Quick Heal Security Labs recently spotted multiple Fake Antivirus Apps on Google Play Store. What’s more alarming, is that one of these fake AV Apps has been downloaded 100000+ times already. These Apps appear to be genuine Anti-virus/virus-removal Apps with names like Virus Cleaner, Antivirus security, etc., but do not…
With over 2.4 billion monthly active users, Facebook is the biggest social network worldwide. And with so many users come tons of data, including some personal information that may now potentially be exposed. According to TechCrunch, a security researcher found an online database exposing 419 million user phone numbers linked to Facebook accounts.
It appears that the exposed server wasn’t password-protected, meaning that anyone with internet access could find the database. This server held records containing a user’s unique Facebook ID and the phone number associated with the account. In some cases, records also revealed the user’s name, gender, and location by country. TechCrunch was able to verify several records in the database by matching a known Facebook user’s phone number with their listed Facebook ID. Additionally, TechCrunch was able to match some phone numbers against Facebook’s password reset feature, which partially reveals a user’s phone number linked to their account.
It’s been over a year since Facebook restricted public access to users’ phone numbers. And although the owner of the database wasn’t found, it was pulled offline after the web host was contacted. Even though there has been no evidence that the Facebook accounts were compromised as a result of this breach, it’s important for users to do everything they can to protect their data. Here are some tips to keep in your cybersecurity arsenal:
- Change your password. Most people will rotate between the same three passwords for all of their accounts. While this makes it easier to remember your credentials, it also makes it easier for hackers to access more than one of your accounts. Try using a unique password for every one of your accounts or employ a password manager.
- Enable two-factor authentication. While a strong and unique password is a good first line of defense, enabling app-based two-factor authentication across your accounts will help your cause by providing an added layer of security.
The post Attention Facebook Users: Here’s What You Need to Know About the Recent Breach appeared first on McAfee Blogs.
iPhone hacks have often been considered by some to be a rare occurrence. However, a group of Google researchers recently discovered that someone has been exploiting multiple iPhone vulnerabilities for the last two years. How? Simply by getting users to visit a website.
How exactly does this exploitation campaign work? According to WIRED, researchers revealed a handful of websites that had assembled five exploit chains. These exploit chains are tools that link security vulnerabilities together and allow a hacker to penetrate each layer of iOS digital protections. This campaign took advantage of 14 security flaws, resulting in the attacker gaining complete control over a user’s phone. Researchers state that these malicious sites were programmed to assess the Apple devices that loaded them and compromise the devices with powerful monitoring malware if possible. Once the malware was installed, it could monitor live location data, grab photos, contacts, passwords, or other sensitive information from the iOS Keychain.
So, what makes this attack unique? For starters, this exploitation campaign hides in plain sight, uploading information without any encryption. If a user monitored their network traffic, they would notice activity as their data was being uploaded to the hacker’s server. Additionally, a user would be able to see suspicious activity if they connected their device to their computer and reviewed console logs. Console logs show the codes for the programs being run on the device. However, since this method would require a user to take the extra step of plugging their iPhone into a computer, it’s highly unlikely that they would notice the suspicious activity.
Although iOS exploits usually require a variety of complexities to be successful, this exploitation campaign proves that iOS hacking is very much alive and kicking. So, what can Apple users do to help ward off these kinds of attacks? Here’s how you can help keep your device secure:
- Install automatic updates. In your device settings, choose to have automatic updates installed on your device. This will ensure that you have the latest security patches for vulnerabilities like the ones leveraged in these exploit chains as soon as they’re available.
The post iPhone Users: Here’s What You Need to Know About the Latest iOS Hacks appeared first on McAfee Blogs.
Malware detections for iOS increased, as did the number of vulnerabilities detected in this operating system, while in the case of Android, the number of reported vulnerabilities decreased, although the number of highly critical bugs reported increased.
Nowadays, the mobile phone industry is growing every year and it also uses more advanced technology, applications, and features. Even so, still it became prone to hacking, malwares and even scamming that many people should be aware of. That is mainly because hackers and scammers target millions of mobile users to become a victim.
That is why it is highly recommended to search for the best mobile antivirus and install it on your mobile phone for your security and protection purposes. There are lots of software applications that could be perfect for your mobile phones and even applicable to your tablets or laptops too. You can find free and paid security antivirus apps that you can use for your mobile security. You can find more if you will continue reading.
Why you should install a mobile security app?
Since smartphones have Internet access, it becomes open to any kind of hacking, viruses, and malware, if you are not fully aware of protecting or securing it.
If not secured with any mobile protection apps, your smartphones, tablets and even laptops could be accessible to hackers and scammers. The results could be an annoyance and hassle for you that there is a possibility of deleting all your information, hacking your accounts, data breaching, and worst is scamming. Of course, you do not want this to happen to you.
Thus, it is highly recommended to always make your smartphones or tablets to be updated with its recent software apps. This could help you to fix and repair the system of your mobile phones as well as updating the old into a more advanced and secure system.
Always do the backup for your important information such as videos, photos, files, etc. Also, I have given an example of the built-in security protection for your Apple iOS and to your Google Android smartphones below.
Do you need mobile antivirus for your Android?
Yes, you will need one, either free or paid antivirus app, you need to make your Android devices be secure and protected from viruses and malware.
Even though Google Play Protect is the best features that makes your mobile phones virus-free, still it is highly recommended to have the best mobile protection app for your Android. The Google Play Protect is a security center that you can easily download legal or compatible applications for your smartphones.
