Category Archives: Network Security

How Safe Is Your Endpoint From Cyber Attack

In the current business environment, any device that can connect to a network is termed as “endpoint” from desktops, laptops, tablets, smartphones and, more recently, IoT devices. As devices evolve, threats continue keeping its pace. Unfortunately, today’s firewalls and antivirus are not strong enough to cope with the ever-changing environment of a business. Endpoints are now exposed to ransomware, phishing, malicious advertisements, software subversion, and other attacks. Not to mention that attackers use zero-day attacks that use previously unidentified vulnerabilities to send malicious programs to endpoint computers.

How do today’s businesses protect against these malicious threats? First, before choosing the right Endpoint Protection (EPP) platform, companies need to gain a deeper knowledge of “endpoints”.

Unknown files that trigger the change

According to a recent study by Comodo Cybersecurity, over the past five years, unknown files, a potentially malicious and unrecognizable executable, have exploded. Every day, more than 300,000 malicious files are detected. Managing new or unknown files is one of the most important features of an EPP.

Most EPP products use a trust-based assumption, called ‘default allow posture’ for new or unknown files. This method allows files to have unlimited write privileges to system files, in addition to known bad files. This means that files not identified as bad must be good or secure. As you can imagine, one of the biggest problems with the “default allow” security feature is that cybercriminals are constantly developing new variants to avoid detecting on the endpoints. This can expose companies to threats for days, weeks, or even months before they are detected.

Sandbox and beyond

In order to successfully fight cyber criminals, many EPP vendors have integrated sandbox technology into their products to combat malicious software. For those who are unfamiliar, the sandbox is an isolated virtual environment that mimics the endpoint operating environment to safely run unknown files without the risk of damaging host or network devices.

This solution is gradually losing its effectiveness. Cybercriminals create threats that can detect when security cages (sandbox) are being used and automatically take action to prevent detection. In addition, sandboxes are becoming increasingly resource intensive and complex, slowing down their ability to handle threats without compromising productivity.

The Need for a Zero Trust Architecture

As cybercriminals are using the Default Allow approach to their benefit, while also modifying these variants to bypass sandboxes, companies need a better solution. The obvious answer is to adopt a Zero Trust architecture, where unknown executables are never trusted and always verified, without impacting user productivity. To successfully achieve a Zero Trust architecture, 100% of unknown files must be instantly contained and analyzed in the cloud and by humans to prevent breaches. Additionally, the business still needs to operate, and users should not have to experience productivity loss or impact. Successfully achieving a Zero Trust architecture will bulletproof your business from damage.

With cybercriminals taking advantage of the default allow approach and modifying that variant to avoid isolated spaces, businesses need a better solution. The obvious answer is the adoption of the Zero Trust architecture, where unknown executables are verified without compromising user productivity. To successfully achieve the zero trust architecture, 100% of the unknown files must be immediately loaded and analyzed in the cloud and by individuals to avoid violations. In addition, the company must continue to operate and users do not have to suffer productivity losses or impacts. Successfully reaching the Zero Trust architecture ensures that your business is safe from cyber attack.

Best Practices for Evaluating EPP

Protecting the endpoints of malicious software is one of the most important aspects of securing a company’s IT resources. Endpoint protection must be part of a holistic IT security approach in which perimeter network security solutions secure the boundary between internal networks and service provider networks, and endpoint security further reduces the risk of threats or malicious activity affecting IT operations.

The first step in choosing an EEP solution is evaluating the needs of the business, which should include capacity and scalability, compliance, budget, and policies. The next step is to closely examine the capabilities, which should include, but is not limited to centralized management, threat detection and blocking, unknown file handling, file reputation scoring and support to achieve a Zero Trust architecture.

Choosing the right EPP

In addition to these best practices, Gartner recently released a research paper that strongly recommends that security managers and risk managers conduct a thorough concept to accurately determine the endpoint protection platform that is better suitable.

Related Resources:

Best Endpoint Protection Software

Endpoint Security : Why Is Endpoint Protection Good?

The post How Safe Is Your Endpoint From Cyber Attack appeared first on .

A Guide to Network Security Vulnerability Assessment

Conducting a network security vulnerability assessment on a regular basis is important for any organization today. This is crucial as regards ensuring improved cybersecurity and thus protecting organizational networks and critical data.

As data breaches are now rampant, happening all across the globe at totally unprecedented scales, failing to do regular network security vulnerability assessment could impact an organization greatly. It could cause great damages to the company, its reputation and business. Organizations today understand the importance of conducting vulnerability assessment regularly and that accounts for the boom in the global vulnerability assessment market.

