:

  • Identify which company assets are of greatest value, then ensure security measures are in place. Employee, customer, and payment data are all assets that cybercriminals could leverage via phishing, malware, password breaches, and denial-of-service (DoS) attacks. Begin to develop a formal cybersecurity plan based on your specific needs.
  • Set up an alert system. Put a system into place that will alert employees and your organization of an incident. This also includes an avenue for employees to report problems they might notice before they become widespread. The sooner people know about a vulnerability, the faster they can respond and take action.
  • Develop a response plan. Practice an incident response plan to contain an attack or breach. Keep in mind the goal of maintaining business operations in the short term while assessing the long-term effects of the cyber incident.

Employees can follow these guidelines:

  • Regularly update your device’s software. This is the easiest way to ensure your devices are equipped with vital patches that protect against flaws and bugs that cybercriminals can exploit.
  • Take security precautions, even if your company isn’t there yet. Professional and personal information is often intertwined on our devices – especially our mobile phones. Keep all your data secure with comprehensive mobile security, such as McAfee® Mobile Security. Then work within your organization to develop a cybersecurity plan that works for all.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Working Together to Ensure Better Cybersecurity appeared first on McAfee Blogs.

McAfee Blogs: The Dangers of Linking Your Apple ID to Financial Accounts

The digital wallets of Chinese citizens are under attack thanks to a few bad apples. A recent string of cyberattacks in China utilized stolen Apple IDs to break into customers’ accounts and steal an undisclosed amount of money, according to a Bloomberg report. Almost immediately, Chinese e-transaction giants Tencent Holdings and Alipay warned their customers to monitor their accounts carefully, especially those who have linked their Apple IDs to Alipay accounts, WeChat Pay or their digital wallets and credit cards.

While Alipay works with Apple to figure out how this rare security breach happened and how hackers were able to hijack Apple IDs, they’re urging customers to lower their transaction limits to prevent any further losses while this investigation remains ongoing. Because Apple has yet to resolve this issue, any users who have linked their Apple IDs to payment methods including WeChat Pay — the popular digital wallet of WeChat which boasts over a billion users worldwide and can be used to pay for almost anything in China — remain vulnerable to theft. Apple also advises users to change their passwords immediately.

This security breach represents a large-scale example of a trend that continues to rise: the targeting of digital payment services by cybercriminals, who are capitalizing on the growing popularity of these services. Apple IDs represent an easy entry point of attack considering they connect Apple users to all the information, devices and products they care about. That interconnectivity of personal data is a veritable goldmine for cybercriminals if they get their hands on something like an Apple ID. With so much at stake for something as seemingly small as an Apple ID, it’s important for consumers to know how to safeguard their digital identifiers against potential financial theft. Here are some ways they can go about doing so:

  • Make a strong password. Your password is your first line of defense against attack, so you should make it as hard as possible for any potential cybercriminals to penetrate it. Including a combination of uppercase and lowercase letters, numbers, and symbols will help you craft a stronger, more complex password that’s difficult for cybercriminals to crack. Avoid easy to guess passwords like “1234” or “password” at all costs.
  • Change login information for different accounts. An easy trap is using the same email and password across a wide variety of accounts, including Apple IDs. To better protect your Apple ID, especially if it’s linked to your financial accounts, it’s best to create a wholly original and complex password for it.
  • Enable two-factor authentication. While Apple works on identifying how these hackers hijacked Apple IDs, do yourself a favor and add an extra layer of security to your account by enabling two-factor authentication. By having to provide two or more pieces of information to verify your identity before you can log into your account, you place yourself in a better position to avoid attacks.
  • Monitor your financial accounts. When linking credentials like Apple IDs to your financial accounts, it’s important to regularly check your online bank statements and credit card accounts for any suspicious activity or transactions. Most banks and credit cards offer free credit monitoring as well. You could also invest in an identity protection service, which will reimburse you in the case of identity fraud or financial theft.

Stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, listening to our podcast Hackable?, and ‘Liking’ us on Facebook.

The post The Dangers of Linking Your Apple ID to Financial Accounts appeared first on McAfee Blogs.



McAfee Blogs

The Dangers of Linking Your Apple ID to Financial Accounts

The digital wallets of Chinese citizens are under attack thanks to a few bad apples. A recent string of cyberattacks in China utilized stolen Apple IDs to break into customers’ accounts and steal an undisclosed amount of money, according to a Bloomberg report. Almost immediately, Chinese e-transaction giants Tencent Holdings and Alipay warned their customers to monitor their accounts carefully, especially those who have linked their Apple IDs to Alipay accounts, WeChat Pay or their digital wallets and credit cards.

While Alipay works with Apple to figure out how this rare security breach happened and how hackers were able to hijack Apple IDs, they’re urging customers to lower their transaction limits to prevent any further losses while this investigation remains ongoing. Because Apple has yet to resolve this issue, any users who have linked their Apple IDs to payment methods including WeChat Pay — the popular digital wallet of WeChat which boasts over a billion users worldwide and can be used to pay for almost anything in China — remain vulnerable to theft. Apple also advises users to change their passwords immediately.

This security breach represents a large-scale example of a trend that continues to rise: the targeting of digital payment services by cybercriminals, who are capitalizing on the growing popularity of these services. Apple IDs represent an easy entry point of attack considering they connect Apple users to all the information, devices and products they care about. That interconnectivity of personal data is a veritable goldmine for cybercriminals if they get their hands on something like an Apple ID. With so much at stake for something as seemingly small as an Apple ID, it’s important for consumers to know how to safeguard their digital identifiers against potential financial theft. Here are some ways they can go about doing so:

  • Make a strong password. Your password is your first line of defense against attack, so you should make it as hard as possible for any potential cybercriminals to penetrate it. Including a combination of uppercase and lowercase letters, numbers, and symbols will help you craft a stronger, more complex password that’s difficult for cybercriminals to crack. Avoid easy to guess passwords like “1234” or “password” at all costs.
  • Change login information for different accounts. An easy trap is using the same email and password across a wide variety of accounts, including Apple IDs. To better protect your Apple ID, especially if it’s linked to your financial accounts, it’s best to create a wholly original and complex password for it.
  • Enable two-factor authentication. While Apple works on identifying how these hackers hijacked Apple IDs, do yourself a favor and add an extra layer of security to your account by enabling two-factor authentication. By having to provide two or more pieces of information to verify your identity before you can log into your account, you place yourself in a better position to avoid attacks.
  • Monitor your financial accounts. When linking credentials like Apple IDs to your financial accounts, it’s important to regularly check your online bank statements and credit card accounts for any suspicious activity or transactions. Most banks and credit cards offer free credit monitoring as well. You could also invest in an identity protection service, which will reimburse you in the case of identity fraud or financial theft.

Stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, listening to our podcast Hackable?, and ‘Liking’ us on Facebook.

The post The Dangers of Linking Your Apple ID to Financial Accounts appeared first on McAfee Blogs.

Mobile security threats: Lack of visibility is putting businesses at risk

A significant lack of visibility into devices and networks is putting businesses at risk for data leakage and phishing attacks, according to a study conducted by Enterprise Mobility Exchange. The study showed that nearly 50 percent of mobile workers spend the majority of their worktime connected to non-corporate public Wi-Fi and carrier networks. Of that 50 percent, over 27 percent claim to connect to non-corporate owned networks more than 76 percent of the time. And, … More

The post Mobile security threats: Lack of visibility is putting businesses at risk appeared first on Help Net Security.

Digital Assistants, Cryptocurrency, Mobile Malware: Trends from ‘McAfee Labs Threats Report’

Every three months, our team crafts the McAfee Labs Threats Report. The quarterly report ranges in topic and severity but always touches on the most important and impactful threats afflicting consumers and companies alike. This year, the McAfee Labs team analyzed an average of 1,800,000 URLs, 800,000 files and 200,000 high-risk files to produce the McAfee Labs Threats Report: September 2018, which features digital assistants, cryptocurrencies, and cybercriminal gangs up to no good. Overall, it’s been an eventful quarter.

So, what are the key takeaways for you? Notably, our team has continued to track a downward trend in new malware attacks for the second successive quarter. Good news on the surface, but that trend may not be indicative of much; as we also saw a spike in new malware in Q4 2017. We’ll continue to watch this into next year. Significantly, we found that a good portion of net new malware is designed for mobile, which increased 27 percent over the previous quarter. In addition, here’s a look at the other trending stories we uncovered.

Digital Assistants

Digital assistants are advanced programs that we can converse with to research, act on our behalf and overall help make our digital lives more comfortable. Siri, Bixby and Google Assistant are few. But one digital assistant, Microsoft’s Cortana, is a little too helpful. The good news, Microsoft quickly rolled out a fix for this vulnerability to protect your Windows 10 computer. Be sure your software is up to date.

Cryptocurrency

The second story involves cryptocurrencies. Cryptocurrencies are digital tokens generated by a computer after solving complex mathematical functions. These functions are used to verify the authenticity of a ledger, or blockchain. Blockchains, by their nature, are relatively secure. But an account that is connected to a blockchain — usually, in this case, associated with a cryptocurrency — is not. And that’s where cybercriminals are focusing their efforts, with coin miner malware up 86% in Q2 2018.

Our report found cybercriminals are chasing after access to cryptocurrencies and they’re doing so using familiar tactics. For example, phishing attacks — where cybercriminals pose as someone else online — are popular tools to take over a cryptocurrency-related account. Malicious programs are also deployed to collect passwords and other information related to an account before stealing virtual currency. You can read more about blockchain and cryptocurrency vulnerabilities here. 

Malicious Apps

Finally, the McAfee Mobile Research team found a collection of malicious applications facilitating a scam in the Google Play store. The apps in question siphon money from unwary users through billing-fraud. Billing-fraud collects money from victims for “using” a “premium” service, such as sending texts to a particular number.

In this case, the cybercriminal ring known as the AsiaHitGroup Gang attempted to charge at least 20,000 victims for downloading fake or copied versions of popular applications. To increase its potential, AsiaHitGroup Gang is using geolocation to target vulnerable populations.

So, what can you do to stay safe in the face of these threats? Here are three quick tips:

  • Limit device access. If you can, limit the ability and access a digital assistant has to your device. Often, you can adjust where and how an assistant is activated through your settings. Otherwise, update your software regularly, as many updates contain security fixes.
  • Create strong passwords. If you’re participating in the cryptocurrency market, then make sure you use strong, robust passwords to protect your accounts. This means using upper case, lower case, symbols and numbers for passwords that are 12 characters long. Afraid you might forget the key to your account? Consider using a password manager.
  • Be careful what you download. Always do some light research on the developer of a mobile application. If the information is hard to come across or absent, consider using an alternative program. Additionally, never download mobile applications from third-party app stores. Genuine stores, like Google Play and Apple’s App Store, should provide you with what you need.

And, of course, stay informed. To keep atop of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Digital Assistants, Cryptocurrency, Mobile Malware: Trends from ‘McAfee Labs Threats Report’ appeared first on McAfee Blogs.

Bringing It All Back Home: Why You Should Apply Enterprise Network Security Policies to Your Smart Home

October is National Cybersecurity Awareness month, and as the relevance of cybersecurity at both home and work continues to explode, there’s never been a better time to underscore some underrated themes that we may not think enough about year-round. One oft-overlooked issue is the importance of securing our home devices with hardened network security policies, just as your security operations center (SOC) likely does at work.

Home Is Where the Data Is

In the modern workplace, personal devices inevitably find their way onto enterprise networks. Here’s a sobering statistic: According to a recent Infoblox report, about one-third of U.S., U.K. and German companies have more than 1,000 shadow, or unsanctioned, Internet of Things (IoT) devices connected to their network on a typical day. In the U.K., 12 percent of companies surveyed reported more than 10,000.

Even more alarming, 46 percent of those devices are smart TVs, and 33 percent are smart kitchen devices. These types of IoT hardware are far from inherently secure; because their core purpose is not to host proprietary data, the risks often go overlooked.

Should any of these personal devices become breached, the impact to both the individual and the enterprise can be dramatic. Francis Dinha, CEO of OpenVPN, has studied the effect of these breaches and said that bad employee decisions are sabotaging corporate security initiatives.

“If you’re working from home and your personal device is breached, not only is your own personal data at risk, but so is that of your employer,” Dinha said. “If you can connect with your company network via your personal device, then once that device is breached, hackers can do the same thing. That’s why security on home devices is of such paramount importance.”

What Network Security Policies Should You Apply to Your Home IT?

So how can you keep your connected devices secure at home — and, by proxy, better protect your enterprise networks at work?

The first thing both home IT users and enterprise security teams should do is make sure all software is up to date. Cybercriminals can use even the most innocuous connected appliances to form massive botnets that spread malware and facilitate large-scale distributed denial-of-service (DDoS) attacks.

“The most prevalent threat is automated attacks that are trying to take over devices as they would personal computers, to assemble into a group that can be used for their own purposes,” said Wendy Nather, director of advisory chief information security officers (CISOs) at Duo Security, as quoted by Engadget.

Another basic practice that’s crucial to both home and enterprise security is password management. Be sure to create unique passwords and, if devices come with default credentials, change them immediately. To keep track of all these unique passwords, consider using a password management tool.

The Engadget piece also advised users with sufficient computing power to consider setting up a separate Wi-Fi network for their smart home devices. This can help isolate devices such as smart speakers, thermostats and other appliances from personal computers and mobile devices, which are much more likely to access sensitive enterprise data.

Finally, be sure to do your homework before purchasing IoT products and read the terms of use before activating a new connected device. Although much of this language is legal and technical jargon, you can search for consumer reviews online to see if anyone else has researched how the vendor handles personal data.

Harden Your Network With User Education and Zero Trust

Once you understand how home IT risks translate to potential enterprise security threats, it’s time to ensure that you have the right data protection policy in place. Like anything involving cybersecurity, this is easier said than done.

Let’s start with the basics: According to Dinha, a security policy covering devices at home should include two-factor authentication (2FA) and a virtual private network (VPN) at the very least. For a security strategy to be truly effective, the enterprise needs to go a few steps further, beginning with user education.

“You’ll need an extensive education of your staff as to the risks of phishing and malware,” Dinha advised. “Your team needs to know what the policies are and why — and make sure they know how to recognize a dangerous or insecure link, and never to click on a link they don’t recognize.”

The next step, according to Dinha, is to implement a zero-trust network. Think of it like taking network segmentation to a whole other level: The granularity and microsegmentation of a zero-trust network enforces rules based on users, their locations and/or other relevant details to determine whether that user, machine or app requiring access should be trusted.

This new form of network won’t authenticate until it understands who the user is, where he or she is coming from and the security status of the endpoint. Once this is established, a restrictive policy can be applied to each situation. A zero-trust policy essentially gives users, machines and apps the least amount of network access required for their current needs.

Don’t Let Your Guard Down

If a zero-trust network isn’t an option for your enterprise, tried-and-true best practices always apply. If you have a bring-your-own-device (BYOD) policy, a mobile device management (MDM) system is a no-brainer. Keep all software on devices up to date, back up and encrypt their data whenever possible, and steer clear of public Wi-Fi networks.

Above all, organizationwide security awareness is what separates a business with strong defenses from one that is vulnerable to attack. When employees know what threats to look out for, they will look out for your business.

“The more tools and education you give your team, the more they’ll actively protect your data,” Dinha said.

This not only applies to how employees treat devices at work, but at home as well. As the IoT ecosystem expands and threat actors increasingly focus on hijacking connected devices for DDoS and other attacks, you can’t afford to let your guard down, even in the comfort of your own home.

The post Bringing It All Back Home: Why You Should Apply Enterprise Network Security Policies to Your Smart Home appeared first on Security Intelligence.

Visibility and Control: A One-Two Punch for Securing iOS Devices in the Enterprise

When the iPhone was first introduced, Steve Jobs described it as “way smarter than any mobile device has ever been and super easy to use.” It’s no wonder that millions of iOS devices have since been deployed within the workplace, packed full of apps that fuel everyday communications, collaboration and productivity use cases.

Over time, organizations have not only grown accustomed to using iPhones and iPads for day-to-day processes, they’ve become dependent on them. With this in mind, IT and security leaders in charge of enabling productivity while securing smartphones and tablets must embrace these devices’ advantages responsibly. Adding to the complexity, they must also find a way to achieve security without disrupting an otherwise positive user experience that is exemplified by anytime, anywhere accessibility.

Swing for Visibility Into Mobile Activity

When considering the number of iOS devices that are being put to work, the various ways they’re being used, how far apart they’re located, and how they’re accessing a network, IT professionals have a lot to worry about. For this reason, it’s crucial to seek out an appropriate level of visibility. Optimally, an all-in-one display of this valuable information allows IT teams to understand user behavior on their devices — expanding beyond traditional mobile device management (MDM). For example, are employees using applications that could pose a potential threat to your organization?

When it comes to user app behavior, ask yourself: Do you have a strong understanding of the apps your mobile employees use most frequently? If you don’t have a way to assess the activity within your environment, it could be an app you know about or one you’ve never heard of. If it’s the latter, it would be good to know which users have the app and what level of activity has taken place.

Depending on what you uncover, the app might be completely normal — but there’s always a chance it’s not. Risky users might be using encryption to cover up their browsing history. Without seeing domain details for encrypted traffic, you have no way of knowing. Similarly, apps might be establishing local IP address connections on ephemeral ports. If that’s the case, and the device has corporate data on it, there’s a risk that other endpoints on the network could connect to it and swipe the proprietary data.

Strike With Control Over Risky User Behavior

Beyond visibility, IT professionals need a way to intervene at the most pivotal moments. If someone means to type in one URL, but ends up typing in another, are you certain the domain they’re navigating to is safe? Threat actors are aware of user error, and they commonly set up malicious sites to take advantage of those who may not check their spelling before they hit enter. That’s why it’s important to not only see device-specific web navigation activity, but to be able to act before problems arise.

To avoid mobile mishaps like this, IT and security leaders should invest in the appropriate threat defense capabilities to support the modern enterprise. No matter where your users are, what network they’re connected through or what they’re looking to do, it should be simple to take control if need be — whether you’re blocking, allowing or proxying traffic.

The Best of Both Worlds for Protecting iOS Devices

Built hand-in-hand with Apple, the Cisco Security Connector introduces a more granular level of visibility and control into corporate-owned iOS devices. This cloud-managed solution ensures that employees are protected and compliant at all times and wherever they go, and it can now be deployed and managed via IBM MaaS360 with Watson.

IT and security leaders can take advantage of this valuable integration by visiting the IBM Security App Exchange and downloading the Cisco Security Connector for MaaS360. To learn more about the IBM Security and Cisco partnership, visit the official alliance page.

Learn more about how Cisco and IBM are taking mobile security to the next level

The post Visibility and Control: A One-Two Punch for Securing iOS Devices in the Enterprise appeared first on Security Intelligence.

SecurityWeek RSS Feed: Passcode Bypass Method Exposes Photos, Contacts on iPhone XS

An iPhone enthusiast has disclosed yet another method for bypassing the iPhone lockscreen. The latest technique has been confirmed to work on the new iPhone XS running the latest version of Apple’s mobile operating system, iOS 12.

read more



SecurityWeek RSS Feed

New Malware-as-a-Service Threat Targets Android Phones

Security researchers discovered an emerging malware-as-a-service threat from Russia that would allow cybercriminals to infect Android phones with malicious software and block users from running security solutions on their devices.

The offering, called Black Rose Lucy, has a dashboard that shows simulated victims in France Israel and Turkey. This led researchers at Check Point Research to conclude that the Russian-speaking developers have likely run demos for prospective cybercrime groups that are interested in attacking targets in those countries. China is another likely target because it is the largest market for Android devices.

“Given time it could easily become a new cyber Swiss Army Knife that enables worldwide hacker groups to orchestrate a wide range of attacks,” the researchers warned in a threat report dated Sept. 13.

Malware-as-a-service is very much like any traditional cloud service, but instead of subscribing to a harmless application in the cloud, cyberthieves can subscribe to black-market malware services that provide them with all the tools they need to execute attacks.