It does not support any apps that are not trusted as well as not compatible with its software applications. This is perfect because it automatically works on without requiring the users to switching it on or off. Despite that this Google Play Protect was designed for protection in Android, still, some users have experienced slow detection of malware and viruses on their smartphones.
Do you also need a mobile security app for your Apple iOS?
Apple iOS is more impenetrable compared to the Androids devices. That is because of the Apple iOS built-in security protection that is being implemented and administered by Apple. It offers more locked down features compared to Android mobile phones. Also, all of its software applications come at Apple’s App Store where they have first checked the apps for the security of its users.
It is not highly recommended to use iPhone protection app, free or paid to your Apple iOS, but it is needed that your iPhones should be updated with the latest software or app updates. Also, you need to be aware of some scamming operations online such as the entering on the fake e-commerce or shopping websites that only uses your information to scam your accounts.
What are the best mobile security brands best for your mobile phones?
If you are looking for the best mobile software app brand, then you should consider checking out the big brands of PC antivirus software too. They also offer mobile security apps just like on their PC security protection software. Such examples of the big security software brands are the Bitdefender, Avast, McAfee, Norton, Trend Micro and Kaspersky. There are some offers also on unpopular mobile security brands such as the 360 Security, Lookout, and Webroot.
Usually, these brands offers paid or premium security software packages that prices range from £5 up to £50. You can also choose or try the free antivirus security that they offer. Usually, brands such as Webroot Security Free, Avira Antivirus Security 2018, Norton Security and Antivirus, Bitdefender Antivirus Free, and Sophos Mobile Security offers free mobile security packages.
But if you are looking for the best and extra protection for your mobile phones, then go for the paid packages because surely you will be securely protected by its specific features and protections. You can always choose to try free mobile protection apps for your mobile phones. At least, you are aware that there is a free installed antivirus that reminds you to not getting involved on that website because of malware being found on it.
Do you need to choose the paid mobile security package?
The answer is it depends on you. If you think your Android or Apple mobile devices are too important or too valuable for you, then surely choosing the paid mobile protection app is your choice. Paid or premium packages offers more security features compared to free package offers. Usually, they come with more useful and helpful features just like cloud-based or online back-ups of your important information and even eliminating stolen mobile devices.
Free mobile security apps that come from popular software brands such as Avast, BitDefender, McAfee, Lookout, and AVG offers great basic features that are useful to its users. If you are just looking for protection against malware, then these free antivirus app could perform great because it offers basic tools to detect malware sites. Only, you need to know that these free antivirus apps have limitations on time and features. Thus, just in case you are not happy with its service, then you can always check the options of the paid or premium packages they offered.
You can always find different user reviews online for the best free and paid mobile software apps.
So, what are the different mobile antivirus features that premium apps offer?
Here are some examples of the best features that surely you will find it useful for your mobile security and protection:
Anti-phishing – detects unreliable websites and preventing you from accessing it because it might harm your device or breach data.
App lock – provides password lock that can protect your mobile device from its different users.
Backup – backup your files and other important information through saving it on cloud storage and even to your mobile device. Usually, this backup feature happens when you schedule it doing it when you will perform the remote wipe. This can be restored only on the compatible device.
Call/SMS blocking – filtering out and blocking the voice and text messages if they come from suspicious numbers.
Parental controls – prevents to access parental guidance content.
Privacy adviser – checking out the different applications that you download to your device and scanning it to determine which one requires more access.
Remote location – you can find your mobile device location on a map through the GPS.
Remote lock – this features prevents unauthorized access to your mobile device through locking it down remotely through SMS or web interface. Other app features offer more customized screen lock information that might display the contact information of the owner for a safe return.
Remote photo – this feature helps you to identify unauthorized users of your mobile device through taking pictures and sending it back to your email or through taking pictures if the wrong password failed many times.
Remote wipe – wiping all the contacts, photos, calendars, memory card and other important information in your mobile device just in case it was lost to preserve your privacy of information.
SIM lock – locking down your mobile device when the time that your sim card is being removed.
Uninstall protection – This will prevent hackers to bypass your installed mobile security software and to delete all your data. It requires a password to delete the applications.
The post Best Mobile Antivirus Guide – What You Should Know About Mobile Security App? appeared first on .
Many of us use Bluetooth technology for its convenience and sharing capabilities. Whether you’re using wireless headphones or quickly Airdropping photos to your friend, Bluetooth has a variety of benefits that users take advantage of every day. But like many other technologies, Bluetooth isn’t immune to cyberattacks. According to Ars Technica, researchers have recently discovered a weakness in the Bluetooth wireless standard that could allow attackers to intercept device keystrokes, contact lists, and other sensitive data sent from billions of devices.
The Key Negotiation of Bluetooth attack, or “KNOB” for short, exploits this weakness by forcing two or more devices to choose an encryption key just a single byte in length before establishing a Bluetooth connection, allowing attackers within radio range to quickly crack the key and access users’ data. From there, hackers can use the cracked key to decrypt data passed between devices, including keystrokes from messages, address books uploaded from a smartphone to a car dashboard, and photos.
What makes KNOB so stealthy? For starters, the attack doesn’t require a hacker to have any previously shared secret material or to observe the pairing process of the targeted devices. Additionally, the exploit keeps itself hidden from Bluetooth apps and the operating systems they run on, making it very difficult to spot the attack.