Vulnerability assessment: An introduction

Vulnerability assessment, as the term itself suggests, is the process of detecting and identifying the vulnerabilities in a network, systems and hardware, plus the consequent steps that are taken for the remediation of the same. Thus, vulnerability assessment would involve identifying critical systems on the network, identifying vulnerabilities on the systems and prioritizing remediation process based on the severity of vulnerabilities and the critical nature of the systems.

The most important advantage of conducting vulnerability assessments is that it helps organizations adopt a proactive approach to cybersecurity. It keeps you a step ahead of the cybercriminals and you needn’t wait for a data breach to expose your security flaws. The assessment process would help you find them and you can plug them before anyone exploits them.

An increased awareness regarding cybersecurity plus the ability to prioritize security vulnerabilities are added advantages of conducting network security vulnerability assessments. A vulnerability assessment provides an overall picture of an organization’s security posture and thus helps work out things in a better way so as to ensure improved cybersecurity.

Moreover, IT and security teams in an organization can use the information gathered during the assessment process to do what all is needed to prevent cybersecurity issues in the future as well.

Vulnerability assessment can be done either in-house or by outsourcing it and getting a third-party to do it. Smaller companies might not be able to have a full-fledged in-house team for network vulnerability assessment, especially since it is an elaborate process and requires full-fledged involvement of a team and specialized knowledge as well. Even for many big companies, it’s always good to avoid doing in-house vulnerability assessment and instead depend on the expertise of a specialized provider. Outsourcing vulnerability assessment is good in another way as well since it involves assessing with a fresh perspective of an outsider and sidestepping the familiarity that an in-house team may have. Such familiarity with the systems and the network could even cause the overlooking of some flaws.

Vulnerability assessment: The process

Let’s look at the vulnerability assessment process, step by step.

Step 1- Planning

Planning is important. You have to identify where sensitive data resides in a network and also find out which data and systems are most critical. Determining which networks and systems need to be assessed is what planning is all about; you need to include mobile devices and the cloud too in the list.

Step 2- Scanning

Once the planning is done, scan the system(s) or network. This can be done either manually or by using automated tools. Security flaws can be identified, and false positives filtered out using threat intelligence and vulnerability databases.

Step 3- Analysis

Scanning might provide an overwhelming number of vulnerabilities. A detailed analysis could help narrow down on the vulnerabilities that really matter. The cause, the potential impact and the suggested methods of remediation become clear once the analysis is done. Then, based on the severity of the vulnerability, the data at risk and the likely extent of damage that could be caused, each vulnerability is ranked or rated. Thus, it becomes clear as to which flaw needs urgent redressal and there’s clarity regarding the possible remediation process as well.

Step 4- Remediation

Once the analysis is done and vulnerabilities rated or ranked, the remediation process starts. The flaws are patched, either through a product update or by using other remediation techniques like enhancing security procedures, installing necessary tools etc. Remediation is done after prioritizing flaws based on the analysis. The urgent ones are given top priority, the least important ones which might have lesser or no impact might even be ignored.

Step 5- Repetition

Network security vulnerability assessment is not a one-time thing, it needs to be repeated on a regular basis. The vulnerability assessment could be scheduled to be conducted on a weekly or monthly basis, or at least on a quarterly basis. The reports of earlier assessments could be of great help while doing an assessment. In addition to the regular assessments, additional vulnerability assessments done whenever there are major changes made to the network or systems is good for overall security.

Selecting a service provider or an assessment software

If you are doing in-house vulnerability assessment, you could choose from a wide range of vulnerability assessment software available in the market. Always go for one with a good reputation. Check reviews, make inquiries with friends and experts and then choose a trusted one as it’s all about security.

Similarly, if you are outsourcing your network security vulnerability assessment, you should make proper inquiries about the experience and expertise of the third-party provider you are hiring. Make sure you choose a provider whose services match your requirements. Make sure they give you full and detailed reports and also take perfect care of the compliance aspect.

Also, Read

Top 6 Network Assessment Checklist 2019 (New) | Your Network Safe Now

Wireless Network Security Assessment Guide | 5 Step Assessment

The post A Guide to Network Security Vulnerability Assessment appeared first on .

Bargain or Bogus Booking? Learn How to Securely Plan Summer Travel

With summertime just around the corner, families are eagerly looking to book their next getaway. Since vacation is so top-of-mind during the summer months, users are bound to come across websites offering cheap deals on flights, accommodations, and other experiences and activities. With so many websites claiming to offer these “can’t-miss deals,” how do you know who to trust?