How Black Rose Lucy Works

Black Rose Lucy has two main components:

  1. Lucy Loader, a dashboard that allows users to control an entire botnet of victim devices and deploy additional malware payloads.
  2. Black Rose Dropper, which targets Android phones, collects victim device data and can install extra malware from a remote command-and-control (C&C) server.

To infect phones, the dropper prompts victims to enable the Android accessibility service for an application called Security of the System, which is actually the dropper, according to Check Point Research. When enabled, Black Rose Lucy can grant itself device administrative privileges. When it receives Android Package Kit (APK) files from the C&C server, it installs the files by simulating user clicks.

Black Rose Lucy also has self-protection features. If popular security solutions or system cleaners are launched, it simulates a user click to the “back” or “home” button to exit the tools. The dropper also blocks users from performing a factory reset.

The researchers noted that Black Rose Lucy is likely designed to target China because its dropper pays attention to Chinese security and system tool applications.

How to Protect Your Network From Malware-as-a-Service Threats

The threat alert issued on the IBM X-Force Exchange advised IT organizations to update their antivirus software, apply the latest patches to all applications and operating systems, and monitor their environments for indicators of compromise (IoCs).

Security experts also recommend conducting hands-on security awareness training that includes immersive simulations and promotes organizationwide security buy-in from the top down.

The post New Malware-as-a-Service Threat Targets Android Phones appeared first on Security Intelligence.

IDC Releases 2018 Vendor Assessment for Ruggedized and IoT Device Deployments

Tasked with ensuring a secure and successful business transformation, IT and security leaders are actively working to get ahead of the ever-changing endpoint and mobile landscapes. This involves keeping up with constant evolution across disparate device types, which is best addressed with a unified endpoint management (UEM) solution. With UEM, IT teams can take a device-agnostic approach to supporting and enabling endpoints, end users and everything in between.

Stemming beyond traditional devices such as smartphones and laptops, wearables, ruggedized devices and the Internet of Things (IoT) fulfill a significant number of use cases for many businesses. Consequently, IT teams need an adequate means to manage these endpoints — plus their users, apps, content and data — alongside everything else.

To provide up-to-date context and streamline the UEM solution evaluation process for IT professionals, International Data Corporation (IDC) released a new MarketScape report, “Worldwide Enterprise Mobility Management Software for Ruggedized/IoT Device Deployments 2018.”

Read the report

Supporting Ruggedized and IoT Devices in the Modern Enterprise

Security leaders rely on ruggedized IoT devices to make sure their users are productive and, depending on the work environment, safe. UEM solutions can wirelessly push down security profiles to manage devices, any required apps and content directly to the device. The ease of use to deploy a fleet of devices is a requirement, otherwise it may be a detriment to the organization.

Since being introduced into the workplace, ruggedized Windows CE devices have maintained one of the largest operating system (OS) presences across all industries. With the ever-changing mobile landscape, support for Windows Embedded CE 6.0 ended as of June 10, 2018. Windows Embedded 8.1 Handheld and Windows Embedded Handheld 6.5 will no longer receive support beyond June 9, 2019 and Jan. 14, 2020, respectively.

In the face of these forthcoming changes, IT organizations that are heavily dependent on these OSs are taking proactive measures to not fall behind. In seeking the best possible compatibility, security and use case applicability, organizations could switch to a different OS altogether. Regardless, now is the time for IT teams to be critical of the UEM options at their disposal and research those with the broadest assortment of capabilities and the strongest strategies.

Understanding the 2018 IDC MarketScape for Ruggedized and IoT Device Deployments

The IDC report lends perspective into what IT teams should look for when considering a solution with strong ruggedized and IoT device management capabilities, such as:

These criteria considered, organizations must take notice of what they need to be successful: a solution that provides security and cohesion and is easy to use for both the administrators and end users. Today, users need to work with more than one device type and OS, so IT teams need to be able to manage everything under one solution.

What Made IBM a Standout Vendor in 2018

The IBM MaaS360 with Watson UEM has a 100 percent cloud-based delivery model, which is hosted on its own data centers that offer redundant architecture. As the most widely deployed IBM software-as-a-service (SaaS) solution, MaaS360 brings a strong set of UEM capabilities for IoT devices and offers support for a wide range of nontraditional consumer devices.

Utilizing over-the-air (OTA) capabilities, IT teams can deploy a fleet of devices without physically touching them, in what is considered a low-touch, no-touch deployment. In addition to fast deployments, remote assistance for end users is available depending on the OS. MaaS360 achieves this by integrating with TeamViewer to provide remote support, regardless of where the user is located. By allowing the user to open his or her device, have it already enrolled, and provide remote support within the solution, MaaS360 saves time and expense right out of the box.

Watson IoT has been a large driving factor in MaaS360’s support for ruggedized devices and IoT, working with some of the largest international logistics companies to reduce and eliminate worker fatigue and injury through the combined efforts of MaaS360.

For example, when a user clocks into his or her shift and picks up an enrolled shift device, a survey appears about his or her sleep the previous night and current energy levels. The user cannot begin his or her shift until the survey is complete, and the user is required to wear a health tracking device, along with other wearable proximity sensors. The health tracking device monitors the user’s heart rate and other levels to determine if he or she needs to take a break or end his or her shift. The proximity sensors can detect a fall or if the user is entering a hazardous work zone where accidents are prevalent. Using Watson IoT and MaaS360, the logistics company is provided with the data it needs to see how and when workers are affected by their environment and how to reduce injury, thus resulting in higher productivity.

Beyond its leadership in the latest industry analysis, IT and security leaders can rely on MaaS360 for its broad range of support for industry use cases, from retail, distribution and manufacturing to finance, healthcare and government. Beyond robust support for ruggedized and IoT devices, MaaS360 also supports the most commonly used OSs, including iOS/macOS, Android and Windows.

Learn More About MaaS360’s Approach to Ruggedized Device Management

If you’d like to learn more about MaaS360’s extensive ruggedized device management capabilities, watch our on-demand educational webinar. If you’re ready to see it in action, sign up for a free 30-day trial.

Watch the on-demand webinar, “Making Ruggedized Device Management Simple”

The post IDC Releases 2018 Vendor Assessment for Ruggedized and IoT Device Deployments appeared first on Security Intelligence.

Researchers Find ‘Authentication Weakness’ in Apple’s Device Enrollment Program

Researchers from Duo Security have discovered a vulnerability (it calls it an 'authentication weakness') in Apple's Device Enrollment Program (DEP). The flaw was reported to Apple in May 2018. It is not considered to be a major flaw, but could potentially have serious consequences. SecurityWeek has asked Apple if it has or plans to patch or fix the issue.

read more

Which Mobile Threats Do You Need to Prepare For?

Mobile devices are more ubiquitous than ever, with immeasurable amounts of data now being shared and manipulated on mobile platforms. Organizations rely heavily on their mobile environment to make business more efficient, increase productivity and enable employees to work while away from the office. However, this productivity is threatened by constantly evolving and proliferating mobile threats.

Mobile devices are today’s target of choice for attackers. Illegally exploiting their capabilities allows cybercriminals to locate users, eavesdrop on their conversations, and access their files, microphones, cameras and more. Still, many organizations underestimate the dangers posed by mobile threats.

Mobile Malware Is Rising

Threat actors primarily use three sensitive vectors to access mobile data: applications, networks and the devices themselves.

Mobile applications are widespread among employees, partners and clients and handle more information than any other media. According to Pradeo’s biannual “Mobile Security Report,” 77 percent of mobile threats occur at the application level. Mobile applications can frequently be the source of data leakage, and insecure applications can introduce unnoticed malware or spyware onto a device, exposing organizations to attacks and data breaches.

Malware can be divided into two categories: those that have known viral signatures and are labeled in virus databases, and those that are zero-day threats, or threats that have yet to be identified. Because they cannot be as easily detected, zero-day threats are much more dangerous.

Unfortunately, Pradeo reported a 92 percent rise in zero-day malware in the last six months, suggesting that modern threat actors are increasingly abandoning recognizable attacks and innovating to evade traditional security protections. Only mobile security solutions performing real-time behavioral analysis can detect this latter type of malware and ensure effective protection.

Out-of-Date Operating Systems Are Open Doors

Another mobile threat vector lies in the mobile device itself — particularly its operating system (OS). According to the report, the volume of mobile threats operating at the device level has increased by 100 percent. Many of these involve compromising a device’s OS, which gives attackers the privileged access they need to easily steal data from organizations.

Most mobile OS flaws are quickly discovered and patches are made available by the manufacturer. However, many mobile users wait days or weeks before installing new updates, giving cybercriminals a chance to take advantage of these vulnerabilities.

Public Wi-Fi Remains a Threat

People often connect their phones to public networks without realizing the potential risks. This leads to an increase in threats such as man-in-the-middle (MitM) attacks. In fact, attacks occurring over public Wi-Fi are the most common network threats facing mobile devices.

Employees that travel frequently are the most sensitive to such exploits and are at risk of exposing corporate data while connected to airport or restaurant Wi-Fi. Organizations need to make sure their traveling employees are aware of the risks and consider equipping them with security solutions that keep them protected against public Wi-Fi threats.

How Can Organizations Protect Their Mobile Environment?

Organizations often rely on unified endpoint management (UEM) solutions to manage and enforce compliance within their mobile fleet. These solutions can also enhance security, especially when integrated with other mobile threat defense solutions that provide on-device threat detection and remediation.

Combining UEM and integrated mobile defense solutions can help your organization embrace a proactive, automated strategy for combating mobile threats instead of relying on a reactive one.

Download Pradeo’s full 2018 Mobile Security Report 2018

The post Which Mobile Threats Do You Need to Prepare For? appeared first on Security Intelligence.

‘McAfee Labs Threats Report’ Highlights Cryptojacking, Blockchain, Mobile Security Issues

As we look over some of the key issues from the newly released McAfee Labs Threats Report, we read terms such as voice assistant, blockchain, billing fraud, and cryptojacking. Although voice assistants fall in a different category, the other three are closely linked and driven by the goal of fast, profitable attacks that result in a quick return on a cybercriminal’s investment.

One of the most significant shifts we see is that cryptojacking is still on the rise, while traditional ransomware attacks—aka “shoot and pray they pay”—are decreasing. Ransomware attacks are becoming more targeted as actors conduct their research to pick likely victims, breach their networks, and launch the malware followed by a high-pressure demand to pay the ransom. Although the total number of ransomware samples has fallen for two quarters, one family continues to spawn new variants. The Scarab ransomware family, which entered the threat landscape in June 2017, developed a dozen new variants in Q2. These variants combined make up more than 50% of the total number of Scarab samples to date.

What spiked the movement, starting in fall 2017, toward cryptojacking? The first reason is the value of cryptocurrency. If attacker can steal Bitcoins, for example, from a victim’s system, that’s enough. If direct theft is not possible, why not mine coins using a large number of hijacked systems. There’s no need to pay for hardware, electricity, or CPU cycles; it’s an easy way for criminals to earn money. We once thought that CPUs in routers and video-recording devices were useless for mining, but default or missing passwords wipe away this view. If an attacker can hijack enough systems, mining in high volume can be profitable. Not only individuals struggle with protecting against these attacks; companies suffer from them as well.

Securing cloud environments can be a challenge. Building applications in the cloud with container technology is effective and fast, but we also need to create the right amount of security controls. We have seen breaches in which bad actors uploaded their own containers and added them to a company’s cloud environment—which started to mine cryptocurrency.

New technologies and improvements to current ones are great, but we need to find the balance of securing them appropriately. Who would guess to use an embedded voice assistant to hack a computer? Who looks for potential attack vectors in new technologies and starts a dialog with the industry? One of those is the McAfee Advanced Threat Research team, which provides most of the analysis behind our threats reports. With a mix of the world’s best researchers in their key areas, they take on the challenge of making the (cyber) world safer. From testing vulnerabilities in new technologies to examining malware and the techniques of nation-state campaigns, we responsibly disclose our research to organizations and the industry. We take what we learn from analyzing attacks to evaluate, adapt, and innovate to improve our technology.

The post ‘McAfee Labs Threats Report’ Highlights Cryptojacking, Blockchain, Mobile Security Issues appeared first on McAfee Blogs.

5 Reasons Why Strong Digital Parenting Matters More than Ever

digital parentingAs a parent raising kids in a digital culture, it’s easy to feel at times as if you have a tiger by the tail and that technology is leading your family rather than the other way around.

But that familiar feeling — the feeling of being overwhelmed, outsmarted, and always a step or two behind the tech curve — is just a feeling, it’s not a fact.

Digital Parenting Matters

The fact is, you are the parent. That is a position of authority, honor, and privilege in your child’s life. No other person (device, app, or friend group) can take your place. No other voice is more influential or audible in your child’s mind and heart than yours.

It’s true that technology has added several critical skills to our parenting job description. It’s true that screens have become an integral part of daily life and that digital conversation can now shape our child’s self-image and perspective of his or her place in the world. All of this digital dominance has made issues such as mental health, anxiety, and cyberbullying significant concerns for parents.digital parenting

What’s also true is that we still have a lot of control over our kids’ screen time and the role technology plays in our families. Whether we choose to exercise that influence, is up to us but the choice remains ours.

Here are just a few reasons why strong digital parenting matters more than ever. And, some practical tools to help you take back any of the influence you feel you may have lost in your child’s life.

5 Digital Skills to Teach to Your Kids

Resilience

According to the American Psychological Association, resilience building is the ability to adapt well to adversity, trauma, tragedy, threats or even significant sources of stress. Resilience isn’t something you are born with. Kids become resilient over time and more so with an intentional parent. Being subject to the digital spotlight each day is a road no child should have to walk alone. September is National Suicide Prevention Month and an excellent opportunity to talk to your kids about resilience building. Digital Parenting Skills: Helping kids understand concepts like conflict-management, self-awareness, self-management, and responsible decision-making, is one of the most critical areas of parenting today. Start the conversations, highlight examples of resilience in everyday life, model resilence, and keep this critical conversation going.

Empathy

digital parentingEmpathy is the ability to understand and share the feelings of another person. Unfortunately, in the online space, empathy isn’t always abundant, so it’s up to parents to introduce, model, and teach this character trait. Digital Parenting Skills: According to Dr. Michele Borba, author of #UnSelfie: Why Empathetic Kids Succeed in Our All-About-Me World, there are 9 empathy-building habits parents can nurture in their kids including Emotional Literacy, Moral Identity, Perspective Taking, Moral Imagination, Self Regulation, Practicing Kindness, Collaboration, Moral Courage, and Altruistic Leadership Abilities.

Life Balance

Screentime is on the rise, and there’s no indication that trend is going to change. If we want kids that know the value of building an emotionally and physically healthy life, then teaching (and modeling) balance is imperative today. Digital Parenting Skills: Model screentime balance in your life. Be proactive in planning device-free activities for the whole family, and use software that will help you establish time limits on all devices. You might be surprised how just a few small shifts in your family’s tech balance can influence the entire vibe of your home.

Reputation Management

digital parenting

Most kids work reasonably hard to curate and present a specific image on their social profiles to impress their peers. Few recognize that within just a few years, colleges and employers will also be paying attention to those profiles. One study shows that 70% of employers use search engines and social media to screen candidates. Your child’s digital footprint includes everything he or she says or does online. A digital footprint includes everything from posts to casual “likes,” silly photos, and comments. Digital Parenting Skills: Know where your kids go online. Monitor their online conversations (without commenting publically). Don’t apologize for demanding they take down inappropriate or insensitive photos, comments, or retweets. The most important part of monitoring is explaining why the post has to come down. Simply saying “because I said so,” or “that’s crude,” isn’t enough. Take the time to discuss the reasons behind the rules.

Security and Safetydigital parenting

It’s human nature: Most us aren’t proactive. We don’t get security systems for our homes or cars until a break-in occurs to us or a close friend. Often, we don’t act until it gets personal. The same is true for taking specific steps to guard our digital lives. Digital Parenting Skills: Talk to your kids about online risks including scams, viruses and malware, identity fraud, predators, and catfishing. Go one step further and teach them about specific tools that will help keep them safe online. The fundamentals of digital safety are similar to teaching kids habits such as locking the doors, wearing a seatbelt or avoiding dangerous neighborhoods.

Your kids may be getting older and may even shrug off your advice and guidance more than they used to but don’t be fooled, parents. Kids need aware, digitally savvy parents more than ever to navigate and stay safe — both emotionally and physically — in the online arena. Press into those hard conversations and be consistent in your digital parenting to protect the things that truly matter.

Want to connect more to digital topics that affect your family? Stop by ProtectWhatMatters.online. Also, join the digital security conversation on Facebook.

 

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her onTwitter @McAfee_Family. (Disclosures)

The post 5 Reasons Why Strong Digital Parenting Matters More than Ever appeared first on McAfee Blogs.

Announcing McAfee’s Evolved Consumer Product Portfolio

Every fall the leaves change colors, sweaters replace sundresses, and new changes are afoot. Especially for us at McAfee. In fact, we’re announcing quite a few changes to our consumer security portfolio this fall. Tailored to the increasingly connected world we live in, our evolved line of products focuses on better performance, better ransomware protection, and a holistic approach to securing every facet of a connected consumer’s life. Curious how exactly our lineup does that? Allow us to break it down.

First, there are a few key product updates. In exciting news, McAfee Identity Theft Protection and McAfee Safe Family are now both included in McAfee Total Protection and McAfee LiveSafe. Additionally, McAfee Ransom Guard and PC Boost have been added to the entire product lineup, which includes McAfee AntiVirus, McAfee AntiVirus Plus and McAfee Internet Security. Now, let’s get into a few specifics about product performance.

Improved Performance

McAfee’s core lineup of products now sends malware analysis to the McAfee Global Threat Intelligence (GTI) cloud, which means fewer system resources are required, and PCs can work at optimal speeds. Beyond that, we’ve also implemented a few key PC enhancements, including:

  • McAfee App Boost – Helps resource-hungry apps complete tasks more quickly by automatically allocating more resources to applications the customer is actively using.
  • McAfee Web Boost – Prevents unwanted or unrequested downloads and system activity caused by auto-play videos resulting in reduced bandwidth and resource consumption.

There’s a few notable mobile enhancements as well, which include:

    • McAfee Mobile Security – Fully redesigned to deliver a more intuitive and engaging user experience.
    • McAfee Mobile Security for Android – Now includes machine learning capabilities within the mobile AV engine, which provides more efficient scanning and faster malware detection.
    • McAfee Mobile Security for iOS – New Wi-Fi Threat Scan shows the security status of the connected Wi-Fi network and alerts users if the Wi-Fi network they are connected to is at risk.

Increased Ransomware Protection

Ransomware attacks have shown no signs of slowing, which is why last year McAfee introduced a machine learning-based anti-virus engine with Real Protect to protect consumers from modern-day threats. And now we’ve updated our features to continue the fight against these advanced attacks. New features include:

  • McAfee Ransom Guard – Adds another layer of protection on the PC which monitors for suspicious file changes, warns the user when ransomware may be at work and suggests recommended actions for remediation. Additionally, this technology allows McAfee to detect many variants of zero-day ransomware.
  • Virus Protection Pledge – This year’s lineup extends the guarantee to six additional languages. If a customer enrolled in automatic renewal gets a virus with protection turned on, the customer support team will remove it, or the customer will receive a refund.

Protecting People’s Digital Lives

As people become more and more connected in the modern digital era, they’re in need of protection in every part of their online life. That’s why McAfee’s new lineup now includes features that make it easier than ever to protect what matters most. This includes:

  • McAfee Safe Family – Provides parents the visibility and controls needed to keep their children safer online when they use their PCs, smartphones and tablets.
    • Key features and benefits include: Activity reports, app and web blocking capabilities, screen time controls, location tracking, 1-click digital time-outs and more. McAfee Safe Family Premium is included with subscriptions to McAfee Total Protection 10 and McAfee LiveSafe.
  • McAfee Identity Theft Protection – Allows users to take a proactive approach to protecting their identities.
    • Key features and benefits include: Cyber monitoring, Social security number trace, credit monitoring, 24/7 agency support and ID recovery and stolen funds reimbursement. McAfee Identity Theft Protection Essentials is included with subscriptions to McAfee Total Protection 10 and McAfee LiveSafe.