While the Bluetooth Special Interest Group (the body that oversees the wireless standard) has not yet provided a fix, there are still several ways users can protect themselves from this threat. Follow these tips to help keep your Bluetooth-compatible devices secure:
- Adjust your Bluetooth settings. To avoid this attack altogether, turn off Bluetooth in your device settings.
- Beware of what you share. Make it a habit to not share sensitive, personal information over Bluetooth.
- Turn on automatic updates. A handful of companies, including Microsoft, Apple, and Google, have released patches to mitigate this vulnerability. To ensure that you have the latest security patches for vulnerabilities such as this, turn on automatic updates in your device settings.
The post Boost Your Bluetooth Security: 3 Tips to Prevent KNOB Attacks appeared first on McAfee Blogs.
Quick Heal Security Lab spotted 27 malicious apps of dropper category on official “Google Play Store”. These apps have been removed from Play Store after Quick Heal Security Lab reported it to Google last week. These apps continuously show installation prompt for fake “Google Play Store”. If any user falls…
A new banking trojan has emerged and is going after users’ Android devices. Dubbed Cerberus, this remote access trojan allows a distant attacker to take over an infected Android device, giving the attacker the ability to conduct overlay attacks, gain SMS control, and harvest the victim’s contact list. What’s more, the author of the Cerberus malware has decided to rent out the banking trojan to other cybercriminals as a means to spread these attacks.
According to The Hacker News, the author claims that this malware was completely written from scratch and doesn’t reuse code from other existing banking trojans. Researchers who analyzed a sample of the Cerberus trojan found that it has a pretty common list of features including the ability to take screenshots, hijacking SMS messages, stealing contact lists, stealing account credentials, and more.
When an Android device becomes infected with the Cerberus trojan, the malware hides its icon from the application drawer. Then, it disguises itself as Flash Player Service to gain accessibility permission. If permission is granted, Cerberus will automatically register the compromised device to its command-and-control server, allowing the attacker to control the device remotely. To steal a victim’s credit card number or banking information, Cerberus launches remote screen overlay attacks. This type of attack displays an overlay on top of legitimate mobile banking apps and tricks users into entering their credentials onto a fake login screen. What’s more, Cerberus has already developed overlay attacks for a total of 30 unique targets and banking apps.
So, what can Android users do to secure their devices from the Cerberus banking trojan? Check out the following tips to help keep your financial data safe:
- Be careful what you download.Cerberus malware relies on social engineering tactics to make its way onto a victim’s device. Therefore, think twice about what you download or even plug into your device.
- Click with caution.Only click on links from trusted sources. If you receive an email or text message from an unknown sender asking you to click on a suspicious link, stay cautious and avoid interacting with the message altogether.
- Use comprehensive security. Whether you’re using a mobile banking app on your phone or browsing the internet on your desktop, it’s important to safeguard all of your devices with an extra layer of security. Use robust security software like McAfee Total Protection so you can connect with confidence.
The post The Cerberus Banking Trojan: 3 Tips to Secure Your Financial Data appeared first on McAfee Blogs.
5G has been nearly a decade in the making but has really dominated the mobile conversation in the last year or so. This isn’t surprising considering the potential benefits this new type of network will provide to organizations and users alike. However, just like with any new technological advancement, there are a lot of questions being asked and uncertainties being raised around accessibility, as well as cybersecurity. The introduction of this next-generation network could bring more avenues for potential cyberthreats, potentially increasing the likelihood of denial-of-service, or DDoS, attacks due to the sheer number of connected devices. However, as valid as these concerns may be, we may be getting a bit ahead of ourselves here. While 5G has gone from an idea to a reality in a short amount of time for a handful of cities, these advancements haven’t happened without a series of setbacks and speedbumps.
In April 2019, Verizon was the first to launch a next-generation network, with other cellular carriers following closely behind. While a technological milestone in and of itself, some 5G networks are only available in select cities, even limited to just specific parts of the city. Beyond the not-so widespread availability of 5G, internet speeds of the network have performed at a multitude of levels depending on the cellular carrier. Even if users are located in a 5G-enabled area, if they are without a 5G-enabled phone they will not be able to access all the benefits the network provides. These three factors – user location, network limitation of certain wireless carriers, and availability of 5G-enabled smartphones – must align for users to take full advantage of this exciting innovation.
While there is still a lot of uncertainty surrounding the future of 5G, as well as what cyberthreats may emerge as a result of its rollout, there are a few things users can do to prepare for the transition. To get your cybersecurity priorities in order, take a look at our 5G preparedness toolkit to ensure you’re prepared when the nationwide roll-out happens:
- Follow the news. Since the announcement of a 5G enabled network, stories surrounding the network’s development and updates have been at the forefront of the technology conversation. Be sure to read up on all the latest to ensure you are well-informed to make decisions about whether 5G is something you want to be a part of now or in the future.
- Do your research. With new 5G-enabled smartphones about to hit the market, ensure you pick the right one for you, as well as one that aligns with your cybersecurity priorities. The right decision for you might be to keep your 4G-enabled phone while the kinks and vulnerabilities of 5G get worked out. Just be sure that you are fully informed before making the switch and that all of your devices are protected.