It turns out that this is a common concern among folks looking for a little summer getaway. According to our recent survey of 8,000 people across the UK, US, Canada, Australia, France, Germany, Spain, and Singapore, 54% of respondents worry about their identity being stolen while booking and purchasing travel and accommodation online. However, 27% don’t check the authenticity of a website before booking their vacation online. Over half of these respondents say that it doesn’t cross their minds to do so.

These so-called “great deals” can be difficult to pass up. Unfortunately, 30% of respondents have been defrauded thanks to holiday travel deals that were just too good to be true. What’s more, 46.3% of these victims didn’t realize they had been ripped off until they arrived at their holiday rental to find that the booking wasn’t actually valid.

In addition to avoiding bogus bookings, users should also refrain from risky online behavior while enjoying their summer holidays. According to our survey, 44.5% of respondents are putting themselves at risk while traveling by not checking the security of their internet connection or willingly connecting to an unsecured network. 61% also stated that they never use a VPN, while 22% don’t know what a VPN is.

Unfortunately, travel-related attacks aren’t limited to just travelers either; hotels are popular targets for cybercriminals. According to analysis conducted by the McAfee Advanced Threat Research team, the most popular attack vectors are POS malware and account hijacking. Due to these attacks, eager vacationers have had their customer payment, credit card data, and personally identifiable information stolen. In order for users to enjoy a worry-free vacation this summer, it’s important that they are aware of the potential cyberthreats involved when booking their trips online and what they can do to prevent them.

Together with HomeAway, we here at McAfee are working to help inform users of the risks they face when booking through unsecured or unreliable websites as well as when they’re enjoying some summertime R&R. Check out the following tips so you can enjoy your vacation without questioning the status of your cybersecurity:

  • Always connect with caution. If you need to conduct transactions on a public Wi-Fi connection, use a virtual private network (VPN) to help keep your connection secure.
  • Think before you click. Often times, cybercriminals use phishing emails or fake sites to lure consumers into clicking links for products or services that could lead to malware. If you receive an email asking you to click on a link with a suspicious URL, it’s best to avoid interacting with the message altogether.
  • Browse with security protection. Use a comprehensive security solution, like McAfee Total Protection, which includes McAfee WebAdvisor that can help identify malicious websites.
  • Utilize an identity theft solution. With all this personal data floating around online, it’s important to stay aware of any attempts to steal your identity. Use an identity theft solution, such as McAfee Identity Theft Protection, that can help protect personally identifiable information from identity theft and fraud.

And, as always, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Bargain or Bogus Booking? Learn How to Securely Plan Summer Travel appeared first on McAfee Blogs.

Endpoint Security : Why Is Endpoint Protection Good?

With the rise of remote workers and BYOD (Bring Your Own Device) policies, company networks are at risk of a security breach. Internet use and cloud-based platforms make it difficult for network security to track malware and unauthorized access into a company’s network. This issue means endpoint security and protection becomes a vital policy to put in place.

What is endpoint protection and security?

Endpoint security is a network security measure that requires endpoint devices to have a high level of security. Endpoint devices like mobiles and laptops must be secure before accessing a company’s network.

Many companies are still not aware or convinced that they need to put in place endpoint security. Below, we listed facts on why endpoint protection is beneficial for a company’s health:

What is endpoint protection? — Fact #1: It is more than anti-virus and anti-malware software

Though anti-virus and anti-malware tools form a part of endpoint security, it is more than that. Endpoint security ensures that the endpoint device is secure when communicating with the network. Implementation of IDS and firewalls are part of endpoint security.

An anti-malware program may prevent malware from infecting the endpoint device. But it will not prevent the malware from accessing the company’s network and infecting the entire system.

What is endpoint protection? — Fact #2: It ensures endpoint devices become responsible for its own security

Though a company network’s firewall acts as a line of defense against attacks, it does not prevent or limit access to devices that have authority to enter the network. An infected device that has access to the network will pass through the firewall without being detected or stopped. Endpoint security makes sure devices are responsible for their security and reduces the need for network security to look for unauthorized access and malware.

What is endpoint protection? — Fact #3: It protects customer and employee data

While company networks have sensitive data stored in their servers, endpoint devices still hold a large amount of important data in them.

In banks and financial institutions, recently encoded client data are often stored in endpoint devices, so even a small breach of the endpoint device may become a huge issue.

Employee data and information are also stored in endpoint devices. If stolen, this information can be used to impersonate employees, and sensitive company information may leak to unauthorized persons.

Setting up endpoint security ensures the level of security in each endpoint and the protection of the data stored in them.