So, whether you’re focused on fighting back against ransomware, or ensuring all your online interactions are protected from threats, our evolved portfolio of products is here to ensure you can live your connected life with confidence. Make sure you get proactive about your personal protection now.

To learn more about consumer security and our approach to it, be sure to follow us at @McAfee and @McAfee_Home.

The post Announcing McAfee’s Evolved Consumer Product Portfolio appeared first on McAfee Blogs.

McAfee Blogs: Announcing McAfee’s Evolved Consumer Product Portfolio

Every fall the leaves change colors, sweaters replace sundresses, and new changes are afoot. Especially for us at McAfee. In fact, we’re announcing quite a few changes to our consumer security portfolio this fall. Tailored to the increasingly connected world we live in, our evolved line of products focuses on better performance, better ransomware protection, and a holistic approach to securing every facet of a connected consumer’s life. Curious how exactly our lineup does that? Allow us to break it down.

First, there are a few key product updates. In exciting news, McAfee Identity Theft Protection and McAfee Safe Family are now both included in McAfee Total Protection and McAfee LiveSafe. Additionally, McAfee Ransom Guard and PC Boost have been added to the entire product lineup, which includes McAfee AntiVirus, McAfee AntiVirus Plus and McAfee Internet Security. Now, let’s get into a few specifics about product performance.

Improved Performance

McAfee’s core lineup of products now sends malware analysis to the McAfee Global Threat Intelligence (GTI) cloud, which means fewer system resources are required, and PCs can work at optimal speeds. Beyond that, we’ve also implemented a few key PC enhancements, including:

  • McAfee App Boost – Helps resource-hungry apps complete tasks more quickly by automatically allocating more resources to applications the customer is actively using.
  • McAfee Web Boost – Prevents unwanted or unrequested downloads and system activity caused by auto-play videos resulting in reduced bandwidth and resource consumption.

There’s a few notable mobile enhancements as well, which include:

    • McAfee Mobile Security – Fully redesigned to deliver a more intuitive and engaging user experience.
    • McAfee Mobile Security for Android – Now includes machine learning capabilities within the mobile AV engine, which provides more efficient scanning and faster malware detection.
    • McAfee Mobile Security for iOS – New Wi-Fi Threat Scan shows the security status of the connected Wi-Fi network and alerts users if the Wi-Fi network they are connected to is at risk.

Increased Ransomware Protection

Ransomware attacks have shown no signs of slowing, which is why last year McAfee introduced a machine learning-based anti-virus engine with Real Protect to protect consumers from modern-day threats. And now we’ve updated our features to continue the fight against these advanced attacks. New features include:

  • McAfee Ransom Guard – Adds another layer of protection on the PC which monitors for suspicious file changes, warns the user when ransomware may be at work and suggests recommended actions for remediation. Additionally, this technology allows McAfee to detect many variants of zero-day ransomware.
  • Virus Protection Pledge – This year’s lineup extends the guarantee to six additional languages. If a customer enrolled in automatic renewal gets a virus with protection turned on, the customer support team will remove it, or the customer will receive a refund.

Protecting People’s Digital Lives

As people become more and more connected in the modern digital era, they’re in need of protection in every part of their online life. That’s why McAfee’s new lineup now includes features that make it easier than ever to protect what matters most. This includes:

  • McAfee Safe Family – Provides parents the visibility and controls needed to keep their children safer online when they use their PCs, smartphones and tablets.
    • Key features and benefits include: Activity reports, app and web blocking capabilities, screen time controls, location tracking, 1-click digital time-outs and more. McAfee Safe Family Premium is included with subscriptions to McAfee Total Protection 10 and McAfee LiveSafe.
  • McAfee Identity Theft Protection – Allows users to take a proactive approach to protecting their identities.
    • Key features and benefits include: Cyber monitoring, Social security number trace, credit monitoring, 24/7 agency support and ID recovery and stolen funds reimbursement. McAfee Identity Theft Protection Essentials is included with subscriptions to McAfee Total Protection 10 and McAfee LiveSafe.

So, whether you’re focused on fighting back against ransomware, or ensuring all your online interactions are protected from threats, our evolved portfolio of products is here to ensure you can live your connected life with confidence. Make sure you get proactive about your personal protection now.

To learn more about consumer security and our approach to it, be sure to follow us at @McAfee and @McAfee_Home.

The post Announcing McAfee’s Evolved Consumer Product Portfolio appeared first on McAfee Blogs.



McAfee Blogs

How to Drive ROI and Improve Endpoint Security With a Managed Security Services Provider

If you’re an IT managed service provider (MSP), there’s a tremendous opportunity to help your clients save money by providing a high-value endpoint security services while you receive a high margin of return in exchange.

More specifically, businesses today are desperate to increase their endpoint security posture. In fact, the endpoint has become one of the greatest network security risks. Many can do it in-house, but they’d prefer not to if they can find a provider who will save them money and do it better. You can be that provider. But how?

The Magnitude of the Endpoint Security Problem

Enterprise networks are becoming more and more complex as the mobility of the workforce increases. Organizations must secure their systems, all of which use a wide range of operating systems, from the desktop to the cloud.

Just keeping track of all of those devices and ensuring that they’re up to date and compliant with security protocols is a huge job. But the greatest challenge comes from all the devices on the network that the security team doesn’t know about. After all, you can’t fix what you can’t see.

The Opportunity for Managed Security Service Providers

IT and managed security service providers (MSSPs) need to offer services that close this visibility gap for businesses. You can do so by leveraging technologies that discover all network assets and provide real-time visibility into their security and compliance status. But don’t stop there — technologies that just provide visibility only solve half the problem. Implement solutions for your client that provide dynamic situational awareness and rapidly fix the problems it finds.

Endpoint technologies that require significant configuration to work in a customer environment will increase your customers’ cost, reduce their return on investment (ROI) and eat into the profit margins of your services. These are lose-lose scenarios from a business perspective. Instead, select a lightweight, easily deployable technology that ships with extensive out-of-the-box content to find and fix the myriad endpoint problems that businesses face, including:

The solution you choose should enable to you find and fix problems for your clients within hours and with minimal effort. The required manpower should be no more than a few clicks of the mouse to deliver compliance to your clients at levels above 98 percent.

Endpoints are the center of the malware universe. When organizations suffer data breaches, it’s because their endpoints have been compromised, exposing the data that resides in them. Continuous compliance and enforcement of endpoint security policies is no longer just nice to have; it’s a requirement that should be on the minds of all C-suite executives.

Learn More About IBM BigFix for Managed Service Providers

The post How to Drive ROI and Improve Endpoint Security With a Managed Security Services Provider appeared first on Security Intelligence.

Radware Blog: IoT, 5G Networks and Cybersecurity: Safeguarding 5G Networks with Automation and AI

By 2020, Gartner says there will be 20.4 billion IoT devices. That rounds out to almost three devices per person on earth. As a result, IoT devices will show up in just about every aspect of daily life. While IoT devices promise benefits such as improved productivity, longevity and enjoyment, they also open a Pandora’s […]

The post IoT, 5G Networks and Cybersecurity: Safeguarding 5G Networks with Automation and AI appeared first on Radware Blog.



Radware Blog

McAfee Blogs: Mobile and Digital Payments: Worth the Risk?

Thanks in part to the convenience that our mobile devices provide for us, much of the world operates now on instant gratification. From accessing information on the web to doing work –and now sending and receiving digital payments– our devices and applications support us while we’re on the go. Whether we’re paying a friend for dinner, our roommate for rent, or otherwise, many of us use peer-to-peer (P2P) mobile and digital payment apps rather than cash to settle our bills.

P2P mobile and digital payment apps like Cash App, PayPal, Venmo, and Zelle have changed the way we transfer money; today it’s faster, simpler, and easier than ever. In fact, they’re so popular that it’s estimated that in 2018, $700 billion will be transferred in this manner. With so much money being sent and received in this way, the ease of transfer begs the question, how secure are these apps?

While some have turned to using cryptocurrency and blockchain to curtail the known dangers of traditional mobile payment apps, recent cryptojacking incidents have proven that even this new technology is not foolproof when it comes to cybersecurity and the determination of cybercriminals. And while the convenience of digital payments can’t be denied, we seem to be prioritizing ease of use over security. Let’s take a look at how digital payments work, as well as their security implications.

How Digital Payments Work

P2P apps like Venmo, Cash App, and others essentially all work in the same way.  Functioning as a digital wallet, users link the app to their bank accounts or credit and debit cards. Then the app adds or subtracts money based on when users receive or send a payment. From there, users can “cash out” their balance to their preferred digital property, such as the account attached to a card or bank account.

P2P Money Transfer Apps and Cybersecurity Concerns

On the surface, digital money transfers may seem harmless, when in fact, they could lead to a headache of unforeseen cybersecurity concerns. The good news is that most money transfer apps will reimburse you for fraudulent charges. However, if someone has physical access to your phone and you don’t keep it locked, they can send money to themselves or others and you won’t get that money back.

Aside from the obvious concern of losing your phone, if you use an unsecured network to transfer money, it’s easier for someone to launch a phishing attack to gain access to your data. That’s because some payment apps will send request links from other users to download the app on their device. These links can be manipulated by cybercriminals and often contain just a letter or number off so that these changes go unnoticed by day-to-day users. When clicked on, a user can be redirected to a web page and presented with malware or a virus and might be prompted to download it– giving an unfriendly host access to your financial information. Thankfully, leveraging your data plan or a VPN rather than an unsecured or pubic Wi-Fi network can help create an extra layer of protection, making it more difficult for cybercriminals to access your sensitive data.

Lastly, there are often unforeseen holes in software that provide backdoor access to your financial information. Meticulously updating the software on your mobile device can help patch up known security issues, also making it easier to protect your data.

Tips to Stay Safe While Using Peer-to-Peer Money Transfer Apps

If you already use a peer-to-peer money transfer app or are on the fence about downloading one, here are some tips to take into account. By practicing multiple security habits simultaneously, your financial information is much more likely to remain safe on your devices and apps:

  • Set up additional security measures. P2P payment platforms require access to sensitive financial information. Check your account settings to see if you can enable multi-factor authentication, PIN/Password requirement, or use fingerprint recognition.
  • Check your preferred app’s permission or settings. Some might share information about your transactions on social media or on the platform itself, like Venmo. Make adjustments to these settings if and when you see fit.
  • Update your software and apps. It’s a best practice to update software and apps when prompted to help seal vulnerabilities when they’re found.
  • Be aware of where you are conducting your money transfers. Opt to use your data plan or a secure, private Wi-Fi network when using a P2P payment app. If you connected to public Wi-Fi, cybercriminals could use the holes in these networks to access your personal banking information and possibly access your P2P app account. If you must use public Wi-Fi, then it’s a good idea to use a Virtual Private Network (VPN).
  • Confirm the deposit went through. When you receive a payment, that money is added to your in-system balance. This is where it will remain until you initiate the transfer to your bank account or use it for another transaction within the app. If you transfer the balance to your bank, confirm it went through. This could take anywhere from a few days to a week. If it takes longer, it’s worth investigating to stop suspicious behavior in its tracks.
  • Be wary of scammers and cybercriminals. If you don’t know the person to which you are sending a digital transfer (say to purchase tickets to an event), look for poor spelling or grammar from them and read links carefully. If something doesn’t look right, that’s often a tell-tale sign that you’re being led astray. Try to find an alternative way to pay, or better yet – find someone who is more trustworthy.

Interested in learning more about IoT and mobile security tips and trends? Stop by ProtectWhatMatters.online, and follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Mobile and Digital Payments: Worth the Risk? appeared first on McAfee Blogs.



McAfee Blogs

Mobile and Digital Payments: Worth the Risk?

Thanks in part to the convenience that our mobile devices provide for us, much of the world operates now on instant gratification. From accessing information on the web to doing work –and now sending and receiving digital payments– our devices and applications support us while we’re on the go. Whether we’re paying a friend for dinner, our roommate for rent, or otherwise, many of us use peer-to-peer (P2P) mobile and digital payment apps rather than cash to settle our bills.

P2P mobile and digital payment apps like Cash App, PayPal, Venmo, and Zelle have changed the way we transfer money; today it’s faster, simpler, and easier than ever. In fact, they’re so popular that it’s estimated that in 2018, $700 billion will be transferred in this manner. With so much money being sent and received in this way, the ease of transfer begs the question, how secure are these apps?

While some have turned to using cryptocurrency and blockchain to curtail the known dangers of traditional mobile payment apps, recent cryptojacking incidents have proven that even this new technology is not foolproof when it comes to cybersecurity and the determination of cybercriminals. And while the convenience of digital payments can’t be denied, we seem to be prioritizing ease of use over security. Let’s take a look at how digital payments work, as well as their security implications.

How Digital Payments Work

P2P apps like Venmo, Cash App, and others essentially all work in the same way.  Functioning as a digital wallet, users link the app to their bank accounts or credit and debit cards. Then the app adds or subtracts money based on when users receive or send a payment. From there, users can “cash out” their balance to their preferred digital property, such as the account attached to a card or bank account.

P2P Money Transfer Apps and Cybersecurity Concerns

On the surface, digital money transfers may seem harmless, when in fact, they could lead to a headache of unforeseen cybersecurity concerns. The good news is that most money transfer apps will reimburse you for fraudulent charges. However, if someone has physical access to your phone and you don’t keep it locked, they can send money to themselves or others and you won’t get that money back.

Aside from the obvious concern of losing your phone, if you use an unsecured network to transfer money, it’s easier for someone to launch a phishing attack to gain access to your data. That’s because some payment apps will send request links from other users to download the app on their device. These links can be manipulated by cybercriminals and often contain just a letter or number off so that these changes go unnoticed by day-to-day users. When clicked on, a user can be redirected to a web page and presented with malware or a virus and might be prompted to download it– giving an unfriendly host access to your financial information. Thankfully, leveraging your data plan or a VPN rather than an unsecured or pubic Wi-Fi network can help create an extra layer of protection, making it more difficult for cybercriminals to access your sensitive data.

Lastly, there are often unforeseen holes in software that provide backdoor access to your financial information. Meticulously updating the software on your mobile device can help patch up known security issues, also making it easier to protect your data.

Tips to Stay Safe While Using Peer-to-Peer Money Transfer Apps

If you already use a peer-to-peer money transfer app or are on the fence about downloading one, here are some tips to take into account. By practicing multiple security habits simultaneously, your financial information is much more likely to remain safe on your devices and apps:

  • Set up additional security measures. P2P payment platforms require access to sensitive financial information. Check your account settings to see if you can enable multi-factor authentication, PIN/Password requirement, or use fingerprint recognition.
  • Check your preferred app’s permission or settings. Some might share information about your transactions on social media or on the platform itself, like Venmo. Make adjustments to these settings if and when you see fit.
  • Update your software and apps. It’s a best practice to update software and apps when prompted to help seal vulnerabilities when they’re found.
  • Be aware of where you are conducting your money transfers. Opt to use your data plan or a secure, private Wi-Fi network when using a P2P payment app. If you connected to public Wi-Fi, cybercriminals could use the holes in these networks to access your personal banking information and possibly access your P2P app account. If you must use public Wi-Fi, then it’s a good idea to use a Virtual Private Network (VPN).
  • Confirm the deposit went through. When you receive a payment, that money is added to your in-system balance. This is where it will remain until you initiate the transfer to your bank account or use it for another transaction within the app. If you transfer the balance to your bank, confirm it went through. This could take anywhere from a few days to a week. If it takes longer, it’s worth investigating to stop suspicious behavior in its tracks.
  • Be wary of scammers and cybercriminals. If you don’t know the person to which you are sending a digital transfer (say to purchase tickets to an event), look for poor spelling or grammar from them and read links carefully. If something doesn’t look right, that’s often a tell-tale sign that you’re being led astray. Try to find an alternative way to pay, or better yet – find someone who is more trustworthy.

Interested in learning more about IoT and mobile security tips and trends? Stop by ProtectWhatMatters.online, and follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Mobile and Digital Payments: Worth the Risk? appeared first on McAfee Blogs.

SecurityWeek RSS Feed: Google’s Android Team Finds Serious Flaw in Honeywell Devices

Members of Google’s Android team discovered that some of Honeywell’s Android-based handheld computers are affected by a high severity privilege escalation vulnerability. The vendor has released software updates that should address the flaw.

read more



SecurityWeek RSS Feed

Personal mobile devices are the biggest threat to your network

Remote working and BYOD may be popular among employees but both pose a high risk to IT and security teams.Personal device use for remote work poses the biggest security risk

The post Personal mobile devices are the biggest threat to your network appeared first on The Cyber Security Place.

One Year Later, Over 2 Billion Devices Still Exposed to BlueBorne Attacks

One year after researchers disclosed the Bluetooth vulnerabilities dubbed BlueBorne, more than 2 billion devices are believed to still be vulnerable to attacks, either because their owners have failed to install patches or due to the fact that no patches are available.

read more

12 New iOS 12 Features That Promise to Enhance Enterprise Device Management

On Sept. 12, Apple announced several upgraded devices that will come preloaded with its latest mobile operating system (OS): iOS 12. With each new iteration of Apple’s mobile OS, new and exciting enhancements provide improved experiences for personal and professional use.

With iOS 12 comes a plethora of fun features, such as Memoji, which allows you to create and customize your own animated avatar, and a few user interface (UI) improvements centered around ease of use in native apps such as Messages and Photos. Other improvements are based around device performance and user-centric enhancements. The most noteworthy features, however, aren’t just for the end user, but the enterprise as well.

More Control, Less Hassle

Over the years, Apple has continuously improved its ability to meet the needs of IT and security leaders. Growing with the ever-changing mobile landscape, iOS has followed the evolution of device management, from mobile device management (MDM) to enterprise mobility management (EMM) to the most current solution, unified endpoint management (UEM). With UEM, IT teams can manage devices, users, apps, content, Internet of Things (IoT) deployments and everything in between under one console.

Each new version of iOS comes with new and improved management capabilities, and this latest iteration is no different. Most features will only apply to devices in Supervised Mode via the Apple Device Enrollment Program (DEP). These new features offer much-needed management capabilities, including:

  1. Enhanced performance — Apps will open twice as fast when running multiple processes, such as launching the keyboard and camera to quickly complete the task at hand;

  2. USB privacy and security — This new feature will make it more difficult for malicious actors to unlock an iOS device via USB connection;
  3. Health records and app development — Health record application programming interfaces (APIs) will allow developers for healthcare facilities to utilize patient records to monitor medications, admissions and history in a secure and encrypted manner;
  4. CarPlay enhancements — Third-party navigation apps can now be utilized with UEM solutions showing work-related notifications on screen;
  5. Password auto-fill — Users can take advantage of password auto-fill prompts on their devices, authenticated via TouchID or FaceID;
  6. Password proximity requests — Devices in range of each other (iOS to macOS, for example) can share a password request, much like the handoff feature;
  7. Password sharing — When connecting to a network for the first time, users can share the network password with other iOS devices for faster connectivity;
  8. Contact management — Unmanaged users can read corporate-managed contacts within their UEM solution;
  9. Critical alerts — Opt-in notifications that bypass Do Not Disturb offer important alerts, including notifications related to medical situations, public safety and home security;
  10. Grouped notifications — Rather than having long lists of notifications on the lock screen, iOS 12 now groups notifications by app so users can quickly go through them based on priority;
  11. OAuth verification — Open Authentication (OAuth) allows users to verify and connect to third-party apps without releasing their password; and
  12. Device support — iOS 12 will be available on older devices, so IT teams can save time and cost by using their existing devices.

In addition to the upgraded devices Apple announced on Sept. 12 that will come preloaded with the new OS, iOS 12 will be available on the following previously released devices:

iPhone

iPad

iPhone X

12.9-inch iPad Pro 2nd generation

iPhone 8

12.9-inch iPad Pro 1st generation

iPhone 8 Plus

10.5-inch iPad Pro

iPhone 7

9.7-inch iPad Pro

iPhone 7 Plus

iPad 6th generation

iPhone 6s

iPad 5th generation

iPhone 6s Plus

iPad Air 2

iPhone 6

iPad Air

iPhone 6 Plus

iPad mini 4

iPhone SE

iPad mini 3

iPhone 5s

iPad mini 2

Are You Ready for the iOS 12 Update?