- Be sure to update your IoT devices factory settings. 5G will enable more and more IoT products to come online, and most of these connected products aren’t necessarily designed to be “security first.” A device may be vulnerable as soon as the box is opened, and many cybercriminals know how to get into vulnerable IoT devices via default settings. By changing the factory settings, you can instantly upgrade your device’s security and ensure your home network is secure.
- Add an extra layer of security.As mentioned, with 5G creating more avenues for potential cyberthreats, it is a good idea to invest in comprehensive mobile security to apply to all of your devices to stay secure while on-the-go or at home.
With summer coming to a close, it’s almost time for back to school! Back to school season is an exciting time for students, especially college students, as they take their first steps towards independence and embark on journeys that will shape the rest of their lives. As students across the country prepare to start or return to college, we here at McAfee have revealed new findings indicating that many are not proactively protecting their academic data. Here are the key takeaways from our survey of 1,000 Americans, ages 18-25, who attend or have attended college:
Education Needs to Go Beyond the Normal Curriculum
While many students are focused on classes like biology and business management, very few get the proper exposure to cybersecurity knowledge. 80% of students have been affected by a cyberattack or know a friend or family member who has been affected. However, 43% claim that they don’t think they will ever be a victim of a cybercrime in the future.
Educational institutions are very careful to promote physical safety, but what about cyber safety? It turns out only 36% of American students claim that they have learned how to keep personal information safe through school resources. According to 42% of our respondents, they learn the most about cybersecurity from the news. To help improve cybersecurity education in colleges and universities, these institutions should take a certain level of responsibility when it comes to training students on how they can help keep their precious academic data safe from cybercriminals.
Take Notes on Device Security
Believe it or not, many students fail to secure all of their devices, opening them up to even more vulnerabilities. While half of students have security software installed on their personal computers, this isn’t the case for their tablets or smartphones. Only 37% of students surveyed have smartphone protection, and only 13% have tablet protection. What’s more, about one in five (21%) students don’t use any cybersecurity products at all.
Class Dismissed: Cyberattacks Targeting Education Are on the Rise
According to data from McAfee Labs, cyberattacks targeting education in Q1 2019 have increased by 50% from Q4 2018. The combination of many students being uneducated in proper cybersecurity hygiene and the vast array of shared networks that these students are simultaneously logged onto gives cybercriminals plenty of opportunities to exploit when it comes to targeting universities. Some of the attacks utilized include account hijacking and malware, which made up more than 70% of attacks on these institutions from January to May of 2019. And even though these attacks are on the rise, 90% of American students still use public Wi-Fi and only 18% use a VPN to protect their devices.
Become a Cybersecurity Scholar
In order to go into this school year with confidence, students should remember these security tips:
- Never reuse passwords. Use a unique password for each one of your accounts, even if it’s for an account that doesn’t hold a lot of personal information. You can also use a password manager so you don’t have to worry about remembering various logins.
- Always set privacy and security settings. Anyone with access to the internet can view your social media if it’s public. Protect your identity by turning your profiles to private so you can control who can follow you. You should also take the time to understand the various security and privacy settings to see which work best for your lifestyle.
- Use the cloud with caution. If you plan on storing your documents in the cloud, be sure to set up an additional layer of access security. One way of doing this is through two-factor authentication.
- Always connect with caution. If you need to conduct transactions on a public Wi-Fi connection, use a virtual private network (VPN) to keep your connection secure.
- Discuss cyber safety often. It’s just as important for families to discuss cyber safety as it is for them to discuss privacy on social media. Talk to your family about ways to identify phishing scams, what to do if you may have been involved in a data breach, and invest in security software that scans for malware and untrusted sites.
The post Dorms, Degrees, and Data Security: Prepare Your Devices for Back to School Season appeared first on McAfee Blogs.
Global messaging giant WhatsApp turned 10 years old this year. It’s not unusual for companies to provide loyal customers or members with gifts to show their appreciation during these milestones. Unfortunately, cybercriminals are using this as a ploy to carry out their malicious schemes. According to Forbes, security researchers have discovered a fraudulent message promising users 1000GB of free internet data, which is a scam bringing in ad click revenue for cybercriminals.
Let’s dive into the details of this suspicious message. The text reads “WhatsApp Offers 1000GB Free Internet!” and includes a link to click on for more details. However, the link provided doesn’t use an official WhatsApp domain. Many users might find this confusing since some businesses do run their promotions through third-party organizations. Forbes states that once a user clicks on the link, they are taken to a landing page that reads “We offer you 1000 GB free internet without Wi-Fi! On the occasion of our 10th anniversary of WhatsApp.” To make the user feel like they need to act fast, the landing page also displays a bright yellow countdown sticker warning that there are a limited number of awards left.
As of now, it doesn’t appear that the link spreads malware or scrapes users’ personal information. However, the scam could eventually evolve into a phishing tactic. Additionally, the more users click on the fraudulent link, the more the cybercriminals behind this scheme rack up bogus ad clicks. This ultimately brings in revenue for the cybercrooks, encouraging them to continue creating these types of scams. For example, the domain being used by the scammers behind the WhatsApp message also hosts other fake brand-led promotional offers for Adidas, Nestle, Rolex, and more.
So, what can users do to prevent falling for these phony ads? Check out the following tips to help you stay secure:
- Avoid interacting with suspicious messages. Err on the side of caution and don’t respond to direct messages from a company that seems out of the ordinary. If you want to know if a company is participating in a promotional offer, it is best to go directly to their official site to get more information.