What is endpoint protection? — Fact #4: It saves a company’s image and money

Security breaches can be costly for a company. When sensitive data fall into the wrong hands, competitors can use them to launch a smear campaign. A network breach also means a company will need to change their network security, which can cost a company thousands of dollars.

Final Note

Requiring endpoint devices to have a certain level of security decreases the chance that malware and unauthorized access can pass undetected into the secure network and steal sensitive data. Make sure you have proper endpoint security today.

Related Resources:

The 10 Endpoint Security Products for Business

How to Choose the Best Endpoint Protection Software in 2019?

The post Endpoint Security : Why Is Endpoint Protection Good? appeared first on .

The Right Protection For Your Endpoints

As companies look for an advanced next-generation security solution to protect their PCs, Macs, servers and mobile devices, they have many different vendors to choose from and also many questions. Can it prevent attacks? What kind of malware can it protect? What happens when a new malware comes? Will this solution help? How can I deploy it? Is the tool easy to manage? Will my endpoints protect my system inside and outside the corporate network?

To protect today’s evolving threat vector endpoints, endpoint security solutions must use technologies that have the capabilities to detect better, and whitelists to identify good and bad files. Endpoint protection should evolve towards a platform approach to prevent damage from known and unknown threats.

Prevention Capabilities

Prevention is your first line of defence. Preventing cyberattacks and blocking malware at point-of-entry in real time is essential. To ensure the best possible prevention, make sure your next-gen endpoint security solution provides the following:

Prevention is your first line of defence. Preventing cyberattacks and blocking malware is critical. For the best prevention, ensure that your next-generation Endpoint Security solution provides:

  • AV Detection: The advanced Endpoint Security solution should do all the AV work and consolidate protection.
  • Global Threat Intelligence: A team of threat hunters who identify the latest threats and zero days to protect it 24 hours a day, 7 days a week.
  • Proactive protection: Identifies and corrects vulnerabilities, analyze them quickly and stops suspicious executions at low frequency.

Highlights of Gartner Report

  • Importance of endpoint protection
  • Verdict systems
  • Beyond the sandbox
  • Implementation of a zero trust environment
  • Best practices for evaluating endpoint protection

Things to know

When organizations notice changes to features or processes that conflict with their current implementation, they should not simply ignore these changes just because “it always worked that way.” Policies and processes have been developed in many companies at a time when threats were different, and there were no mitigations.

Today, most endpoint providers use a standard-authorize approach. This means that only applications or executable that are considered malicious will be blocked from running on an endpoint. Changing the default permission architecture for zero trusts can help prevent unknown threats from corrupting endpoints.

Also, Read

What is Endpoint Security?

Endpoint Security Basics

How to Choose the Best Endpoint Protection Software in 2019?

The post The Right Protection For Your Endpoints appeared first on .

7 Basic Firewall Fundamentals People Need To Know

Firewall is a basic security blanket in corporate security, it used to be huge appliances that go between the ISP’s modem and the enterprise’s main network switch. Filtering traffic, preventing packets to arrive if it came from an untrusted node. The mode in which system administrators and network administrators roll-out a corporate router changed through the years, we now have multi-gigabit firewall appliances compared to the anemic 10baseT standard of the network from the past. Besides, previous decades we saw how TCP/IP had taken over the network protocol market share and mindshare, no one in the mainstream networking space uses old protocols such as NetBios and NetBEUI.

Here in hackercombat.com, we provide you with information about Firewalls in bite-size pieces, which can be digested without too much IT knowledge nor experience:

Firewall protects against viruses

Some SOHO firewalls have virus scanner capabilities. On the other hand, many enterprise firewalls are used to secure the network and do not have this function. Anti-virus protection is left to other specialized hardware or system software.

Hackers does not notice my presence behind the firewall

If your organization’s firewall is configured to block all external communication, the cracker can not see the hosts present in your network. However, if you find your email address somewhere, you can send a phishing email and try to forgive you. For example, you can use Google etc to know your organization’s information. Be careful not to leak information on the Internet.

Firewall is hard to set up

Many firewalls allow all traffic going out of the internal network and reject all traffic going from outside to inside, even without configuration. Also, many firewalls can be easily configured via the web interface. High-end firewalls may be difficult to set up, but common business firewalls are easy to operate.

It is all right because there is a firewall

Many companies have felt that just installing a firewall has made them secure. This often leads to the dangerous idea that we have no security risk. Firewalls are important. However, firewalls only protect the network in which they are installed. In addition, it protects only the item within the set range. Many people think that firewalls can protect against viruses, spam, and crackers. Of course, this idea is not correct.