With all the new features associated with iOS 12, many IT teams are preparing to upgrade user devices. With a UEM solution, IT teams can take advantage of all the management capabilities they need to make sure their users are productive, secure and compliant with corporate policies. An advanced UEM solution with day-zero support for iOS 12 and other enterprise integrations with Apple can take the guesswork out of managing devices.

To make sure you’re ready to take advantage of the latest and greatest features iOS 12 has to offer, join us for a live webinar on Sept. 27 at 11 a.m. EST.

The post 12 New iOS 12 Features That Promise to Enhance Enterprise Device Management appeared first on Security Intelligence.

Could the Photos You’re Sharing Online Be Putting Your Child at Risk?

sharing photos risksConfession time. I’m a mom that is part of the problem. The problem of posting photos of my kids online without asking for their permission and knowing deep down that I’m so excited about sharing, I’m not paying much attention at all to the risks.

Why do I do it? Because I’m madly in love with my two wee ones (who aren’t so wee anymore). Because I’m a proud parent who wants to celebrate their milestones in a way that feels meaningful in our digital world. And, if I’m honest, I think posting pictures of my kids publically helps fill up their love tank and remind them they are cherished and that they matter. . . even if the way I’m communicating happens to be very public.

Am I that different than most parents? According to a recent McAfee survey, I’m in the majority.

Theoretically, I represent one of the 1,000 interviewed for McAfee’s recent Age of Consent survey* that rendered some interesting results.

Can you relate?

  • 30% of parents post a photo of their child to social media daily.
  • 58% of parents do not ask for permission from their children before posting images of them on social media.
  • 22% think that their child is too young to provide permission; 19% claim that it’s their own choice, not their child’s choice.

The surprising part:

  • 71% of parents who share images of their kids online agree that the images could end up in the wrong hands.
  • Parents’ biggest concerns with sharing photos online include pedophilia (49%), stalking (48%), and kidnapping (45%).
  • Other risks of sharing photos online may also be other children seeing the image and engaging in cyberbullying (31%), their child feeling embarrassed (30%), and their child feeling worried or anxious (23%).

If this mere sampling of 1,000 parents (myself included) represents the sharing attitudes of even a fraction of the people who use Facebook (estimated to be one billion globally), then rethinking the way in which we share photos isn’t a bad idea.

We know that asking parents, grandparents, friends, and kids themselves to stop uploading photos altogether would be about as practical as asking the entire state of Texas to line up and do the hokey pokey. It’s not going to happen, nor does it have to.

But we can dilute the risks of photo sharing. Together, we can agree to post smarter, to pause a little longer. We can look out for one another’s privacy, and share in ways that keep us all safe.

Ways to help minimize photo sharing risks:

  • Pause before uploading. That photo of your child is awesome but have you stopped to analyze it? Ask yourself: Is there anything in this photo that could be used as an identifier? Have I inadvertently given away personal information such as a birthdate, a visible home addresses, a school uniform, financial details, or potential passwords? Is the photo I’m about to upload something I’d be okay with a stranger seeing? sharing photos risks
  • Review your privacy settings. It’s easy to forget that when we upload a photo, we lose complete control over who will see, modify, and share that photo again (anywhere they choose and in any way they choose). You can minimize the scope of your audience to only trusted friends and family by customizing your privacy settings within each social network.  Platforms like Facebook and Instagram have privacy settings that allow you to share posts (and account access) with select people. Use the controls available to boost your family privacy.
  • Voice your sharing preferences with others. While it may be awkward, it’s okay (even admirable) to request friends and family to reign in or refrain from posting photos of your children online. This rule also applies to other people’s public comments about your vacation plans, new house, children’s names or birthdates, or any other content that gives away too much data. Don’t hesitate to promptly delete those comments by others and explain yourself in a private message if necessary.
  • Turn off geotagging on photos. Did you know that the photo you upload has metadata assigned to it that can tell others your exact location? That’s right. Many social networks will tag a user’s location when that user uploads a photo. To make sure this doesn’t happen, simply turn off geotagging abilities on your phone. This precaution is particularly important when posting photos away from home.
  • Be mindful of identity theft. Identity theft is no joke. Photos can reveal a lot about your lifestyle, your habits, and they can unintentionally give away your data. Consider using an identity theft protection solution like McAfee Identity Theft Protection that can help protect your identity and safeguard your personal information.

* McAfee commissioned OnePoll to conduct a survey of 1,000 parents of children ages one month to 16 years old in the U.S.

The post Could the Photos You’re Sharing Online Be Putting Your Child at Risk? appeared first on McAfee Blogs.

When spyware goes mainstream

Stealware.

Surveillanceware.

Stalkerware.

These are terms alternately used to effectively identify a file-based threat that has been around since 1996: spyware. More than two decades later, consumer or commercial spyware has gone mainstream, and the surprising number of software designed, openly marketed, and used for spying on people is proof of that.

Forget the government, nation-states, private agencies, and law enforcement. Normal, ordinary citizens can now wield powerful surveillance software and use it against any target they wish—all thanks to “legitimate” companies like mSpy, Retina-X, FlexiSpy, Family Orbit, TheTruthSpy, and others. While the spyware they market can be placed in the hands of employers who want to keep tabs on employees in the workplace, or in the hands of parents who want to look after their kids, it can also be placed in the hands of stalkers, abusive partners, or someone who just wants to get a leg up in the divorce proceedings.

Spyware: spotting the signs

Spyware is usually stealthy by nature—but that doesn’t mean its activities or the effects of its presence on a desktop machine, laptop, or mobile device aren’t unnoticed. Below is a rundown of common symptoms that may indicate your computing devices have spyware installed:

Desktop or laptop:

  • Computer or device sluggishness
  • Crashing (when it usually doesn’t)
  • Multiple, unexpected pop-ups
  • Changes in certain browser settings
  • Unusual redirections to sites you haven’t seen or visited
  • Difficulty logging in to secure websites
  • New browser toolbars, widgets, or apps
  • The appearance of random error messages
  • Certain browser hotkeys stop working

Mobile phone or tablet:

  • Battery runs out quicker than normal
  • The device feels warm even when not in use and not charging
  • Increased data usage/Internet activity
  • Clicking, static, echo-y, or distant voices can be heard when on a call
  • Takes a while to shut down
  • Unexplained phone charges, phone calls, and messages
  • Autocorrect features stop working correctly
  • Longer response time
  • For iPhones: Presence of the Cydia app (although there are products now that don’t require a jailbroken iPhone)
  • For iPhones: Request for Apple ID credentials

Read: IoT domestic abuse: What can we do to stop it?


Spying is caring?

While many of us wrinkle our noses in disgust at spyware, some well-intentioned individuals see the good in planting and using such software in the devices of their loved ones. As mentioned earlier, parents (for example) want to stay in touch with their kids who are out and about. Sometimes just knowing where they are when Mom or Dad checks up on them—of course, they aren’t going to pick up the phone—can help them go about their day a little easier.

If you are already considering or using commercial spyware to “keep an eye” on your kids, we suggest you ask yourself the following questions:

Will I be/Am I breaking any laws?

You are if the following qualifications are true:

The states of Iowa and Washington criminalize some forms of spyware.

Even spyware developers have the Software Principles Yielding Better Levels of Consumer Knowledge (or the SPY BLOCK Act), the Securely Protect Yourself Against Cyber Trespass (or the SPY ACT), and the Internet Spyware Prevention Act (or The I-SPY Act) to contend with.

Have I already looked for better alternatives?

Almost every “legitimate” spy software in the market wears the slogan “completely undetectable,” or a variant of it. As we always say, if it sounds too good to be true, it probably is. Not only is spyware often detectable (see symptoms above), it’s also intruding on privacy. Instead of installing spyware, look for alternative apps that can help you monitor your loved one’s locations without snooping on their other stuff like messages and calls. If you’re an iPhone user, take advantage of Find My Friends. For Android users, you can use Trusted Contacts.

Do I know how these companies treat my target’s information?

“Carelessly” is probably the first word that comes to mind. Just look at the number of breaches that have happened against spyware companies in the last 18 months. Not only that, hackers who claim to target these companies consistently state that the data they siphoned from spyware targets aren’t encrypted at all.

How would I feel if I were in their shoes?

Monitoring a loved one isn’t inherently wrong in and of itself, but doing so without their consent is, even if it’s well-intentioned. This is why it’s so essential for all individuals involved to ask for and give consent when it comes to installing monitoring apps on devices. This doesn’t just apply to the parent-child dynamic.

Of course, for parents of pre-teens, many feel and believe that consent is optional, so they exercise their tough love on the young ones for a little while longer for their own protection and safety. As long as monitoring doesn’t (and shouldn’t) replace a healthy communication between parent or carer and child, this is fine. Parents of teens, on the other hand, may have to reassess their monitoring practices. Perhaps it’s time they sit down with the kids and talk to them about it.

Spying on someone without them knowing sucks. And when they do find out, even if you mean well, the damage caused by the invasion of privacy and breach of trust could be rather hard to undo.

Whether you think it’s beneficial or not to use spyware doesn’t change the fact that it’s still classified as malware, and malware—regardless of the law—isn’t something that should typically be found installed on computing devices of average users.

Stay safe, everyone!

The post When spyware goes mainstream appeared first on Malwarebytes Labs.

Trending: IoT Malware Attacks of 2018

Since January 1st of 2018, a barrage of cyberattacks and data breaches have hit almost every industry, targeting businesses large and small, many of which are now from IoT devices. By 2025, it is estimated that there will be approximately 75 billion connected devices around the world. With more IoT devices ­–from wearables and pacemakers to thermometers and smart plugs–on the market and in the home, cybercriminals are keen to leverage them in attacks. This heightened interest is due to the vulnerabilities in many IoT devices, not to mention their ability to connect to each other, which can form an IoT botnet.

In a botnet scenario, a network of internet-connected devices is infected with malware and controlled without the users’ knowledge, in order to launch ransomware and DDoS attacks (distributed denial-of-service). Once unleashed, the consequences of botnet attacks can be devastating. This possible reality sounds like the plot of a science fiction movie, one which we hypothesized in our 2018 Threats Prediction Report. As we head into this year’s final months, we take a look at how this year’s threats compared to our predictions for you, the consumer.

At the end of 2017, we predicted that the convenience and ease of a connected home could lead to a decrease in privacy. Our devices already transmit significant data, with or without the knowledge of the consumer, back to the corporations the devices are made. This unprecedented access to consumer data is what is driving cybercriminals to become more familiar with IoT botnet attacks. Just in 2018 alone, we’ve seen smart TVs, virtual assistants, and even smart plugs display detrimental security flaws that could be exploited by bad actors. Some IoT devices were used to facilitate botnet attacks, like an IoT thermometer and home Wi-Fi routers. In 2017, these security concerns were simply predictions- but now they are very much a reality. And while the window to get ahead of these attacks is closing, consumers need to be prepared in case your IoT devices go haywire.

Be the difference in your home when it comes to security and IoT devices. Protect both you and your family from these threats with these tips:

  • When buying an IoT device, make security a priority. Before your next IoT purchase, do your research. Prioritize purchasing devices that have been on the market for a while, have a name brand, or have a lot of online reviews. If you follow this protocol, the chances are that the device’s security standards will be higher, due to being vetted by the masses.
  • Change default device passwords. As soon as you bring a new device into your home, change the password to something difficult to guess. Cybercriminals often know the default settings and can use them to access your devices. If the device has advanced security options, use them.
  • Keep your software up-to-date. To protect against potential vulnerabilities, manufacturers often release software updates. Set your device to auto-update, if possible, so you always have the latest software.
  • Use a comprehensive security program. It’s important to think about security holistically. Not all IoT devices are restricted to the home; many are mobile (such as smart watches). If you’re out and about, you may need to connect to an unsecured network – say an airport with public Wi-Fi. Your kids may have devices. The scenarios may be different, but the risk is the same. Protect your network of connected devices no matter where you are and consider a suite of security products to protect what matters.

Interested in learning more about IoT and mobile security tips and trends? Stop by ProtectWhatMatters.online, and follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Trending: IoT Malware Attacks of 2018 appeared first on McAfee Blogs.

New BondPath Android Spyware Retrieves Chat Data From Messaging Apps

Researchers uncovered an Android spyware family called BondPath that is capable of retrieving chats from several mobile messaging apps while spying on other types of information.

BondPath has been around since May 2016, but in July 2018, researchers at Fortinet observed that some samples were still in the wild. Those specimens masqueraded as “Google Play Store Services,” an application signed by an unknown developer known only as “hola.” The name of this malicious application is intentionally similar to Google Play Services, the title of the process Google uses to update Android apps from the Play Store.

Upon successful execution, BondPath assumes the ability to steal an infected device’s browser history, call logs, emails and SMS messages. But a few less frequently used capabilities made BondPath stand out to the researchers, such as its ability to monitor an infected smartphone’s battery status. It could also steal chats from WhatsApp, Skype, Facebook, Line and other mobile messaging apps.

The Rise and Fall of Spyware

According to Verizon’s “2018 Data Breach Investigations Report,” spyware and keylogger malware were involved in 121 security incidents and 74 data breaches in 2017. This threat category increased its activity during the second half of 2017 and the beginning of 2018, yielding a 56 percent increase in detections during the first quarter of 2018, according to Malwarebytes. Spurred in part by a series of large attack campaigns pushing Emotet, Malwarebytes named spyware as the top detected business threat for the quarter.

Near the end of the first quarter, spyware activity declined significantly. It continued falling throughout the second quarter, ultimately decreasing by 40 percent, according to Malwarebytes. In that span of time, TrickBot was the most prevalent form of spyware after it added the ability to hijack cryptocurrency earlier in the year.

How to Protect Against Mobile Threats

To defend their organizations against BondPath and similar mobile threats that originate in official app stores, security teams should keep applications and operating systems running at the current patch level, verify the legitimacy of unsolicited email attachments through a separate channel, and monitor their IT environment for the indicators of compromise (IoCs) listed in the IBM X-Force Exchange threat advisory.

Sources: Fortinet, Verizon, Malwarebytes, Malwarebytes(1)

The post New BondPath Android Spyware Retrieves Chat Data From Messaging Apps appeared first on Security Intelligence.

Back to School: 5 Cybersecurity Habits to Teach Your Kids

With back-to-school time already here, cybersecurity should be at the forefront of every parent’s mind. Kids are exposed to more devices – both in the classroom and at home. While their school may already be taking precautions to protect their data while they’re in the classroom, and many of their personal phones have parental controls on them, there’s still more to teach them. This is especially the case with the rise of IoT devices and wearables aimed at kids – such as low-cost smart watches – which often skimp on a basic layer of security to make them affordable. So while the cost is low, the risk of them being vulnerable to attacks is high.

Kids, in particular, are easy targets for cybercriminals because they lack awareness of tell-tale warning signs that something is off when browsing the web. Cybercriminals can also hone in on where kids are the most vulnerable and unassuming online -think chat rooms, online video games, and social media.

To get ahead of this, it’s worth being proactive about teaching your kids online safety habits so that when they do encounter a new device, network, or challenge, they have a set of safety habits in place to make smart digital decisions.

Here are some 5 cybersecurity habits to teach your kids about cyberthreats and sharing online to start practicing:

  1. Know where your devices are at all times. Kids are notorious for leaving or forgetting their belongings. It’s vital to teach your kids to be extra careful about not leaving their devices unattended. Bad actors are always on the lookout to steal devices because when they get one, they have unlimited access to personal information.  Teach your kids the importance of keeping their mobile device in a secure place.
  2. Beware of what you’re clicking on. Teach your kids what “phishing” means and help them understand what “phishy” links or messages might look like across email or social media. One accident could lead to a case of stolen identity.
  3. Keep your social media in check. Social media can be fun, but it’s also a source of concern. Teach your kids not to accept friend requests or followers if they don’t personally know them.  Also, keep a close eye on all your child’s accounts and set their privacy settings to the highest level possible to avoid compromising data. Turn off location services on all their devices so people can’t track them. Similarly, teach them not to give out their location when they are posting so people can’t follow them to a real-world location.
  4. When it comes to passwords, sharing isn’t caring. Kids love to chat. Teach your kids that passwords are private and should be kept to themselves unless there is family involved. It is also important to teach them to set up a unique, unbreakable password (i.e. not using their name and changing the factory settings on new purchases). Lastly, start imprinting the habit of changing passwords every so often so it’ll stick with them their entire lives.
  5. Stay on a secure network. If your child can connect to Wi-Fi, teach them the importance of finding a secure network to avoid unnecessary vulnerabilities.

By starting these conversations early and teaching your kids or teens these basic tips, they’ll be set up for success and over time, can learn to turn these regular safety habits.

Interested in learning more about IoT and mobile security tips and trends? Stop by ProtectWhatMatters.online, and follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Back to School: 5 Cybersecurity Habits to Teach Your Kids appeared first on McAfee Blogs.

College Bound? 7 Important Technology Habits for Students

You’ve loved, shaped, and equipped your child to succeed in college and move in day is finally here.  But there’s still one variable that can turn your child’s freshman year upside down, and that’s technology.

That’s right, that essential laptop and indispensable smartphone your child owns could also prove to be his or her biggest headache if not secured and used responsibly. College students can be targets of identity theft, malware, online scams, credit card fraud, property theft, and internet addiction.

The other part of this new equation? You, parent, are no longer in the picture. Your child is now 100% on his or her own. Equipping time is over. Weekly tech monitoring and family chats are in the rearview mirror. Will they succeed? Of course, they will. But one last parenting chat on safety sure can’t hurt. Here are a couple of reminders to share with your college-bound kids.

7  Technology Habits for Students

1. Minimize use of public computers. Campuses rely on shared computers. Because campus networks aren’t always secure, this can open you up to identity theft. If you have to log on to a public computer be it a cafe, library, or lab, be sure to change any passwords each time you return. If you are working with a study group, don’t share passwords. Public devices can be prone to hackers seeking to steal login credentials and credit card numbers. If you do use public devices, get in the habit of browsing in the privacy mode. Clear browser history, cookies, and quit all applications before logging off.

2. Beware when shopping online. Online shopping is often the easiest way for students to purchase essentials. Be sure to use a secure internet connection when hitting that “purchase” button. Reputable sites encrypt data during transactions by using SSL technologies. Look for the tiny padlock icon in the address bar or a URL that begins with “https” (the “s” stands for secure) instead of “http.” Examine the site and look for misspellings, inconsistencies. Go with your instincts if you think a website is bogus, don’t risk the purchase. Online credit card fraud is on the rise, so beware.

3. Guard your privacy. College is a tough place to learn that not all people are trustworthy — even those who appear to be friends. Sadly, many kids learn about online theft the hard way. Never share passwords, credit card numbers, or student ID numbers. Be aware of shoulder surfing which is when someone peers over your shoulder to see what’s on your computer screen. Avoid leaving computer screens open in dorm rooms or libraries where anyone can check your browsing history, use an open screen, or access financial information. Also, never lend your laptop or tablet to someone else since it houses personal information and make sure that all of your screens are password protected.

4.  Beware of campus crooks. Thieves troll college campuses looking for opportunities to steal smartphones, laptops, wearables, and tablets for personal use or resale. Don’t carry your tech around uncased or leave it unguarded. Conceal it in a backpack. Even if you feel comfortable in your new community, don’t leave your phone even for a few seconds to pick up your food or coffee at a nearby counter. If you are in the library or study lab and need a bathroom break, take your laptop with you. Thieves are swift, and you don’t want to lose a semester’s worth of work in a matter of seconds.

5. Use public Wi-Fi with caution. Everyone loves to meet at the coffee shop for study sessions — and that includes hackers. Yes, it’s convenient, but use public Wi-Fi with care. Consider using VPN software, which creates a secure private network and blocks people from accessing your laptop or activity. To protect yourself, be sure to change your passwords often. This is easy if you use a free password manager like True Key.