- Be careful what you click on.If you receive a message in an unfamiliar language, one that contains typos, or one that makes claims that seem too good to be true, avoid clicking on any attached links.
- Stay secure while you browse online. Security solutions like McAfee WebAdvisor can help safeguard you from malware and warn you of phishing attempts so you can connect with confidence.
The post Be Wary of WhatsApp Messages Offering 1000GB of Free Data appeared first on McAfee Blogs.
9 out of 10 children in the U.S. between the ages of six and twelve have access to smart devices. And while parents know it’s important for their children to learn to use technology in today’s digital world, 75% want more visibility into their kids’ digital activities. This is precisely why Facebook designed Messenger Kids to empower parents to monitor their children’s safety online. However, the popular social media platform had to recently warn users of a security issue within this app for kids.
The central benefit of Messenger Kids is that children can only chat with other users their parents approve of. Yet one design flaw within the group chat feature prevented Facebook from upholding this rule. Children who started a group chat could include any of their approved connections in the conversation, even if a user was not authorized to message the other kids in the chat. As a result, thousands of children were able to connect with users their parents weren’t aware of via this flaw.
Luckily, Facebook removed the unauthorized group chats and flagged the issue to all affected users, promising that that potentially unsafe chats won’t happen again. While Facebook has not yet made a formal public response, they confirmed the bug to The Verge:
“We recently notified some parents of Messenger Kids account users about a technical error that we detected affecting a small number of group chats. We turned off the affected chats and provided parents with additional resources on Messenger Kids and online safety.”
Now, Facebook is currently working on still resolving the bug itself. However, there are still many actions parents can take to ensure that their child is safe on Facebook Messenger, and social media apps in general. Start by following these four best practices to secure your kid’s online presence:
- Turn on automatic app updates on your child’s device. Updates usually include new and improved app features that your child will be excited to try. But more importantly, they tend to account for security bugs. Delaying updates can leave apps vulnerable to cybercriminals and turning on automatic app updates ensures that you don’t have to worry about missing one.
- Get educated. Some parents find it helpful to use the same apps as their child to better understand how it works and what safety threats might be relevant. Facebook also offers resources online that provide guidance for staying safe, such as how and when to block a user and what kind of content is or isn’t risky to share. Additionally, it’s always a best practice to read the terms and conditions of an app before downloading to make sure you’re aware of what your child is signing up for.
- Keep an open dialogue about online safety. It’s important to discuss your child’s online activities with them and walk them through best internet practices, such as changing passwords every so often and not clicking on links from unknown sources. That way, they’ll be better prepared for potential cyberthreats. Making the internet a part of the conversion will also help your child feel comfortable coming to you about things they might be skeptical about online.
- Consider leveraging a security solution with parental controls. Depending on your child’s age and how much of a window you want into their online behaviors, you can leverage a solution such as McAfee Safe Family that can be helpful for creating a safe online environment. You can block certain websites and create predefined rules, which will help prevent your child from sharing comprising information.
The post 4 Ways for Parents to Handle the Facebook Messenger Bug appeared first on McAfee Blogs.
With over 2.5 billion monthly active users that have accumulated since its fruition, Android has seen massive growth over the last 10 years. With so many users, it’s no wonder why cybercriminals continuously look to exploit Android devices. In fact, 25 million Android users have recently been hit with a new malware.
Dubbed Agent Smith, this cyberthreat sneaks onto a user’s device when the user downloads a malicious app from the app store, like a photo utility or game app. The app then silently installs the malware disguised as a legitimate Google updating tool. However, no updating icon appears on the screen, making the user oblivious to their device being in danger. Once installed, the malware replaces legitimate apps on the user’s phone, such as WhatsApp, with an evil update that serves bad ads. According to security researchers, the ads themselves aren’t malicious. But if a victim accidentally clicks on the ad, the hackers can make money from these ad fraud schemes. What’s more, there’s potential that these bad ads aren’t limited to just WhatsApp and could be found on other platforms as well.
So, what can Android users do to prevent this malware from sneaking onto their device? Check out the following tips to help stay secure:
- Be wary of WhatsApp ads. Android users should take action if they experience advertisements displayed at strange times, such as when they open WhatsApp. The legitimate WhatsApp does not serve ads, so if you experience ads on this platform your device might have been infected.
- Look out for suspicious apps. Check the apps and notifications section of your Android settings. If you see suspicious apps with names such as Google Updater, Google Installer for U, Google Powers, and Google Installer, uninstall these apps right away.
- Stay away from unofficial Android stores. Google has extra precautions designed to prevent malware from getting onto the official Android store website, so only downloading apps from there could help protect you.
- Use a security solution. A solution like McAfee Mobile Security can help Android users stay protected from threats like mobile malware. It also provides a free antivirus cleaner and phone security app to protect your online privacy and enhance device performance.
The post Is Your WhatsApp Being Weird? You May Need to Check For Hidden Malware appeared first on McAfee Blogs.
If you’re an avid Instagram user, chances are you’ve come across some accounts with a little blue checkmark next to the username. This little blue tick is Instagram’s indication that the account is verified. While it may seem insignificant at first glance, this badge actually means that Instagram has confirmed that the account is an authentic page of a public figure, celebrity, or global brand. In today’s world of social media influencers, receiving a verified badge is desirable so other users know you’re a significant figure on the platform. However, cybercriminals are taking advantage of the appeal of being Instagram verified as a way to convince users to hand over their credentials.
So, how do cybercriminals carry out this scheme? According to security researcher Luke Leal, this scam was distributed as a phishing page through Instagram. The page resembled a legitimate Instagram submission page, prompting victims to apply for verification. After clicking on the “Apply Now” button, victims were taken to a series of phishing forms with the domain “Instagramforbusiness[.]info.” These forms asked users for their Instagram logins as well as confirmation of their email and password credentials. However, if the victim submitted the form, their Instagram credentials would make their way into the cybercriminal’s email inbox. With this information, the cybercrooks would have unauthorized access to the victim’s social media page. What’s more, since this particular phishing scam targets a user’s associated email login, hackers would have the capability of resetting and verifying ownership of the victim’s account.
Whether you’re in search of an Instagram verification badge or not, it’s important to be mindful of your cybersecurity. And with Social Media Day right around the corner, check out these tips to keep your online profiles protected from phishing and other cyberattacks:
- Exercise caution when inspecting links. If you examine the link used for this scam (Instagramforbusiness[.]info), you can see that it is not actually affiliated with Instagram.com. Additionally, it doesn’t use the secure HTTPS protocol, indicating that it is a risky link. Always inspect a URL before you click on it. And if you can’t tell whether a link is malicious or not, it’s best to avoid interacting with it altogether.
- Don’t fall for phony pages. If you or a family member is in search of a verified badge for their Instagram profile, make sure they are familiar with the process. Instagram users should go into their own account settings and click on “Request on verification” if they are looking to become verified. Note that Instagram will not ask for your email or password during this process, but will send you a verification link via email instead.
- Reset your password. If you suspect that a hacker is attempting to gain control of your account, play it safe by resetting your password.
The post #Verified or Phishing Victim? 3 Tips to Protect Your Instagram Account appeared first on McAfee Blogs.
More often than not, commuters and travelers alike want to get to their destination quickly and easily. The advent of wearable payments helps make this a reality, as passengers don’t have to pull out a wallet or phone to pay for entry. Adding to that, users are quickly adopting wearable technology that has this payment technology embedded, causing transportation systems to take notice and adopt corresponding technology as a result. Unfortunately, there’s a chance this rapid adoption may catch the eye of cybercriminals as well.
Just last month, the New York City Subway system introduced turnstiles that open with a simple wave of a wearable, like an Apple Watch or Fitbit. Wearables may provide convenience and ease, but they also provide an open door to cybercriminals. With more connections to secure, there are more vectors for vulnerabilities and potential cyberthreats. This is especially the case with wearables, which often don’t have security built-in from the start.
App developers and manufacturers are hard-pressed to keep up with innovation, so security isn’t always top of mind, which puts user data at risk. As one of the most valuable things cybercriminals can get ahold of, the data stored on wearables can be used for a variety of purposes. These threats include phishing, gaining access to online accounts, or transferring money illegally. While the possibility of these threats looms, the adoption of wearables shows no sign of slowing down, with an estimated 1.1 billion in use by 2022. This means developers, manufacturers, and users need to work together in order to keep these handy gadgets secure and cybercriminals out.
Both consumers and transport systems need to be cautious of how wearables can be used to help, or hinder, us in the near future. Rest assured, even if cybercriminals utilize this technology, McAfee’s security strategy will continue to keep pace with the ever-changing threat landscape. In the meantime, consider these tips to stay secure while traveling to your destination:
- Always keep your software and apps up-to-date.It’s a best practice to update software and apps when prompted to help fix vulnerabilities when they’re found.
- Add an extra layer of security. Since wearables connect to smartphones, if it becomes infected, there is a good chance the connected smartphone will be impacted as well. Invest in comprehensive mobile security to apply to your mobile devices to stay secure while on-the-go.
- Clear your data cache. As previously mentioned, wearables hold a lot of data. Be sure to clear your cache every so often to ensure it doesn’t fall into the wrong hands.
- Avoid storing critical information. Social Security Numbers (SSN), bank account numbers, and addresses do not need to be stored on your wearable. And if you’re making an online purchase, do so on a laptop with a secure connection.
- Connect to public Wi-Fi with caution. Cybercriminals can use unsecured public Wi-Fi as a foothold into a wearable. If you need to connect to public Wi-Fi, use a virtual private network, or VPN, to stay secure.
You’ve probably heard of Venmo, the quick and convenient peer-to-peer mobile payments app. From splitting the check when eating out with friends to dividing the cost of bills, Venmo is an incredibly easy way to share money. However, users’ comfort with the app can sometimes result in a few negligent security practices. In fact, computer science student Dan Salmon recently scraped seven million Venmo transactions to prove that users’ public activity can be easily obtained if they don’t have the right security settings flipped on. Let’s explore his findings.
By scraping the company’s developer API, Salmon was able to download millions of transactions across a six-month span. That means he was able to see who sent money to who, when they sent it, and why – just as long as the transaction was set to “public.” Mind you, Salmon’s download comes just a year after that of a German researcher, who downloaded over 200 million transactions from the public-by-default app last year.
These data scrapes, if anything, act as a demonstration. They prove to users just how crucial it is to set up online mobile payment apps with caution and care. Therefore, if you’re a Venmo or other mobile payment app user, make sure to follow these tips in order to keep your information secure:
- Set your settings to “private” immediately. Only the sender and receiver should know about a monetary transaction in the works. So, whenever you go to send money on Venmo or any other mobile payment app, make sure the transaction is set to “private.” For Venmo users specifically, you can flip from “public” to “private” by just toggling the setting at the bottom right corner of main “Pay or Request” page.