6. Social media = productivity killer. Be aware of your online time. Mindless surfing, internet games, and excessive video gaming with roommates can have an adverse effect on your grades as well as your mental health.  Use online website blockers to help protect your study time.

7. Social media = career killer. We can all agree: College is a blast. However, keep the party photos and inappropriate captions offline. Your career will thank you. Remember: Most everything you do today is being captured or recorded – even if you’re not the one with the camera. The internet is forever, and a long-forgotten photo can make it’s way back around when you least expect it.

8. Don’t get too comfortable too fast. Until you understand who you can trust in your new community, consider locking your social media accounts. Disable GPS on mobile apps for security, don’t share home and dorm addresses, email, or phone numbers. While it may be the farthest thing from your mind right now — campus stalking case are real.

toni page birdsong

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her onTwitter @McAfee_Family. (Disclosures)

The post College Bound? 7 Important Technology Habits for Students appeared first on McAfee Blogs.

Back to School: Cybersecurity in the Classroom

It’s hard to believe that summer is coming to an end and that back-to-school time is around the corner. For some kids, that means cyberbullies are traded in for school bullies and social engagement will turn into in-person interactions. But for others — dubbed Extreme Internet Users — the screen stays. When it comes time to go back to the classroom, the six hours or more a day these kids spent online during summer may be curtailed in favor of educational screen time instead.

Every year around this time, I reflect on how much has changed for children, especially when it comes to mobile devices in the classroom. This trend has become increasingly popular and, on the rise, as technology has improved, education adapts to rapid changes, and our world becomes more interconnected. Either these devices are given to kids or their classrooms by their school, or parents are encouraged to purchase one for their child to help support internet research and to digitize note-taking and homework.

Regardless of whether you’re a technophile or technophobe when it comes to leveraging screens in education, one thing is for sure – their presence in learning environments is here to stay. And with this shift, security is of the utmost importance.

Since January 2016, there have been 353 cybersecurity incidents in the United States related to K-12 public schools and districts. These attacks range include phishing, ransomware, DoS attacks and breaches that have exposed personal data. However, the question – what motivates cybercriminals to target schools? – still persists. The answer is complex, because what cybercriminals could exploit depends on what they want to accomplish.  Extorting school faculty, hacking private student data, disrupting school operations, or disabling, compromising, or re-directing school technology assets are all regular tools of the trade when it comes to hacking schools.

You may not be able to control how your child’s school thinks about cybersecurity, but you can take matters into your own hands. There are steps you can take to make sure your child is ready to face the school year head-on, including protecting their devices and their data.

  • Start a cybersecurity conversation. Talk with school faculty about what is being done in terms of a comprehensive cybersecurity plan for your child’s school. It’s worth starting the conversation to understand where the gaps are and what is being done to patch them.
  • Install security software on all devices. Don’t stop at the laptop, all devices need to be protected with comprehensive security software, including mobile devices and tablets.
  • Make sure all device software is up-to-date. This is one of the easiest and best ways to secure your devices against threats.
  • Teach your child how to connect securely on public Wi-Fi networks. Public Wi-Fi networks are notoriously used as backdoors by hackers trying to gain access to personal information. If Wi-Fi is absolutely necessary, ensure the network is password protected. However, if you want a secure encrypted connection, consider using a virtual private network (VPN).
  • Designate a specific date and time for regular data back-ups. If ransomware hits, you won’t have to pay to get your child’s information back. You can back up that personal data to a physical external hard drive or use an online backup service, such as Dropbox or Google Drive. That way you can access your files even if your device gets compromised.
  • Understand your child’s school bring your own device (BYOD) policy. Each school is different when it comes to BYOD and understanding your child’s school policy will save you a headache down the road. Some schools buy devices for students to rent, with parents having to pay for any incidentals, and some ask parents to buy the devices outright. Take the time to understand your child’s school policy before accidents happen.

Interested in learning more about IoT and mobile security tips and trends? Stop by ProtectWhatMatters.online, and follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Back to School: Cybersecurity in the Classroom appeared first on McAfee Blogs.

Too Much Tech: 4 Steps to Get Your Child to Chill on Excessive Snapchatting

We were in the midst of what I believed to be an important conversation.

“Just a sec mom,” she said promptly after a Snapchat notification popped up on her iPhone.

She stopped me mid-sentence, puckered her lips, rolled her eyes, typed a few lines of copy, and within three seconds, my teenage daughter Snapchatted a few dozen friends.

“Sorry, mom, what were you saying?” she turned back toward me her face void of any trace of remorse.

It was clear: Snapchat had far more influence than I, the parent, and it was time to make some serious changes.

Imbalance of Power

It’s obvious the power apps hold over our lives. In fact, in an attempt to encourage responsible app use, Facebook and Instagram recently announced it would implement tools allowing users to track how much time they spend on the apps. This mom is hoping Snapchat will follow suit.

Since its inception in 2011, Snapchat has become one of the most popular apps with an estimated 187 daily active users. A 2017 study released by Science Daily found that 75% of teens use Snapchat. But it’s not the only app winning our kids affections:

  • 76 percent of American teens age 13-17 use Instagram.
  • 75 percent of teens use Snapchat.
  • 66 percent of teens use Facebook.
  • 47 percent of teens use Twitter.
  • Fewer than 30 percent of American teens use Tumblr, Twitch, or LinkedIn.

If you have a teen, you understand the dilemma. We know that social ties are essential to a teen’s psychological well-being. We also know that excessive time online can erode self-esteem and cause depression. We can’t just yank our child’s favorite app, but we also can’t let it run in the background of our lives 24/7, right?

What we can do is take some intentional steps to help kids understand their responsibility to use apps in healthy, resilient ways. In our house, taking that step meant addressing — and taming — the elephant in the room: Snapchat. Here are a few things that worked for us you may find helpful.

4 Steps to Help Curb Excessive Snapchatting

  1. Strive for quality relationships. With so much more information available on the downside of excessive social media use, it’s time to be candid with our kids. Excessive “liking,” carefully-curated photos, and disingenuous interactions online are not meaningful interactions. Stress to kids that nothing compares to genuine, face-to-face relationships with others.
  2. Zero phone zones. This is a rule we established after one too many snaps hijacked our family time. We agreed that when in the company of others — be it at home, in the car, in a restaurant, at church, at a relative’s house — all digital devices get turned facedown or put in a pocket. By doing this, we immediately increased opportunities for personal connection and decreased opportunities for distraction. This simple but proven strategy has cut my daughter’s Snapchat time considerably.
  3. Establish a Snapchat curfew. Given the opportunity, teens will Snapchat until the sun comes up. Don’t believe me? Ask them. If not for the body’s physical need for sleep, they’d happily Snapchat through the night. Consider a curfew for devices. This rule will immediately begin to wean your child’s need to Snapchat around the clock.
  4. Track Snapchat time. Investing in software such as McAfee® Safe Family is an option when trying to strike a healthy tech balance. The software will help with time limits, website filtering, and app blocking. There is also helpful time tracking apps. For the iPhone, there’s Moment, and for Android, there’s Breakfree. Both apps will track how much time you spend on your phone. Seeing this number — in hours — can be a real eye-opener for both adults and kids.

    toni page birdsongToni Birdsong is a Family Safety Evangelist to McAfee. You can find her onTwitter @McAfee_Family. (Disclosures)

The post Too Much Tech: 4 Steps to Get Your Child to Chill on Excessive Snapchatting appeared first on McAfee Blogs.

Family Matters: How to Help Kids Avoid Cyberbullies this Summer

The summer months can be tough on kids. There’s more time during the day and much of that extra time gets spent online scrolling, surfing, liking, and snap chatting with peers. Unfortunately, with more time, comes more opportunity for interactions between peers to become strained even to the point of bullying.

Can parents stop their kids from being cyberbullying completely? Not likely. However, if our sensors are up, we may be able to help our kids minimize both conflicts online and instances of cyberbullying should they arise.

Be Aware

Summer can be a time when a child’s more prone to feelings of exclusion and depression relative to the amount of time he or she spends online. Watching friends take trips together, go to parties, hang out at the pool, can be a lot on a child’s emotions. As much as you can, try to stay aware of your child’s demeanor and attitude over the summer months. If you need help balancing their online time, you’ve come to the right place.

Steer Clear of Summer Cyberbullies 

  1. Avoid risky apps. Apps like ask.fm that allow outsiders to ask a user any question anonymously should be off limits to kids. Kik Messenger and Yik Yak are also risky apps. Users have a degree of anonymity with these kinds of apps because they have usernames instead of real names and they can easily connect with profiles that could be (and often are) fake. Officials have linked all of these apps to multiple cyberbullying and even suicide cases.
  2. Monitor gaming communities. Gaming time can skyrocket during the summer and in a competitive environment, so can cyberbullying. Listen in on the tone of the conversations, the language, and keep tabs on your child’s demeanor. For your child’s physical and emotional health, make every effort to help him or her balance summer gaming time.
  3. Make profiles and photos private. By refusing to use privacy settings (and some kids do resist), a child’s profile is open to anyone and everyone, which increases the chances of being bullied or personal photos being downloaded and manipulated. Require kids under 18 to make all social profiles private. By doing this, you limit online circles to known friends and reduces the possibility of cyberbullying.
  4. Don’t ask peers for a “rank” or a “like.” The online culture for teens is very different than that of adults. Kids will be straightforward in asking people to “like” or “rank” a photo of them and attach the hashtag #TBH (to be honest) in hopes of affirmation. Talk to your kids about the risk in doing this and the negative comments that may follow. Remind them often of how much they mean to you and the people who truly know them and love them.
  5. Balance = health. Summer means getting intentional about balance with devices. Stepping away from devices for a set time can help that goal. Establish ground rules for the summer months, which might include additional monitoring and a device curfew.

Know the signs of cyberbullying. And, if your child is being bullied, remember these things:

1) Never tell a child to ignore the bullying. 2) Never blame a child for being bullied. Even if he or she made poor decisions or aggravated the bullying, no one ever deserves to be bullied. 3) As angry as you may be that someone is bullying your child, do not encourage your child to physically fight back. 4) If you can identify the bully, consider talking with the child’s parents.

Technology has catapulted parents into arenas — like cyberbullying — few of us could have anticipated. So, the challenge remains: Stay informed and keep talking to your kids, parents, because they need you more than ever as their digital landscape evolves.

toni page birdsong

 

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures).

The post Family Matters: How to Help Kids Avoid Cyberbullies this Summer appeared first on McAfee Blogs.

Are Fake Apps Taking Over Your Phone?

It seems some malicious app developers have taken the phrase “fake it ‘til you make it” to heart, as fake apps have become a rampant problem for Android and iPhone users alike. Even legitimate sources, such as Google Play and Apple’s App Store, have been infiltrated with illegitimate applications, despite their own due diligence in combating this phenomenon.

After downloading a fake app, cybercriminals leverage ransomware or malware through ads to run in the background of your device to do damage, making it difficult to notice something’s off. But while you’re minding your own business, your personal data –such as usernames, photos, passwords, and credit card information– can be compromised.

Malicious apps have become more challenging to detect, and even more difficult to delete from a device without causing further damage. The trend of fake apps shows no sign of slowing down either, as bad actors have become more brazen with the apps they work to imitate. From Nordstrom to Fortnite to WhatsApp, it seems no business or industry is off limits.

Luckily, cybercriminals have yet to figure out a sure-fire way to get their fake apps onto our devices. By paying extra attention to detail, you can learn to identify a fake app before downloading it. Here’s how:

  • Check for typos and poor grammar. Double check the app developer name, product title, and description for typos and grammatical errors. Malicious developers often spoof real developer IDs, even just by a single letter, to seem legitimate. If there are promises of discounts, or the description just feels off, those signals should be taken as red flags.
  • Look at the download statistics. If you’re attempting to download a popular app like WhatsApp, but it has an inexplicably low number of downloads, that’s a fairly good indicator that an app is most likely fraudulent.
  • Read what others are saying. When it comes to fake apps, user reviews are your ally. Breezing through a few can provide vital information as to whether an app is authentic or not, so don’t be afraid to crowdsource those insights when you can.

If you do find yourself having accidentally downloaded a fake app, there are steps you can take to rid your phone of it. Here’s what to do:

  • Delete the app immediately or as soon as you notice anything suspicious. If you can’t find it, but you’re still having issues, the app could still be on your device. That’s because, in the interest of self-preservation, fake apps can try and protect themselves from disposal by making their icon and title disappear. If that happens, go to your installed apps page(s) and look for blank spaces, as it may be hiding there.
  • Check the permissions. After installation, check the app’s permissions. Fake apps usually give long lists of frivolous requests in an effort to get access to more data.
  • Clear the app’s cache and data. If you do find the app you want to delete, this is the first step you must take in order to get the app completely off your phone.
  • Take it into your provider. If you’re still having issues after you’ve deleted an app, consider taking your device into your provider to run a diagnostic test.
  • Factory reset. As a last resort, if you can’t find the app because it has “disappeared,” or traces of the app and malware linger, the best way to ensure it is completely gone is to wipe the data, factory reset your device, and start over. This is why it is vital to have backups of your devices.

Even as this ever-growing trend of malicious developers spoofing legitimate applications to gain access to victims’ personal information continues, we can deter their advances simply by paying closer attention to detail. Remember to be vigilant about being aware of the signs to avoid fake apps at all costs.

Interested in learning more about IoT and mobile security tips and trends? Stop by ProtectWhatMatters.online, follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Are Fake Apps Taking Over Your Phone? appeared first on McAfee Blogs.

iPhone Users: This Mobile Malware Could Allow Cybercriminals to Track Your Location

The iPhone and many of the apps designed to live on the device have the ability to track our location. Whenever they set up these apps, however, users get the option to opt in or out of location tracking services. But what happens when a malicious campaign doesn’t give users the option to opt of having their location tracked by cybercriminals? In fact, just this week, it has been discovered that iPhone users may be faced with that very possibility, as a sophisticated mobile malware campaign is gaining access to devices by tricking users into downloading an open-source mobile device management (MDM) software package.

First, let’s back up – how does a mobile device management software package work, exactly? Well, according to Continuum, Mobile device management (MDM) is a type of software used by an IT department to monitor, manage, and secure employees’ mobile devices. Therefore, once hijacked by hackers, this software could be used to gain almost complete access to a mobile device.

So, with this malicious MDM campaign, cybercriminals can gain access to a device and steal various forms of sensitive information, including the phone number, serial number, location, contact details, user’s photos, SMS messages, and Telegram and WhatsApp chat messages.

As of now, it’s not entirely clear how this campaign is being spread – though many signs point to social engineering. So, given the information we do know – the next question is what should iPhone users do next to stay secure? Start by following these tips:

  • Keep up-to-date on the latest social engineering scams. It’s important you stay in the loop so you know what scams to look out for. This means reading up the latest security news and knowing what’s real and what’s fake when it comes to random emails, phone calls, and text messages.
  • Turn off location services. It’s one thing for a cybercriminal to have ahold of your data, but it’s another thing entirely if they have the ability to track your location. This hack could not only impact your digital security but your physical security as well. So, turn off the location services immediately on your phone – that way if they gain access to your device, they won’t be able to track you.
  • Use a mobile security solution. As schemes like this MDM campaign continue to impact mobile users, make sure your devices are prepared for any threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post iPhone Users: This Mobile Malware Could Allow Cybercriminals to Track Your Location appeared first on McAfee Blogs.

Google Play Users Risk a Yellow Card With Android/FoulGoal.A

This blog post was co-written by Irfan Asrar.

English soccer fans have enthusiastically enjoyed the team’s current run in the World Cup, as the tune “Three Lions” plays in their heads, while hoping to end 52 years of hurt. Meanwhile a recent spyware campaign distributed on Google Play has hurt fans of the beautiful game for some time. Using major events as social engineering is nothing new, as phishing emails have often taken advantage of disasters and sporting events to lure victims.

“Golden Cup” is the malicious app that installs spyware on victims’ devices. It was distributed via Google Play, and “offered” the opportunity to stream games and search for records from the current and past World Cups. McAfee Mobile Security identifies this threat as Android/FoulGoal.A; Google has removed the malicious applications from Google Play.

Once Golden Cup is installed it appears to be a typical sporting app, with multimedia content and general information about the event. Most of this data comes from a web service without malicious activity. However, in the background and without user consent the app silently transfers information to another server.

Data captured

Golden Cup captures a considerable amount of encrypted data from the victim’s device:

  • Phone number
  • Installed packages
  • Device model, manufacturer, serial number
  • Available internal storage capacity
  • Device ID
  • Android version
  • IMEI, IMSI

This spyware may be just the first stage of a greater infection due to its capability to load dex files from remote sources. The app connects to its control server and tries to download, unzip, and decrypt a second stage.

Android/FoulGoal.A detects when the screen is on or off and records this in its internal file scrn.txt, with the strings “on” or “off” to track when users are looking at their screens:

The Message Queuing Telemetry Transport protocol serves as the communication channel between the device and the malicious server to send and receive commands.

Data encryption

User data is encrypted with AES before it is sent to the control server. Cryptor class provides the encryption and decryption functionality. The doCrypto function is defined as a common function. As the first parameter of the function, “1” represents encryption and “2” is decryption mode:

The encryption key is generated dynamically using the SecureRandom function, which generates a unique value on the device to obfuscate the data. The addKey function embeds the encryption key into the encryption data. The data with the key is uploaded to the control server.

We believe the malware author uses this AES encryption technique for any information to be uploaded to escape the detection by Google Bouncer and network inspection products.

Our initial analysis suggests there were at least 300 infections, which we suspect occurred between June 8‒12, before the first World Cup matches began.

The second round

The second phase of the attack leverages an encrypted dex file. The file has a .data extension and is downloaded and dynamically loaded by the first-stage malware; it is extracted with the same mechanism used to upload the encrypted files. The location of the decryption key can be identified from the size of the contents and a fixed number in the first-stage malware.

After decryption, we can see out.dex in zipped format. The dex file has spy functions to steal SMS messages, contacts, multimedia files, and device location from infected devices.

The control server in second stage is different from the first stage’s. The encryption methodology and the server folder structures on the remote server are identical to the first stage.

We found one victim’s GPS location information and recorded audio files (.3gp) among the encrypted data on the control server.

Variants

We have also discovered two other variants of this threat created by the same authors and published to Google Play as dating apps. Although all the apps have been removed from Google Play, we still see indications of infections from our telemetry data, so we know these apps are active on some users’ devices.

Our telemetry data indicates that although users around the world have downloaded the app, the majority of downloads took place in the Middle East, most likely as a result of a World Cup–themed Twitter post in Hebrew directing people to download the app for a breakdown of the latest events.

McAfee Mobile Security users are protected against all the variants of this threat, detected as   Android/FoulGoal.A.

The post Google Play Users Risk a Yellow Card With Android/FoulGoal.A appeared first on McAfee Blogs.

Time to Take a Good, Hard Look at Your Cybersecurity Health

What happens when your livelihood is at stake, thanks to someone stealing your identity or draining your account? The real-life possibilities are nerve-wracking, to say the least. The constant barrage of cyberthreats we face as consumers today is exhausting. Just this month, two major situations were revealed.  A Florida marketing firm, Exactis, had their database on a publicly accessible server. The information exposed ranged from phone numbers, home, and email addresses to the number, age, and gender of a customer’s children. As of now, social security numbers and credit card data have not been leaked. However, what makes this breach particularly anxiety-inducing is that now cybercriminals have the ability to improve the success rate of socially engineered attacks. For example, phishing attacks could become rampant through social media and email.

To add insult to injury, last week, researchers found a way to discover everything you type and read on your phone simply by studying the differing power levels of a smart battery. By implanting a micro-controller into a phone’s battery, they could record the power flowing in and out of the device. Then, with the use of AI, power flows were matched with specific keystrokes. Using this technique, the researchers proved that cybercriminals could record passwords, monitor website activity, access call records, and know the last time the camera was used. Smart batteries are attractive targets because they are not as secure as your phone. In fact, they expose all personal data. While the possibilities are stressful, the good news is that this attack remains theoretical.