- Limit the amount of data you share. Just because something is designed to be social doesn’t mean it should become a treasure trove of personal data. No matter the type of transaction you’re making, always try to limit the amount of personal information you include in the corresponding message. That way, any potential cybercriminals out there won’t be able to learn about your spending habits.
- Add on extra layers of security. Beyond flipping on the right in-app security settings, it’s important to take any extra precautions you can when it comes to protecting your financial data. Create complex logins to your mobile payment apps, participate in biometric options if available, and ensure your mobile device itself has a passcode as well. This will all help ensure no one has access to your money but you.
The post 3 Tips Venmo Users Should Follow to Keep Their Transactions Secure appeared first on McAfee Blogs.
If you’re an avid gamer or know someone who is, you might be familiar with the retro gaming site Emuparadise. This website boasts a large community, a vast collection of gaming music, game-related videos, game guides, magazines, comics, video game translations, and more. Unfortunately, news just broke that Emuparadise recently suffered a data breach in April 2018, exposing the data of about 1.1 million of their forum members.
The operators of the hacked-database search engine, DeHashed, shared this compromised data with the data breach reference site Have I Been Pwned. According to the site’s owner Troy Hunt, the breach impacted 1,131,229 accounts and involved stolen email addresses, IP addresses, usernames, and passwords stored as salted MD5 hashes. Password salting is a process of securing passwords by inputting unique, random data to users’ passwords. However, the MD5 algorithm is no longer considered sufficient for protecting passwords, creating cause for cybersecurity concern.
Emuparadise forced a credential reset after the breach occurred in April 2018. It’s important that users of Emuparadise games take steps to help protect their private information. If you know someone who’s an avid gamer, pass along the following tips to help safeguard their security:
- Change up your password. If you have an Emuparadise account, you should change up your account password and email password immediately. Make sure the next one you create is strong and unique so it’s more difficult for cybercriminals to crack. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the better!
- Keep an eye out for sketchy emails and messages. Cybercriminals can leverage stolen information for phishing emails and social engineering scams. If you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided.
- Check to see if you’ve been affected. If you or someone you know has made an Emuparadise account, use this tool to check if you could have been potentially affected.
For as long as you’ve had a phone, you’ve probably experienced in one form or another a robocall. These days it seems like they are only becoming more prevalent too. In fact, it was recently reported that robocall scams surged to 85 million globally, up 325% from 2017. While these scams vary by country, the most common type features the impersonation of legitimate organizations — like global tech companies, big banks, or the IRS — with the goal of acquiring user data and money. When a robocall hits, users need to be careful to ensure their personal information is protected.
It’s almost impossible not to feel anxious when receiving a robocall. Whether the calls are just annoying, or a cybercriminal uses the call to scam consumers out of cash or information, this scheme is a big headache for all. To combat robocalls, there has been an uptick in apps and government intervention dedicated to fighting this ever-present annoyance. Unfortunately, things don’t seem to be getting better — while some savvy users are successful at avoiding these schemes, there are still plenty of other vulnerable targets.
Falling into a cybercriminal’s robocall trap can happen for a few reasons. First off, many users don’t know that if they answer a robocall, they may trigger more as a result. That’s because, once a user answers, hackers know there is someone on the other end of the phone line and they have an incentive to keep calling. Cybercriminals also have the ability to spoof numbers, mimic voices, and provide “concrete” background information that makes them sound legitimate. Lastly, it might surprise you to learn that robocalls are actually perfectly legal. It starts to become a grey area, however, when calls come through from predatory callers who are operating on a not-so-legal basis.
While government agencies, like the Federal Communications Commission and Federal Trade Commission, do their part to curb robocalls, the fight to stop robocalls is far from over, and more can always be done. Here are some proactive ways you can say so long to pesky scammers calling your phone.
- There’s an app for that. Consider downloading the app Robokiller that will stop robocalls before you even pick up. The app’s block list is constantly updating, so you’re protected.
- Let unknown calls go to voicemail. Unless you recognize the number, don’t answer your phone.
- Never share personal details over the phone. Unfortunately, there’s a chance that cybercriminals may have previously obtained some of your personal information from other sources to bolster their scheme. However, do not provide any further personal or financial information over the phone, like SSNs or credit card information.
- Register for the FCC’s “Do Not Call” list. This can help keep you protected from cybercriminals and telemarketers alike by keeping your number off of their lists.
- Consider a comprehensive mobile security platform. Utilize the call blocker capability feature from McAfee Mobile Security. This tool can help reduce the number of calls that come through.
Apps not only provide users with a form of entertainment, but they also help us become more efficient or learn new things. One such app is Game Golf, which comes as a free app, a paid pro version with coaching tools, or with a wearable analyzer. With over 50,000 downloads on Google Play, the app helps golfers track their on-course performance and use the data to help improve their game. Unfortunately, millions of golfer records from the Game Golf app were recently exposed to anyone with an internet connection, thanks to a cloud database lacking password protection.
According to researchers, this exposure consisted of millions of records, including details on 134 million rounds of golf, 4.9 million user notifications, and 19.2 million records in an activity feed folder. Additionally, the database contained profile data like usernames, hashed passwords, emails, gender, Facebook IDs, and authorization tokens. The database also contained network information for the company behind the Game Golf app, Game Your Game Inc., including IP addresses, ports, pathways, and storage information that cybercrooks could potentially exploit to further access the network. A combination of all of this data could theoretically provide cybercriminals with more information on the user, creating greater privacy concerns. Thankfully, the database was secured about two weeks after the company was initially notified of the exposure.
Although it is still unclear as to whether cybercriminals took a swing at this data, the magnitude of the information exposed by the app is cause for concern. Luckily, users can follow these tips to help safeguard their data:
- Change your passwords. If a cybercriminal got a hold of the exposed data, they could easily gain access into other online accounts if your login credentials were the same across different platforms. Err on the side of caution and change your passwords to something strong and unique for each account.
- Check to see if you’ve been affected. If you’ve used the Game Golf app and believe your data might have been exposed, use this tool to check or set an alert to be notified of other potential exposures.
- Secure your online profiles. Use a security solution like McAfee Safe Connect to encrypt your online activity, help protect your privacy by hiding your IP address, and better defend against cybercriminals.
The post Game Golf Exposure Leaves Users in a Sand Trap of Data Concerns appeared first on McAfee Blogs.
A new WhatsApp vulnerability has attracted the attention of the press and security professionals around the world. We wanted to provide some information and a quick summary.
This post will cover vulnerability analysis and how McAfee MVISION Mobile can help.
On May 13th, Facebook announced a vulnerability associated with all of its WhatsApp products. This vulnerability was reportedly exploited in the wild, and it was designated as CVE-2019-3568.
WhatsApp told the BBC its security team was the first to identify the flaw. It shared that information with human rights groups, selected security vendors and the US Department of Justice earlier this month.
The CVE-2019-3568 Vulnerability Explained
WhatsApp suffers from a buffer overflow weakness, meaning an attacker can leverage it to run malicious code on the device. Data packets can be manipulated during the start of a voice call, leading to the overflow being triggered and the attacker commandeering the application. Attackers can then deploy surveillance tools to the device to use against the target.
A buffer overflow vulnerability in WhatsApp VOIP (voice over internet protocol) stack allows remote code execution via a specially-crafted series of SRTP (secure real-time transport protocol) packets sent to a target phone number.
- WhatsApp for Android prior to v2.19.134
- WhatsApp Business for Android prior to v2.19.44
- WhatsApp for iOS prior to v2.19.51
- WhatsApp Business for iOS prior to v2.19.51
- WhatsApp for Windows Phone prior to v2.18.348
- WhatsApp for Tizen prior to v2.18.15.
The Alleged Exploit
An exploit of the vulnerability was used in an attempted attack on the phone of a UK-based attorney on 12 May, the Financial Times reported. The reported attack involved using WhatsApp’s voice calling function to ring a target’s device. Even if the call was not picked up, the surveillance software could be installed.
How MVISION Mobile can combat CVE-2019-3568 Attacks
To date, the detection technology inside MVISION Mobile has detected 100 percent of zero-day device exploits without requiring an update.
MVISION Mobile helps protect customers by identifying at-risk iOS and Android devices and active threats trying to leverage the vulnerability. It leverages Advanced App Analysis capabilities to help administrators find all devices that are exposed to the WhatsApp vulnerability by identifying all devices that have the vulnerable versions of WhatsApp on them and establish custom policies to address the risk. If the exploit attempts to elevate privileges and compromise the device, MVISION Mobile would detect the attack on the device.
The post How MVISION Mobile can combat the WhatsApp Buffer Overflow Vulnerability appeared first on McAfee Blogs.
Messaging apps are a common form of digital communication these days, with Facebook’s WhatsApp being one of the most popular options out there. The communication platform boasts over 1.5 billion users – who now need to immediately update the app due to a new security threat. In fact, WhatsApp just announced a recently discovered security vulnerability that exposes both iOS and Android devices to malicious spyware.
So, how does this cyberthreat work, exactly? Leveraging the new WhatsApp bug, hackers first begin the scheme by calling an innocent user via the app. Regardless of whether the user picks up or not, the attacker can use that phone call to infect the device with malicious spyware. From there, crooks can potentially snoop around the user’s device, likely without the victim’s knowledge.
Fortunately, WhatsApp has already issued a patch that solves for the problem – which means users will fix the bug if they update their app immediately. But that doesn’t mean users shouldn’t still keep security top of mind now and in the future when it comes to messaging apps and the crucial data they contain. With that said, here are a few security steps to follow:
- Flip on automatic updates. No matter the type of application or platform, it’s always crucial to keep your software up-to-date, as fixes for vulnerabilities are usually included in each new version. Turning on automatic updates will ensure that you are always equipped with the latest security patches.
- Be selective about what information you share. When chatting with fellow users on WhatsApp and other messaging platforms, it’s important you’re always careful of sharing personal data. Never exchange financial information or crucial personal details over the app, as they can possibly be stolen in the chance your device does become compromised with spyware or other malware.
- Protect your mobile phones from spyware. To help prevent your device from becoming compromised by malicious software, such as this WhatsApp spyware, be sure to add an extra layer of security to it by leveraging a mobile security solution. With McAfee Mobile Security being available for both iOS and Android, devices of all types will remain protected from cyberthreats.
The post 3 Tips for Protecting Against the New WhatsApp Bug appeared first on McAfee Blogs.