The seemingly endless string of security events and the stress they cause can take a serious toll on our well-being. While we can’t prevent breaches from occurring, it’s important to remember that we can be prepared to take the right steps to minimize any damage when one hits. Whether we’re dealing with the repercussions of a data breach, or adapting to new vulnerabilities, developing positive security habits can help improve and maintain your digital health. Taking care of your mobile devices to ensure they remain secure – and therefore optimally functional – is like taking care of your own well-being; to maintain cybersecurity health, you have to perform basic upkeep.

To help you prepare in advance for the next data breach and ensure your device remains in good cybersecurity health, here are some habits you should consider picking up, stat:

  • Be aware of your surroundings. Mindfulness is a habit that can be developed, provides almost instant results, can support longevity, general awareness and well-being. We can learn a lot from mindfulness when it comes to cybersecurity. By taking a little bit of time to be aware of our surroundings, we can prevent vulnerabilities and potential threats simply by paying attention.
  • Set up alerts. Just like going to a doctor regularly for check-ups, you should “check-up” on your accounts. Not all data breaches expose financial data, but personal data that is leaked can still be used to access your financial accounts. Talk with your bank or financial planner about setting up a fraud alert on your cards to maintain control of your accounts.
  • Stay away from untrustworthy emails or messages. The mantra “no bad vibes” is surprisingly full of wisdom. Ridding your life of energy suckers and toxic people supports health – and the same goes for malicious messages. If you see a suspect item from an unknown source in your inbox or via a direct message or comment on social media, do not click on the message. If you do open it, be sure not to click on any links. To be safe, delete the email or message altogether.
  • Avoid public Wi-Fi when possible. Just as sleep is a panacea of sorts that helps to fight off bugs, giving your phone a break from public Wi-Fi is one of the best things you can do to ensure your cybersafety. The use of public Wi-Fi can offer cybercriminals a backdoor into your phone. By spoofing a legitimate website, they can gain access to your sensitive information. Give your device a much-needed break until you can use Wi-Fi you trust, you’ll save yourself a serious headache.
  • Switch up your passwords. It’s been said that variety is the spice of life, the secret to a happy relationship, and a way to stay engaged and aware in old age. The same is true when it comes to your passwords. When you mix it up, you keep cybercriminals guessing. Passwords are your data’s first defense against cybercriminals. Be sure to change them every so often and never use “1234” or “password.” If remembering a difficult password or remembering a multitude of them is hard, consider using a password manager.
  • Consider investing in identity theft protection. Vitamins are excellent supplements to a healthy diet, adding in additional nutrition when and where you need it — but not meant to be taken as the sole way to maintain health. Identity theft protection can be a supplement of sorts to your already positive security habits. With McAfee Identity Theft Protection, users can take proactive steps toward protecting their identities with personal and financial monitoring and recovery tools.

The power of habit actually dictates 40% of our day. As with your body and mind, the more you create healthy, positive habits, the easier it is to maintain health. The same is true for your security “health.” The more you express safe habits, the easier it will become and the safer you will be – both in the short and long term.

Interested in learning more about IoT and mobile security tips and trends? Stop by ProtectWhatMatters.online, and follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Time to Take a Good, Hard Look at Your Cybersecurity Health appeared first on McAfee Blogs.

Cybercrime in the Spotlight: How Crooks Capitalize on Cultural Events

Every four years, everyone’s head around the globe turns toward the television. The Olympics, the World Cup – world events like these have all eyes viewing friendly competition between nations. Operating under such a big spotlight, these events have been heavily guarded by physical security to ensure no participants or attendees are harmed. But what about digital security? In 2018, many aspects of these events have become digitized, which is great for event organizers and viewers, but also for cybercriminals. In fact, reports are already circulating that hackers are targeting attendees of this year’s 2018 FIFA World Cup.

Why These Events?

The cultural value placed in these international games is precisely the reason cybercriminals target them. The more something is valued, the more people are willing to make sacrifices for it. Cybercriminals know that, and hope to capitalize on it.

In cases like the World Cup, fans may be willing to expose themselves to a more hostile environment in order to feel a part of the event. The same goes for companies that are associated with the sporting events, as they can fall victims to attacks just as individuals do.

Types of Attacks

Both innocent tourists and fans at home may have to deal with threats that result from their involvement in these events. Given the fact that internet access has increased all over the world, many tourists are vulnerable to rogue access-point attacks in public places. Attackers can use these points to harvest credentials and gain access to a victim’s device and accounts. Malware can also be placed within ATM machines, ready to rip off tourists withdrawing currency from their banks. As for fans at home, many phishing and waterhole attacks have been designed around these events to entice fans to visit malicious sites or open emails that appear to be related to the games.

However, for nation-state attacks, a lot of groundwork is done before these global events even begin. Our McAfee Labs team saw this firsthand in the period leading up to the Pyeongchang 2018 Olympic Winter Games. A nation-state hacker pretended to be a supplier to the Olympics and sent out weaponized mail to organizations of interest that contained malware developed well before the event had started.

The Implications

Whether the objective behind the threat is disruption or financial gain, these attacks all do have one thing in common — they impact the overall feeling of safety at these events and take away from what is supposed to feel like a worldwide celebration of sport.

Now, when fans wish to part of a big event such as the World Cup, they can no longer just focus on which jersey they’re wearing that day. They have to worry about their bank accounts being robbed or becoming extorted. Beyond the individual implications, the nation-state attacks that take place at these events can rear their head in an ugly way, as they can actually worsen international relations much more than a healthy sporting rivalry ever could.

So the question is – now what? On an individual level, visitors to these events must maintain overall good digital security hygiene. This means leaving unnecessary devices at home, enabling two-factor authentication, using a VPN service, and overall remaining alert and vigilant for scams.

Beyond that, we must all recognize that our physical and digital lives are converging at a fast pace, and we now have a large digital attack surface that is not yet properly safeguarded. And with both cybercriminals and nation-state actors showing such a heightened interest in global cultural events, cybersecurity must become an essential part of organizing such an event. Only then can countries host a successful and safe sporting event for everyone.

To learn more about what McAfee is doing to help face the threats to these events, be sure to follow us at @McAfee and @McAfee_Labs.

The post Cybercrime in the Spotlight: How Crooks Capitalize on Cultural Events appeared first on McAfee Blogs.

What Parents Need to Know About the Popular App Mappen

Kids love their apps but in their excitement to download the new ones, app safety often falls straight off their radar. One of those new, fun, not-so-safe apps is Mappen.

Kids, pre-teens specifically, are jumping on Mappen to connect with friends nearby and, as the app’s tagline encourages, “Make Things Happen.” The location-based app allows friends to see each other’s location, what they are doing, and make it easy to meet up. Sounds like fun except for the fact that the app is brimming with potential security flaws.

How It Works

Anyone who downloads the Mappen app can send a friend request to anyone else and begin sharing his or her location (and data) immediately. While on Mappen, friends can share updates and photos much like any other social network. Personal data that can be shared: names, birthdates, location, likes, dislikes, photos, and friend lists.

Once a user installs the app (icon, right), he or she is asked to turn on location services that must remain on to share location, see others, and post content updates. The app also asks to access a user’s full contact list before it can be used.

The Risks

While many location-based apps exist now, Mappen specifically targets tweens. Mappen’s privacy policy states clearly that it collects and shares data, which presents a privacy risk to minors who use the app.

Likewise, the location requirement to use the app poses a safety risk. This feature means anyone on your child’s friend list can see your child’s location at any time. As your child’s Mappen circle grows, so too might the chance of your child sharing his or her location and personal information with an unsafe “friend.”

Tips to Help Boost App Safety

Stay connected with your kids. The greatest risk to your child’s online safety is a strained relationship. Every family dynamic and circumstance varies, but consider doing all you can to make your relationship with your child a priority. When communication and trust are strong with your child, you will better know what’s going on in his or her life, whom their friends are, and if there’s a situation in which they might need help.

Monitor apps! The best way to know which apps your kids use and how they use them is to routinely monitor their phones. How do you do this? You do this physically and with technology. About once a week, look at your child’s phone and laptop or tablet (preferably with your son or daughter next to you), look at the display screen, examine the app icons, and ask questions. If you don’t recognize an app, click it open, or ask questions. Also, if there’s an app icon you click that asks for a password, it may be a vault app that requires a few more clicks or a conversation. Another way to monitor apps is using technology such as filtering software that will help you filter and track the content that comes into your home via your child’s devices.

Do your research, stay aware. Stay on top of trends in apps by reading this and other technology or family blogs. New apps come out all the time, and word-of-mouth among teens quickly spreads. One of the best ways to keep your kids safe online is to understand where they connect online and what risks those digital spaces may present. Potential risks to be aware of that some apps may carry potential privacy infringements, cyberbullying, pornography, phishing scams, malware, predators, and sex-related crimes.

Turn off location. Mappen, as well as other apps such as Facebook, Kik, and Snapchat, access a user’s location while using the app and even when the app is not in use. To ensure your location isn’t shared randomly, turn off location when apps are not in use. Depending on the age of your child, you may consider not allowing the use of location-based apps at all.

Say NO to random friend requests. It’s easy for criminals to create a fake profile and gain access into your child’s life. An attractive peer from a nearby town who wants to “connect” may be a catfish using another person’s identity or a predator looking to groom a vulnerable tween or teen.

Guard your child’s privacy. When your child shares personal information through an unsafe app, it opens up them up, and it opens up your entire family to risk. Often kids get comfortable online and forget — or don’t fully understand — the problem with sharing personal details. Review the importance of keeping details such as full name, school, birthdates, address, personal photos, and other family information private.

The post What Parents Need to Know About the Popular App Mappen appeared first on McAfee Blogs.

Android Users Hit With Mobile Billing Fraud Due to Sonvpay Malware

Ever hear “Despacito” on the radio? Of course you did! It was the song of 2017 – taking over radios, dance clubs, and even ringtones on our cell phones. Take Android users for instance – many even downloaded the “Despacito for Ringtone” so they could enjoy the tune anytime they received a phone call. But what they didn’t know is that they could be involved in a cyberattack, rather than just listening to their favorite song. As a matter of fact, our McAfee Mobile Research team has found a new malicious campaign, named Sonvpay, that’s impacted at least 15 apps published on Google Play – including that Despacito app.

How it works

You know how with some of your apps you can adjust the push notifications? Sometimes these notifications pop up on your screen, and other times you won’t receive any – depending on your settings. To enact its malicious scheme, Sonvpay listens for incoming push notifications that contain the data they need in order to perform mobile billing fraud – which is when extra charges get added to a user’s phone bill and can potentially line a cybercriminal’s pocket.

Once receiving the data, the crooks can perform this mobile billing fraud (either WAP and SMS fraud) by displaying a fake update notification to the user. This fake notification has only one red flag – if the user scrolls until the end, the phrase “Click Skip is to agree” appears, as seen below.

If the user clicks the only button (Skip), Sonvpay will complete its mission – and will fraudulently subscribe the user to a WAP or SMS billing service, depending on the victim’s country.

What it affects

So which Android applications contain Sonvpay? The McAfee Mobile Research team initially found that Qrcode Scanner, Cut Ringtones 2018, and Despacito Ringtone were carrying the Sonvpay, and Google promptly took them down once notified. But then more emerged, totaling up to 15 applications out there that contain Sonvpay, some of which have been installed over 50,000 times. These applications include:

Wifi-Hostpot

Cut Ringtones 2018

Reccoder-Call

Qrcode Scanner

QRCodeBar Scanner APK

Despacito Ringtone

Let me love you ringtone

Beauty camera-Photo editor

Flashlight-bright

Night light

Caculator-2018

Shape of you ringtone

Despacito for Ringtone

Iphone Ringtone

CaroGame2018

So now the next question is – what do I do if I was one of the Android users who downloaded an application with Sonvpay? How can I avoid becoming a victim of this scam? Start by following these tips:

  • Only give your apps permission to what they need. When downloading one of these applications, one user reported they noticed that the app asked for access to SMS messages. This should’ve been a red flag – why would a ringtone app need access to your texts? Whenever you download an app, always double check what it’s requesting access to, and only provide access to areas it absolutely needs in order to provide its service.
  • Always read the fine print. Before you update or download anything, always make sure you scroll through all the information provided and read through it line by line. This may feel tedious, but it could be the difference between being compromised and remaining secure.
  • Use a mobile security solution. As schemes like Sonvpay continue to impact mobile applications and users, make sure your devices are prepared for any threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Android Users Hit With Mobile Billing Fraud Due to Sonvpay Malware appeared first on McAfee Blogs.

AsiaHitGroup Returns With New Billing-Fraud Campaign

Are you tired yet of the music track “Despacito”? If you downloaded this ringtone app from Google Play, chances are your answer is a resounding Yes. But it gets worse: The McAfee Mobile Research team recently found 15 apps on Google Play that were uploaded by the AsiaHitGroup Gang. The ringtone app was one of them—downloaded 50,000 times from the official app store—that were designed to steal money from their victims. The AsiaHitGroup Gang has been active since at least 2016, attempting to charge 20,000 victims for the download of popular mobile applications containing the fake-installer app Sonvpay.A. For more analysis, see the Mobile Research team’s post.

Ordinarily we advise users to review the requested permissions before installing a mobile app, and normally this is enough. In this case, the only permission requested was access to SMS messages, and once installed the app behaved as expected. In the background, however, Sonvpay silently used the push notification service to subscribe users to premium-rate services.

This campaign displays a significant level of customization. The criminals can tailor their fraud to the country of their choosing. In our analysis we looked at mobile billing fraud targeting users in Kazakhstan, Malaysia, and Russia. In Kazakhstan victims are subscribed to a premium-rate service whereas in Malaysia and Russia they are connected to a WAP billing service. Further, the criminals recognize that in Malaysia the mobile operator sends a PIN code, so the attackers include functionality to intercept the SMS. Once intercepted, the app communicates with the mobile operator to subscribe to the service.

This group began targeting users in Asia, but the move to Russia shows its increasing ambition. The goal of the AsiaHitGroup Gang remains the same, but the manner in which they attempt to achieve their ends differs per campaign, and their techniques are improving. Although the security industry focuses much attention on “loud” and destructive attacks, many campaigns quietly steal funds from unsuspecting victims or those who have little visibility into what is happening.

The post AsiaHitGroup Returns With New Billing-Fraud Campaign appeared first on McAfee Blogs.

AsiaHitGroup Gang Again Sneaks Billing-Fraud Apps Onto Google Play

The McAfee Mobile Research team has found a new billing-fraud campaign of at least 15 apps published in 2018 on Google Play. Toll fraud (which includes WAP billing fraud) is a leading category of potentially harmful apps on Google Play, according to the report Android Security 2017 Year in Review. This new campaign demonstrates that cybercriminals keep finding new ways to steal money from victims using apps on official stores such as Google Play.

The AsiaHitGroup Gang has been active since at least late 2016 with the distribution of the fake-installer applications Sonvpay.A, which attempted to charge at least 20,000 victims from primarily Thailand and Malaysia for the download of copies of popular applications. One year later, in November 2017, a new campaign was discovered on Google Play, Sonvpay.B, used IP address geolocation to confirm the country of the victim and added Russian victims to the WAP billing fraud to increase its potential to steal money from unsuspected users.

In January 2018, the AsiaHitGroup Gang returned to Google Play with the repackaged app, Sonvpay.C, which uses silent background push notifications to trigger a fake update dialog. When victims start the “update” they instead subscribe to a premium-rate service. The subscription operates primarily via WAP billing, which does not require sending SMS messages to premium-rate numbers. Instead it requires only that users employ the mobile network to access a specific website and automatically click on a button to initiate the subscription process. Based on the approximate number of installations from Google Play, the cost of the premium-service subscription, and the days that these apps were available, we estimate that the AsiaHitGroup Gang could have potentially earned between $60,500–$145,000 since January.

Sonvpay on Google Play

The McAfee Mobile Research team initially found the following applications repackaged with Sonvpay on Google Play, all of them published this year:

Figure 1. Sonvpay apps found on Google Play.

We notified Google about these apps on April 10 and they were promptly removed. A couple of days later the app “Despacito for Ringtone” was found again on the store and was quickly removed. In total we found 15 apps that were installed at least 50,000 times since the first one, Cut Ringtones 2018, was released on Google Play in January 2018. The following table lists the 15 malicious apps:

At the time of download, the only red flag that a user could notice is that the app needs access to SMS messages. Once installed and executed, the app behaves as expected (QR code reader, ring tones, etc.). However, in the background and without the user’s knowledge, Sonvpay listens for incoming push notifications that contain the data to perform mobile billing fraud.

Background Push Notification and Fake Update Screen

Sonvpay employs the onesignal push notification service to get the information to subscribe users to premium-rate services. To receive the data in the background without displaying a notification, Sonvpay implements the method “onNotificationProcessing” and returns “true” to make the notification silent:

Figure 2. Silent background notification.

The received data can perform WAP and SMS fraud along with information necessary to display a fake update notification to the user after some time of using the repackaged application. This fake notification has only one bogus button. If the user scrolls until the end, the misleading phrase “Click Skip is to agree” appears:

Figure 3. Fake update notification.

If the user clicks the only button, Sonvpay will do its job. However, even if there is no interaction with this window and the data in the push notification has the value “price” as empty, Sonvpay will proceed to subscribe to a premium-rate service:

Figure 4. Starting mobile billing fraud if “price” value is empty.

Downloading the Dynamic Payload from a Remote Server

One of the parameters obtained from the silent push notification is a URL to request the location of functionality to perform mobile billing fraud. Once the fake update notification is displayed, Sonvpay requests the download of the library from another remote server:

Figure 5. Sonvpay requesting library with additional functionality.

The new APK file is downloaded and stored in the path /sdcard/Android/<package_name>/cache/ so that it can be dynamically loaded and executed at runtime. The library we obtained for performing mobile billing fraud targeted only Kazakhstan and Malaysia but, because the library is present in a remote server and can be dynamically loaded, it can likely be updated at any time to target more countries or mobile operators.

WAP Billing and SMS Fraud

In the case of Kazakhstan, Sonvpay loads a specific URL delivered through the silent push notification and uses JavaScript to click on a button and on the element “activate” to fraudulently subscribe the user to a premium-rate service:

Figure 6. WAP billing fraud in Kazakhstan.

For Malaysia, the malware creates a new WebView to send the “Shortcode” and “Keyword” parameters to a specific URL to subscribe the user to a WAP billing service:

Figure 7. WAP billing fraud in Malaysia.

However, for Malaysia the app needs to intercept a confirmation code (PIN) sent by the mobile operator via SMS. Sonvpay has this SMS interception functionality implemented in the original repackaged application:

Figure 8. Processing an intercepted SMS message to get the confirmation PIN.

Once the PIN is obtained, it is sent to the mobile operator via a web request to automatically confirm the subscription. If the parameters for Kazakhstan or Malaysia do not match, Sonvpay still tries to perform mobile billing fraud by attempting to send an SMS message to a premium-rate number provided via the silent push notification:

Figure 9. Functionality to send an SMS message to a premium-rate number.

Closer Look to Previous Campaigns

While looking for patterns in the 2018 campaign, we found the app DJ Mixer–Music Mixer. As soon as this application executes, it checks if the device has an Internet connection. If the device is offline, the app shows the error message “You connect to internet to continue” and ends its execution. If the device is online, the app executes a web request to a specific URL:

Figure 10. Web request to the AsiaHitGroup Gang URL.

We learned the apps created by the developer SHINY Team 2017 were available on Google Play in September 2017; earlier Sonvpay variants were discovered in November 2017. The primary behavior of the two variants is almost the same—including the changing of the main icon and the app’s name to Download Manager to hide its presence from the user. However, with DJ Mixer, the geolocation of the IP address identifies the country of the infected device and aids the execution of the mobile billing fraud:

Figure 11. Using IP geolocation to target specific countries.

In this case only three countries are targeted via the geolocation service: Russia (RU), Thailand (TH), and Malaysia (MY). If the IP address of the infected devices is not from any of these countries, a dialog will claim the app is not active and that the user needs to uninstall and update to the latest version.

If the country is Thailand or Malaysia, the malicious app randomly selects a keyword to select an image to offer users premium-rate services. With Malaysia the image includes English text with terms of service and the button “Subscribe” to accept the randomly selected premium-rate service:

Figure 12. Screens displayed when the country of the IP address is Malaysia.

In the case of Thailand, the text is in Thai and includes a small version of terms of service along with instructions to unsubscribe and stop the charges:

Figure 13. Screens shown when the country of the IP address is Thailand.

Finally, with Russia no image is shown to the user. The app fraudulently charges the user via WAP billing while enabling 3G and disabling Wi-Fi:

Figure 14. Forcing the use of 3G to start WAP billing fraud.

We also found similar apps from late 2016 that performed SMS fraud by pretending to be legitimate popular applications and asking the user to pay for them. These are similar to text seen in the 2018 campaign as an update but labeled as Term of user:

Figure 15. Fake-installer behavior asking the user to pay for a popular legitimate app.

If the user clicks “No,” the app executes as expected. However, if the user clicks “Yes,” the app subscribes the user to a premium-rate service by sending an SMS message with a specific keyword to a short number. Next the mobile operator sends the device a PIN via SMS; the malware intercepts the PIN and returns it via web request to confirm the subscription.

Once the user is fraudulently subscribed to a premium-rate service to download a copy of a free app on official app stores, the malware shows the dialog “Downloading game…” and proceeds with the download of another APK stored on a third-party server. Although the APK file that we downloaded from the remote server is a copy of the legitimate popular app, the file can be changed at any point to deliver additional malware.

Unlike in previous campaigns, we did not find evidence that these fake-installer apps were distributed via Google Play. We believe that they were distributed via fake third-party markets from which users looking for popular apps are tricked into downloading APK files from unknown sources.  In June 2018 ESET and Sophos found a new version of this variant pretending to be the popular game Fortnite. The fake game was distributed via a YouTube video by asking the user to download the fake app from a specific URL. This recent campaign shows that the cybercriminals behind this threat are still active tricking users into installing these fake applications.

Connections Among Campaigns

All of these campaigns rely on billing-fraud apps targeting users in Southeast and Central Asia and offer some similarities in behavior such as the use of almost the same text and images to trick users into subscribing to premium-rate services. Other potential connections among the three campaigns suggest that all the apps are likely from the same actor group. For example, apps from all campaigns use the same string as debug log tag:

Figure 16. The “SonLv” string used as a log tag occurs in all campaigns.

There is also a notable similarity in package and classes names and in the use of a common framework (telpoo.frame) to perform typical tasks such as database, networking, and interface support:

Figure 17. Common package and classes names in all campaigns.

Finally, apps from the Google Play campaigns use the domain vilandsoft[.]com to check for updates. The same domain is also used by apps from the fake-installer campaign to deliver remote-execution commands, for example, action_sendsms:

Figure 18. A fake-installer app checking for the command action_sendsms.

The following timeline identifies the campaigns we have found from this group, strategies to trick users into installing the apps, distribution methods, main payload, and targeted countries:

 

Figure 19. A timeline of Sonvpay campaigns.

Conclusion

Sonvpay campaigns are one example of how cybercriminals like the AsiaHitGroup Gang constantly adapt their tactics to trick users into subscribing to premium-rate services and boosting their profits. The campaigns started in late 2016 with very simple fake installers that charged users for copies of popular apps. In late 2017, Google Play apps abused WAP-billing services and used IP address geolocation to target specific countries. In 2018, Google Play apps used silent background push notifications to trigger the display of a fake update message and to gather data for mobile billing fraud. We expect that cybercriminals will continue to develop and distribute new billing fraud campaigns to target more countries and affect more users around the world.

Cybercriminals always follow the money, and one of the most effective ways to steal money from users is via billing fraud. A victim will likely not notice a fraudulent charge, for example, until it appears on the mobile bill at the end of the month. Even when the payment is detected early, most of the time the charge is for a subscription rather than a one-time payment. Thus victims will need to find a way to unsubscribe from the premium-rate service, which may not be easy if the subscription occurred silently or if the app does not provide that information. Also, the fact that WAP-billing fraud does not require sending an SMS message to a premium-rate number makes it easier to commit. Cybercriminals need to only silently subscribe users by forcing them to load the WAP-billing service page and click on buttons. For these reasons we expect that mobile billing fraud will continue to target Android users.

McAfee Mobile Security detects this threat as Android/Sonvpay. To protect yourselves from this and similar threats, employ security software on your mobile devices, check user reviews for apps on Google Play, and do not accept or trust apps that ask for payment functionality via SMS messages as soon as the app is opened or without any interaction.

The post AsiaHitGroup Gang Again Sneaks Billing-Fraud Apps Onto Google Play appeared first on McAfee Blogs.

A Traveler’s Guide to International Cybersecurity

When you think of the most valuable thing you could lose while traveling, what comes to mind? Your suitcase, wallet, passport? What comes to my mind is my mobile device. Especially while traveling abroad, my mobile device is my lifeline and is essentially the remote control to my digital life.

What many international travelers do not realize is that their devices are often more vulnerable when taking a long-distance trip. Because they store and transmit our personal information – from website logins to banking information – these devices are much more valuable than the contents of your wallet or suitcase. Especially while you’re abroad and not used to your surroundings, pickpockets and cybercriminals can prey on your vulnerability to steal or infect your devices. Luckily, there are cybersecurity precautions you can take before, during and after international travel to ensure your information stays safe.

Before Travel

First and foremost, you have to get your device security in order before you hit the skies or hit the road. Now is the time to be proactive, not reactive, when it comes to protecting your information. The best thing to do would be to leave your devices at home where you know they will be safe. However, that’s unrealistic for most people, since we’re tethered to our mobile gadgets. So at the very least, before you head on your trip, make sure to:

  • Clean up your device. Clear your browser history and delete cookies.
  • Consider deleting apps that you don’t use altogether to avoid unnecessary vulnerability.
  • Encrypt any personal data to ensure that information stays protected. Back up any files to an external hard drive or desktop if your encryption fails.

During Travel

Whether you’re home or abroad, it’s important to always be vigilant and aware of your surroundings, both online and in-person. While device theft is uncontrollable, you can control how and where you use your devices. When you’re traveling internationally, public, free Wi-Fi is sometimes the only option for service. Unfortunately, it can be exploited by cybercriminals as a gateway to your devices. By spoofing legitimate Wi-Fi networks, these nefarious folks could gain access to sensitive data and private accounts and potentially request money for the return of your information, making public Wi-Fi the biggest threat to your cybersecurity. To avoid being compromised, be sure to:

  • Mitigate risk and avoid making online purchases or accessing bank accounts while using public Wi-Fi.
  • Use your smartphone to create a personal hotspot, if you are in dire need of an internet connection.
  • Use a Virtual Private Network (VPN) to encrypt any data you may receive while on your trip.

After Travel

Arriving home after travel is an already exhaustive experience – don’t exhaust your device by bringing any malware back with you. Remember that if you connected to local networks abroad, your mobile devices may have been susceptible to malware. So, in order to help your device be ready for its return back home, follow these tips:

  • Update your software. By updating your apps when prompted, you’ll ensure you have the latest patch and avoid any vulnerabilities that may have surfaced while you were away.
  • Delete travel apps you needed for your trip but no longer use. These can store personal information that can be accessed if they are not regularly used or updated.
  • Reset your passwords, pins and other credentials you may have used while abroad, regardless if you think you were compromised or not. Changing them will render the stolen credentials useless.

Interested in learning more about IoT and mobile security tips and trends? Stop by ProtectWhatMatters.online, and follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post A Traveler’s Guide to International Cybersecurity appeared first on McAfee Blogs.

Listen to Hackable? on Google Podcasts

Android users and podcast lovers are in luck! Google just rolled out an easier than ever podcast platform so you can binge all you favorite shows, like our original podcast, Hackable?

Haven’t heard it yet? Our award-winning show gives a behind-the-scenes look into real cyber attacks in action. We take hacks as seen on TV, in movies, and throughout pop culture and see how they measure up in the real world. Season One featured Geoff and his band of good-guy hackers who put these cyber attacks to the test. In Season Two, they came back to deliver even more eye-opening excitement. The crew found out just how easy it is to digitally break into cars, passwords, an automated car wash, a smart baby onesie, and so much more! The team is here to answer the question, “Is it Hackable?”

If you’re an Android user, you can now listen to podcasts directly in Google Podcasts. Binge listen to all Hackable? episodes, or catch up where you left off now!

The post Listen to Hackable? on Google Podcasts appeared first on McAfee Blogs.

Internet Safety Month: 5 Tips to Keep You Secure

The internet is infinitely expansive, but that’s often easy to forget as we now have immediate access to it in the palm of our hands. We feel safe scouring the digital world from the comfort of our homes, offices, or local coffee shops, but there is real danger lurking behind those virtual walls. Cybercriminals using the internet to infiltrate the Internet of Things (IoT) and our mobile devices is no longer the stuff of science fiction movies. Hacks, phishing scams, malicious sites, and malware, just to name a few — this world of hyper-connectivity has left us exposed to far greater threats than we could have ever imagined. To combat these looming threats and highlight the importance of staying safe online, June was dubbed Internet Safety Month. Seeing as the internet gives us the opportunity to learn, explore, create, and socialize, we should be doing so safely and securely.

According to a recent Pew Research Center survey, 77% of American adults own a smartphone, up from 35% just six years ago. Whether we’re traveling, working, or just having fun, our mobile devices — tablet, smartphone, or laptop — are within reach at all times. Our gadgets make it easier to connect with the world, but they also store tons of sensitive information about our lives. Yes, we may use our devices to talk and text, but we also use applications on those devices to access banking information, share our location, and check emails. This wealth of personal information on an easily hackable device should galvanize us to ensure that data stays out of the hands of cybercriminals. From ransomware to phishing scams, the numerous threats that can infect our IoT and mobile devices through the internet are ever-evolving menaces.

With the rise of IoT, the probability of a debilitating attack increases. Just like everything else online, IoT devices are one part of a massively distributed network. The billions of extra entry points that IoT devices create make them a greater target for cybercriminals. In 2016, this fact was proven and executed by the Mirai botnet, a malware strain that remotely enslaved IoT objects for use in large-scale attacks designed to knock websites and entire networks offline. The authors of Mirai discovered previously unknown vulnerabilities in IoT devices that could be used to strengthen their botnet, which at its height infected 300,000 devices. While this is an extreme example, it is very much a reality that could happen again — only this time worse. These ever-present threats make it crucial to maintain proper cyber hygiene while using the internet.

Internet Safety Month emphasizes the importance of staying safe while surfing the web, not just in June but all 365 days of the year. With new threats appearing every day, the time to be proactive about your online safety is now. Don’t find yourself on the wrong side of the most recent internet threat, follow these tips to stay protected:

  • Secure your devices. Strong passwords or touch ID features are your first line of defense against cybercriminals stealing your sensitive information. With security measures in place, your data is protected in the case of your device being lost or stolen. And reset those default passwords — many of today’s exploits come from leveraging devices where the default settings were never changed.
  • Only use apps you trust. Information about you is collected through the apps you use. Think about who is getting that data and if you’re comfortable with how it could be used.
  • Be picky about what Wi-Fi you’re using. Hotspots and public Wi-Fi networks are often unsecured, meaning anyone can see what you’re doing on your device. Limit your activity and avoid logging into accounts that hold sensitive information. Consider using a virtual private network (VPN) or a personal/mobile hotspot.
  • Disable Wi-Fi and Bluetooth when not in use. Stores and other locations use this information to track your movements when you are in range. Both Bluetooth and Wi-Fi can also act as digital entrances into your phone. When it’s not absolutely necessary, consider turning it off.
  • Keep your devices and apps up-to-date. Having the most up-to-date software and applications is the best defense against threats. If an app is no longer in use, just delete it to ensure your devices clutter-free and no longer housing unsupported or outdated apps.

Interested in learning more about IoT and mobile security tips and trends? Stop by ProtectWhatMatters.online, and follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Internet Safety Month: 5 Tips to Keep You Secure appeared first on McAfee Blogs.

What the Mobile-Born Mean for IoT and Cybersecurity

Since before they knew how to walk, Gen Z – or the mobile-born generation – has had a wealth of information, quite literally, at their fingertips. Their lives are exponentially hyper-connected with social media, music, ride sharing, shopping, and more, all through their mobile devices. But Gen Z’s haste to be on the cutting edge of technology and trends can often leave them arrogant to the security implications. They prioritize personalization over privacy and willingly share personal data so they can have a more predictive and personalized experience, without the same sense of security awareness as that of previous generations. Through increased data sharing, and the modern-day usage of social media, the mobile-born could be naively exposing themselves, and loved ones, to security issues they don’t fully realize or understand.

Social Media

Apps such as Snapchat and Facebook constantly know where consumers are located through default settings, geotagging photos, and videos, “checking in” to reap promotional rewards or to just show off their latest experiences. This may not seem pressing, but in actuality, it tells people where you are at any given moment and, depending on your privacy settings, this information could get out to audiences that it wasn’t intended for. If you posted a picture while at home, you are likely taking a GPS location snapshot and potentially letting your home address get into the wrong hands. The metadata within your photo can now be used by cybercriminals to track where you live, opening up your home and devices to a slew of cybersecurity concerns. Geotagging can be fun and beneficial, but issues arise when user data is distributed unknowingly.

Furthermore, past generations have learned the hard way that once something is on the internet, it’s nearly impossible to get it back. We’ve gotten into the habit of oversharing our experiences online – whether mere photos of friends, our pets, birthday celebrations or the address of your favorite spot to hang out on the weekends, you may be giving the keys to all of your data. How does this seemingly harmless series of posts affect personal security? A combination of the information being shared on these social media sites can also be utilized to crack common passwords.

Passwords

Another common theme among Gen Z is poor password hygiene. There is more importance placed on ease and convenience rather than data security. Passwords are often the weakest entry point for hackers and, according to a recent McAfee survey, nearly a quarter of people currently use passwords that are 10 or more years old. While Post-Millennials may not have passwords that old, they still display poor password hygiene by reusing the same credentials among multiple online sites and granting login access to third-party applications through networking platforms like Facebook.

If a cybercriminal cracks one password, they now have the skeleton key to the rest of your digital life. Passwords are our data’s first defense when it comes to cybercriminals, so by differentiating passwords across several accounts or using a password manager, Gen Z-ers can make sure the proper precautions are in place and better defend against unwanted access.

Public Wi-Fi

The mobile-born generation has a totally new outlook on digital experiences and their connection to the online world. They expect to have free, authentic, and secure Internet provided to them at all times, without having to take the necessary security precautions themselves. The internet isn’t just a tool for these digital natives, but rather a way of life and with that expectation, they will connect to public Wi-Fi networks without a second thought toward who’s hosting it and if it’s secure.

If they head to the library or a coffee shop to do homework or stream a video while out to lunch, they’re likely connecting to an unsecured public Wi-Fi network. Connecting to public Wi-Fi can be an easy data/money-saving trick for those on a family shared data plan, but it may be one that puts your data at risk. Much like all individuals have a social security number, all devices have a unique Internet Protocol (IP) address being tracked by Internet Service Providers (ISPs). This allows a device to communicate with the network, but if it’s doing so insecurely, it can act as a watering hole for cybercriminals to eavesdrop, steal personal information, and potentially infect devices with malware.

Educating the Next Generation

Whether it’s ignorant use of social media, poor password protection or careless connection to the internet, the iGeneration does not show the same level of security knowledge or experience as previous generations. Maybe they just don’t know about the various threats out there, or they don’t have the proper education to be using their devices and the internet safely, but it’s our duty to educate our kids about the implications of cybercriminals, privacy breaches, and data exploits to ensure proper cyber hygiene for years to come.

Consider these tips when setting ground rules for keeping you and your family safe:

  • Parental Controls. While these may be a nuisance sometimes, they are also a necessity in keeping you and your children safe from malicious sites. Consider using McAfee Secure Home Platform to ensure your family’s security while in the home.
  • Turn off geolocation. In ‘Settings’ on your device, you can select which apps are allowed to use your location. Make sure only the ones you know you can trust are selected.
  • Restrict access to your information. If you go into your browser, you can adjust your privacy settings to delete information from your browsing history (i.e. cookies, history, saved passwords, or banking information).
  • Install a Virtual Private Network (VPN). A personal VPN extends a private network across a public Wi-Fi network to help secure and encrypt your data and keep your connections safe. Software like McAfee Safe Connect can help protect your data at home and on the go.
  • Talk with your children. Understanding that their personal information is invaluable is the first step towards creating and maintaining safe online habits.

Interested in learning more about IoT and mobile security tips and trends? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post What the Mobile-Born Mean for IoT and Cybersecurity appeared first on McAfee Blogs.

America’s Dirty Little Secrets: Opening the Door to Protected Data

It’s 2018. Digital assistants have started taking over our homes, with adoption growing tenfold. These smart speakers know everything about us, from our shopping habits to our music tastes — they likely know more about our daily lives than we do. This ever-growing, ever-changing relationship between humans and devices highlights the importance of protecting data – verbal or otherwise – in the home. With connected devices using our personal data to be the most comprehensive in-home assistants possible, we need to prioritize Internet of Things (IoT) security, awareness and the implications of using such devices.

It’s estimated that by 2022, over half of U.S. households will have at least one smart speaker in their home — that’s over 70 million households, topping 175 million installed devices. These devices are aimed at making our lives easier and more convenient than ever before, but to do so they require that we willingly share access to our personal and private information. Whether it’s banking and home address stored directly on the device, or learnings it’s picked up from our conversations, the amount of private data that these devices carry opens up a new array of threats. New research from McAfee reveals that 60% of Americans have considered their digital assistants could be recording or listening to them. If so, what are the security implications of using a digital assistant?

From answering a quick question to ordering items online, controlling the lights, or changing thermostat temperature, digital assistants have become a pseudo-family member in many households, connecting to more IoT things than ever before. But if one of these devices is breached, it can open up an entire home Wi-Fi network and our valuable information could get into the wrong hands. Beyond this, many Americans have developed a very personal relationship with their devices, with 50% admitting to being embarrassed if friends or family knew what questions they asked their digital assistants. Now imagine if any of that information fell into the hands of cybercriminals — it could open the door to your personal data and threaten your family’s security.

In addition to the sensitive data that our smart speakers have stored, and the conversations they may or may not be recording, there are other security risks associated with this technology in the home. In 2016, it was determined that music or TV dialogue could take control of our digital assistants with commands undetectable to human ears. Known as the “Dolphin Attack,” this occurrence essentially hides commands in high-frequency sounds that our assistant-enabled gadgets can detect, but we are unable to hear. Instances of TV commercials activating digital assistants have already been reported, so we can see how this technique could be quite easy for cybercriminals to imitate if they wanted to access our smart homes’ network.

The growing trend of connecting these always-listening assistants to our home appliances and smart home gadgets is only exacerbating these concerns. Aside from digital assistants, other IoT devices such as game consoles, home security systems, thermostats, and smartphones may be at risk and must be secured to avoid becoming targets for cybercriminals. We must proceed with caution and be aware of who, or what could be listening in order to protect ourselves accordingly. Whenever bringing any kind of new, connected device into the home, prioritize safety and privacy.

Here are some top tips to securely manage the connected devices in your home:

  • Vary your passwords. Create passwords that are difficult to crack to ensure accounts are secure and update your passwords on a regular basis. Use multi-factor authentication whenever possible. Simplify password management by using a password manager.
  • Consider setting up a PIN code. Particularly for voice command purchases. Help keep cybercriminals away from your data by setting up an extra layer of security.
  • Invest in a router that delivers security for all your connected devices. It’s important to secure your entire connected home network. And the launch of McAfee Secure Home Platform skill for Alexa is set to make this easier and more convenient than ever before.

Technology is changing our everyday lives but being aware of the security concerns is the key to becoming an empowered consumer.

Interested in learning more about IoT and mobile security tips and trends? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post America’s Dirty Little Secrets: Opening the Door to Protected Data appeared first on McAfee Blogs.

It’s a Zoo Out There! Data Analysis of Alleged ZooPark Dump

In early May, researchers disclosed a Mobile malware campaign by a group focused on Middle Eastern targets. This actor was found to be an evolving and sophisticated group using fake Android apps, namely Telegram, to trick users into installing malicious software. They have been active since 2015 and evolved over several campaigns into 2018. On May 14, a Reddit post linked to LamePT, claiming to have leaked their infrastructure including a database containing victim information.

Figure 1 – Screenshot of the site hosting the leaked data

The current leaked assets include:

  • MYSQL database
  • Audio recordings
  • The old C2 server and assets
  • AppData folder (presumably of the C2 server)
  • Current C2 server and control panel

Further leaked documents are behind a paywall payable to a fresh bitcoin address. The first payment was made on May 13th, 2018 leaving a balance of $1,110.87. It’s difficult to verify if someone paid to have the first dataset released or the actor paid themselves to appear more authentic. With that said, the authenticity of the data is still in question as we have some significant doubts on at least a portion of the data. For example, the following SMS caught our attention:

“Wife.how she knew the time of murder exactly”.

This text can be found in an SMS spam dataset used for training spam engines. Many other English based SMS messages can also be found here. “will be office around 4 pm. Now I am going hospital” is another example. Universities tend to use these datasets to teach computer science concepts. In this case, the concept is likely related to machine learning techniques for categorizing messages into spam. One university came up often when searching for these messages based on its Computer Science I: Fundamentals homework postings. Other messages could be found in cached websites.

“Credit shuma ka mast jahat ezdiad credit ba hesab tan shumarai 222 ra dair namoda w aba taqeeb aan code 14 raqami ra dakhel nomaed .”

This translates to “Credit card is not available for sale at 222 days or less than 142 days.” and found cached in a language translation site. This particular phrase was being translated from Turkish to Urdu. Not all of the messages were found publicly online. Most of the messages were in Middle Eastern languages presenting its own challenges. Other sources were found such as Facebook posts; however, sources for the vast majority of the SMS message have not yet been located. For these reasons, we remain skeptical of the authenticity of the data.

Figure 2 – Facebook post with the same text as an SMS message

Other data such as the recordings do not appear to be publicly available. After sampling 100 of these files we’ve found them to sound like authentic recordings. The majority are in 7 minute 59 second .3gpp files. Most appear to be ambient conversations and daily activities and not phone calls as was expected. Searching for public audio is difficult but we can verify that the hashes of the 100 are not publicly indexed by major search engines nor are the file names themselves.

Until we know for certain whether the data is authentic we cannot grantee that this data dump represents ZooPark and its capabilities but we can look at what they could be up to. After reviewing the leaked MySQL database we’ve learned much about the ZooPark’s potential operations.

Tables Included:

  • Appinfotracking
  • Audiotracking
  • Calltracking
  • Emailtracking
  • geolog
  • gpslocation
  • phonebookaccess
  • phototracking
  • recordcall
  • registration
  • sales_user_info
  • settings
  • smstracking
  • urltracking

From the table names alone, we can infer a lot of the access ZooPark had to user devices and the data they were after. Call tracing, phonebook access, and SMS tracking are unfortunately very common to collect amongst malicious app developers. However, audio tracking caught our attention. While we are still analyzing the dataset, the database records indicate over 102,571 recordings have been uploaded to their C2 server between 2015 and 2018. The dump contains approximately 3,887 of these, jeopardizing private and potentially highly sensitive conversations. Our sampling of these files indicate that the audio was recorded in roughly 8-minute blocks. Most, but not all audio files took place with time gaps between them. There was at least one group conversation that continued on for at least 3 recorded blocks. A surprisingly low number of phone numbers generated these recordings. Only eight phone numbers are part of the recording available through this data dump.

Other conversations were also captured such as SMS texts although portions of these have been found publicly in open datasets. Conceivably, these could have been generated by researchers investigating the malicious Android apps but it’s more likely they were generated by the data leaker to sell the dump. The SMS texts contain much of what you expect such as general chat, and advertisements. However, it’s also riddled with embarrassing or explicit texts which could be used against the users should they prove legitimate. Additionally, we’ve found cleartext two-factor authentication messages from major services such as Google and LinkedIn, and popular chat apps such as Telegram. ZooPark could have used these to gain access to additional services unbeknownst to the victims. After attempting and failing to rebuild several English based conversations we have little confidence that the entire data set came from ZooPark. However, It does exemplify the real danger of sensitive conversations being collected by Zoopark and available for their operations.

Another surprising find is in the Appinfotracking table, where there are 1541 unique apps listed, indicating a very large campaign. Here are a few notable ones:

  • Youtube
  • Wikipedia
  • WhatsApp
  • WinZip
  • Weather
  • VLC
  • Twitter
  • Telegram
  • TrueCaller
  • Tango
  • Pinterest
  • ICQ
  • Flashlight
  • Facebook
  • DUO
  • Dropbox
  • Crunchyroll

There were relatively few games listed compared to other social and utility apps, perhaps suggesting a more utilitarian or professional target. Approximately, 92 phone numbers are listed in relation to the apps. Of the GPS coordinates we’ve checked the middle east is still the main focus, with a significant footprint in Egypt.

While the data leakers request is for Bitcoin payment, we believe they are primarily interested in acquiring Monero coin. Once payments are made the actors use a popular tool called ShapeShift to turn the Bitcoin into Monero (XMR). Shapeshift allows the actors to pay in from one cryptocoin and receive a payout in another without creating an account for the service. The added Monero features enable them to maintain greater anonymity during the transfer. It is anonymity that usually motivates cybercriminals to move to Monero.  Monero coins are of interest due to their improved anonymity and privacy-related improvements, making it difficult to for law enforcement and security researchers to trace.

Shapeshift Transaction from BitCoin (BTC) to Monero (XMR)

The actor who leaked this data is obviously motivated by money as evidenced by the requested payment for further data leaks. Fake datasets, especially those that contain credit card information, email addresses and passwords, have been known to be for sale to scam other cybercriminals. It’s a distinct possibility that this could be the case with the current data dump but it has yet to be determined. However, competition also can play a primary motivator. Many times competing bad actors will attempt to sabotage others in the space. Altruism can play a role as well. Some vigilante actors may believe that their motivations are for the greater good regardless of the laws they break and collateral damage. Whatever the motivations are, data leaks like these can be embarrassing, damaging and in some cases dangerous for the victims whose information it may contain.
Other points of interest:

  • There are a surprisingly low number of unique victim numbers in the database with only 169.
  • The latest URL record is as recent as May 12,2018
  • The latest SMS record is as recent as May 8,2018
  • 81 unique numbers had 47,784 records of GPS data stored

Bitcoin Address:

  • 1AUMs2ieZ7qN4d3M1oUPCuP3CH9WGQxpbd

The post It’s a Zoo Out There! Data Analysis of Alleged ZooPark Dump appeared first on McAfee Blogs.

JS-Binding-Over-HTTP Vulnerability and JavaScript Sidedoor: Security Risks Affecting Billions of Android App Downloads

Third-party libraries, especially ad libraries, are widely used in Android apps. Unfortunately, many of them have security and privacy issues. In this blog, we summarize our findings related to the insecure usage of JavaScript binding in ad libraries.

First, we describe a widespread security issue with using JavaScript binding (addJavascriptInterface) and loading WebView content over HTTP, which allows a network attacker to take control of the application by hijacking the HTTP traffic. We call this the JavaScript-Binding-Over-HTTP (JS-Binding-Over-HTTP) vulnerability. Our analysis shows that, currently, at least 47 percent of the top 40 ad libraries have this vulnerability in at least one of their versions that are in active use by popular apps on Google Play.

Second, we describe a new security issue with the JavaScript binding annotation, which we call JavaScript Sidedoor. Starting with Android 4.2, Google introduced the @JavascriptInterface annotation to explicitly designate and limit which public methods in Java objects are accessible from JavaScript. If an ad library uses @JavascriptInterface annotation to expose security-sensitive interfaces, and uses HTTP to load content in the WebView, then an attacker over the network could inject malicious content into the WebView to misuse the exposed interfaces through the JS binding annotation. We call these exposed JS binding annotation interfaces JS sidedoors.

Our analysis shows that these security issues are widespread, have affected popular apps on Google Play accounting for literally billions of app downloads. The parties we notified about these issues have been actively addressing them.

Security Issues with JavaScript Binding over HTTP

Android uses the JavaScript binding method addJavascriptInterface to enable JavaScript code running inside a WebView to access the app’s Java methods. However, it is widely known that this feature, if not used carefully, presents a potential security risk when running on Android 4.1 or below. As noted by Google: “Use of this method in a WebView containing untrusted content could allow an attacker to manipulate the host application in unintended ways, executing Java code with the permissions of the host application.” [1]

In particular, if an app running on Android 4.1 or below uses the JavaScript binding method addJavascriptInterface and loads the content in the WebView over HTTP, then an attacker over the network could hijack the HTTP traffic, e.g., through WiFi or DNS hijacking, to inject malicious content into the WebView – and thus take control over the host application. We call this the JavaScript-Binding-Over-HTTP (JS-Binding-Over-HTTP) vulnerability. If an app containing such vulnerability has sensitive Android permissions such as access to the camera, then a remote attacker could exploit this vulnerability to perform sensitive tasks such as taking photos or record video in this case, over the Internet, without a user’s consent.

We have analyzed the top 40 third-party ad libraries (not including Google Ads) used by Android apps. Among the apps with over 100,000 downloads each on Google Play, over 42 percent of the free apps currently contain at least one of these top ad libraries. The total download count of such apps now exceeds 12.4 billion. From our analysis, at least 47 percent of these top 40 ad libraries have at least one version of their code in active use by popular apps on Google Play, and contain the JS-Binding-Over-HTTP vulnerability. As an example, InMobi versions 2.5.0 and above use the JavaScript binding method addJavascriptInterface and load content in the WebView using HTTP.

Security Issues with JavaScript Binding Annotation

Starting with Android 4.2, Google introduced the @JavascriptInterface annotation to explicitly designate and limit which public Java methods in the app are accessible from JavaScript running inside a WebView. However, note that the @JavascriptInterface annotation does not provide any protection for devices using Android 4.1 or below, which is still running on more than 80 percent of Android devices worldwide.

We discovered a new class of security issues, which we call JavaScript Sidedoor (JS sidedoor), in ad libraries. If an ad library uses the @JavascriptInterface annotation to expose security-sensitive interfaces, and uses HTTP to load content in the WebView, then it is vulnerable to attacks where an attacker over the network (e.g., via WIFI or DNS hijacking) could inject malicious content into the WebView to misuse the interfaces exposed through the JS binding annotation. We call these exposed JS binding annotation interfaces JS sidedoors.

For example, starting with version 3.6.2, InMobi added the @JavascriptInterface JS binding annotation. The list of exposed methods through the JS binding annotation in InMobi includes:

  • createCalendarEvent (version 3.7.0 and above)
  • makeCall (version 3.6.2 and above)
  • postToSocial (version 3.7.0 and above)
  • sendMail (version 3.6.2 and above)
  • sendSMS (version 3.6.2 and above)
  • takeCameraPicture (version 3.7.0 and above)
  • getGalleryImage (version 3.7.0 and above)
  • registerMicListener (version 3.7.0 and above)

InMobi also provides JavaScript wrappers to these methods in the JavaScript code served from their ad servers, as shown in Appendix A.

InMobi also loads content in the WebView using HTTP. If an app has the Android permission CALL_PHONE, and is using InMobi versions 3.6.2 to 4.0.2, an attacker over the network (for example, using Wi-Fi or DNS hijacking) could abuse the makeCall annotation in the app to make phone calls on the device without a user’s consent – including to premium numbers.

In addition, without requiring special Android permissions in the host app, attackers over the network, via HTTP or DNS hijacking, could also misuse the aforementioned exposed methods to misguide the user to post to the user’s social network from the device (postToSocial in version 3.7.0 and above), send email to any designated recipient with a pre-crafted title and email body (sendMail in version 3.6.2 and above), send SMS to premium numbers (sendSMS in version 3.6.2 and above), create calendar events on the device (createCalendarEvent in version 3.7.0 and above), and to take pictures and access the photo gallery on the device (takeCameraPicture and getGalleryImage in version 3.7.0 and above). To complete these actions, the user would need to click on certain consent buttons. However, as generally known, users are quite vulnerable to social engineering attacks through which attackers could trick users to give consent.

We have identified more than 3,000 apps on Google Play that contain versions 2.5.0 to 4.0.2 of InMobi – and which have over 100,000 downloads each as of December, 2013. Currently, the total download count for these affected apps is greater than 3.7 billion.

We have informed both Google and InMobi of our findings, and they have been actively working to address them.

New InMobi Update after FireEye Notification

After we notified the InMobi vendor about these security issues, they promptly released new SDK versions 4.0.3 and 4.0.4. The 4.0.3 SDK, marked as “Internal release”, was superseded by 4.0.4 after one day. The 4.0.4 SDK made the following changes:

  1. Changed its method exposed through annotation for making phone calls (makeCall) to require user’s consent.
  2. Added a new storePicture interface to download and save specified files from the Internet to the user’s Downloads folder. Despite the name, it can be used for any file, not just images.
  3. Compared with InMobi’s earlier versions, we consider change No. 1 as an improvement that addresses the aforementioned issue of an attacker making phone calls without a user’s consent. We are glad to see that InMobi made this change after our notification.

    InMobi recently released a new SDK version 4.1.0. Compared with SDK version 4.0.4, we haven't seen any changes to JS Binding usage from a security perspective in this new SDK version 4.1.0.

    Moving Forward: Improving Security for JS Binding in Third-party Libraries

    In summary, the insecure usage of JS Binding and JS Binding annotations in third-party libraries exposes many apps that contain these libraries to security risks.

    App developers and third-party library vendors often focus on new features and rich functionalities. However, this needs to be balanced with a consideration for security and privacy risks. We propose the following to the mobile application development and library vendor community:

    1. Third-party library vendors need to explicitly disclose security-sensitive features in their privacy policies and/or their app developer SDK guides.
    2. Third-party library vendors need to educate the app developers with information, knowledge, and best practices regarding security and privacy when leveraging their SDK.
    3. App developers need to use caution when leveraging third-party libraries, apply best practices on security and privacy, and in particular, avoid misusing vulnerable APIs or packages.
    4. When third-party libraries use JS Binding, we recommend using HTTPS for loading content.
    5. Since customers may have different requirements regarding security and privacy, apps with JS-Binding-Over-HTTP vulnerabilities and JS sidedoors can introduce risks to security-sensitive environments such as enterprise networks. FireEye Mobile Threat Prevention provides protection to our customers from these kinds of security threats.

      Acknowledgement

      We thank our team members Adrian Mettler and Zheng Bu for their help in writing this blog.

      Appendix A: JavaScript Code Snippets Served from InMobi Ad Servers

      a.takeCameraPicture = function () {

      utilityController.takeCameraPicture()

      };

      a.getGalleryImage = function () {

      utilityController.getGalleryImage()

      };

      a.makeCall = function (f) {

      try {

      utilityController.makeCall(f)

      } catch (d) {

      a.showAlert("makeCall: " + d)

      }

      };

      a.sendMail = function (f, d, b) {

      try {

      utilityController.sendMail(f, d, b)

      } catch (c) {

      a.showAlert("sendMail: " + c)

      }

      };

      a.sendSMS = function (f, d) {

      try {

      utilityController.sendSMS(f, d)

      } catch (b) {

      a.showAlert("sendSMS: " + b)

      }

      };

      a.postToSocial = function (a, c, b, e) {

      a = parseInt(a);

      isNaN(a) && window.mraid.broadcastEvent("error", "socialType must be an integer", "postToSocial");

      "string" != typeof c && (c = "");

      "string" != typeof b && (b = "");

      "string" != typeof e && (e = "");

      utilityController.postToSocial(a, c, b, e)

      };

      a.createCalendarEvent = function (a) {

      "object" != typeof a && window.mraid.broadcastEvent("error",

      "createCalendarEvent method expects parameter", "createCalendarEvent");

      "string" != typeof a.start || "string" != typeof a.end ?

      window.mraid.broadcastEvent("error",

      "createCalendarEvent method expects string parameters for start and end dates",

      "createCalendarEvent") :

      ("string" != typeof a.location && (a.location = ""),

      "string" != typeof a.description && (a.description = ""),

      utilityController.createCalendarEvent(a.start, a.end, a.location, a.description))

      };

      a.registerMicListener=function() {

      utilityController.registerMicListener()

      };

      Monitoring Vulnaggressive Apps on Google Play

      Vulnaggressive Characteristics in Mobile Apps and Libraries

      FireEye mobile security researchers have discovered a rapidly-growing class of mobile threats represented by popular ad libraries affecting apps with billions of downloads. These ad libraries are aggressive at collecting sensitive data and able to perform dangerous operations such as downloading and running new code on demand. They are also plagued with various classes of vulnerabilities that enable attackers to turn their aggressive behaviors against users. We coined the term “vulnaggressive” to describe this class of vulnerable and aggressive characteristics. We have published some of our findings in our two recent blogs about these threats: “Ad Vulna: A Vulnaggressive (Vulnerable & Aggressive) Adware Threatening Millions” and “Update: Ad Vulna Continues”.

      As we reported in our earlier blog “Update: Ad Vulna Continues”, we have observed that some vulnaggressive apps have been removed from Google Play, and some app developers have upgraded their apps to a more secure version either by removing the vulnaggressive libraries entirely or by upgrading the relevant libraries to a more secure version which address the security issues. However, many app developers are still not aware of these security issues and have not taken such needed steps. We need to make a community effort to help app developers and library vendors to be more aware of these security issues and address them in a timely fashion.

      To aid this community effort, we present the data to illustrate the changes over time as vulnaggressive apps are upgraded to a more secure version or removed from Google Play after our notification. We summarize our observations below, although we do not have specific information about the reasons that caused these changes we are reporting.

      We currently only show the chart for one such vulnaggressive library, AppLovin (previously referred to by us as Ad Vulna for anonymity). We will add the charts for other vulnaggressive libraries as we complete our notification/disclosure process and the corresponding libraries make available new versions that fix the issues.

      The Chart of Apps Affected by AppLovin

      AppLovin (Vulna)’s vulnerable versions include 3.x, 4.x and 5.0.x. AppLovin 5.1 fixed most of the reported security issues. We urge app developers to upgrade AppLovin to the latest version and ask their users to update their apps as soon as the newer versions are available.

      The figure below illustrates the change over time of the status of vulnerable apps affected by AppLovin on Google Play. In particular, we collect and depict the statistics of apps that we have observed on Google Play with at least 100k downloads and with at least one version containing the vulnerable versions of AppLovin starting September 20. Over time, a vulnerable app may be removed by Google Play (which we call “removed apps”, represented in gray), have a new version available on Google Play that addresses the security issues either by removing AppLovin entirely or by upgrading the embedded AppLovin to 5.1 or above (which we call “upgradable apps”, represented in green), or remain vulnerable (which we call “vulnerable apps”, represented in red), as shown in the legend in the chart.

      Please note that we started collecting the data of app removal from Google Play on October 20, 2013. Thus, any relevant app removal between September 20 and October 20 will be counted and shown on October 20. Also, for each app included in the chart, Google Play shows a range of its number of downloads, e.g., between 1M and 5M. We use the lower end of the range in our download count so the statistics we show are conservative estimates.

      applovin1117

      We are glad to see that over time, many vulnerable apps have been either removed from Google Play or have more secure versions available on Google Play. However, apps with hundreds of millions of downloads in total still remain vulnerable. In addition, note that while removing vulnaggressive apps from Google Play prevents more people from being affected, the millions of devices that already downloaded them remain vulnerable since they are not automatically removed from the devices. Furthermore, because many users do not update their downloaded apps often and older versions of Android do not auto-update apps, even after the new, more secure version of a vulnerable app is available on Google Play, millions of users of these apps will remain vulnerable until they update to the new versions of these apps on their devices. FireEye recently announced FireEye Mobile Threat Prevention. It is uniquely capable of protecting its customers from such threats.