Firewall protects against spam

Some “all-in-one” SOHO firewalls have anti-spam features, but others do not come with spam features.

A free firewall is useless

In many cases, quality is proportional to price, but thanks to open source software, this is not always the case. For example, OpenBSD configured as a firewall is very effective.

If your company is behind a firewall, there is no need to put a firewall on your desktop. The company’s firewall prevents the bad guys from getting into the network. But what if the bad guys are the ones who work in your company? Desktop Firewall protects your computer itself. If for some reason the worm penetrates into your network, the desktop firewall will protect your computer.

I do not need a firewall

You already have one by default, the Modem+router provided by an ISP features NAT (Network Address Translation), a rudimentary firewall by functionality. All operating system since Windows XP Service Pack 2 has a firewall by default.

Also, Read

What is Virtual Firewall? | How Virtual Firewall Works?

Web Application Firewall (WAF)- What it Does?

How to Choose a Firewall [Infographic]

Difference Between VPN, Firewall and the Antivirus Software

The post 7 Basic Firewall Fundamentals People Need To Know appeared first on .

Discussing Different Aspects of Next-Level Network Security

Cybersecurity, as an industry, is changing and evolving at a rapid pace. As cybercriminals come up with all kinds of new approaches to target and breach computer networks, it’s becoming increasingly difficult to protect systems and networks using even DNS security technologies.

Today, we have moved much ahead in the cybersecurity industry and we have started using next-generation firewalls to ensure comprehensive security. At this juncture, it would be highly relevant to discuss DNS security.

As we know, DNS security helps individual users and organizations ensure better overall security while on the internet. DNS traffic is always permitted to pass through all kinds of firewalls. Cybercriminals, who are always on the lookout for security holes, are only too happy to make use of such points of exposure that DNS security infrastructures provide. They come up with different kinds of exploits, in addition to the denial of service attacks, targeting DNS security. These include exploits like cache poisoning and amplification attacks. Thus, it becomes increasingly important that ISPs (Internet Services Providers) and cloud providers take concrete steps to ensure better and more comprehensive DNS security.

ISPs today need to focus on two critical areas in their network- the DNS caching servers and the authoritative DNS servers. They must focus on protecting these two critical areas from cyberattacks.

Today, when ISPs come up with different kinds of innovative packaging offers and data space to lure subscribers and when there is an increasing client demand for bandwidth as well as applications, the cloud is seen as the best answer to such rising demands. ISPs, while incorporating and centralizing services on the cloud, seek to bring greater agility by embracing server virtualization technologies and also using them on cloud management platforms. Thus, when things are moving on to the cloud- to the virtual space, it calls for a different kind of thinking and implementation. There needs to be a dynamic change as regards providing and ensuring visibility, control and manageability of different network capacities as ISPs are taking to the cloud.

The kind of network automation solution that we need today must be dynamic as regards the capabilities offered. We should have solutions that take care of DNS security in the first place, plus advanced IP address management. There needs to be greater visibility into virtual machines and network administrators should have a good view of and into the cloud assets that they are to deal with. Similarly, there needs to be a fast deployment of applications and better adaptability.

Let’s now discuss certain aspects pertaining to the management of DNS services in this rather dynamic and much-changed scenario, when organizations are moving their public authoritative DNS services to cloud providers’ managed DNS services…

Firstly, organizations need to ensure that their DNS security is redundant. This is because the failure of non-redundant DNS servers could cause big impacts on businesses.

Secondly, if an organization with its authoritative DNS servers in one location services a worldwide environment, it would be ideal to depend on a cloud provider with various differing DNS security for high accessibility and insurance. This is because the resolvers around the globe for such an organization would face added inactivity as they are distant from the location to fulfill queries.

Thirdly, it’s best for organizations to adopt DNSSEC (Domain Name System Security Extensions), which provides a cryptographic strategy for verifying DNS records, thereby providing better DNS security.

And finally, for organizations that depend on cloud providers, it would be rather easy to absorb and mitigate the effects of DDoS attacks on their DNS security. Cloud providers would have a greater capacity to scale up with DDoS attacks whereas for an organization, it won’t be cost-effective to deploy the highly scalable DNS security infrastructure that’s needed to absorb such an attack. Cloud providers, on the other hand, have higher transfer speed plus various assets and would also have the capacity to scale up their resources, based on transaction volume, to counter such attacks.

Related Resources:

DNS Servers | How to Secure DNS Servers from hacker attacks?

How To Deal With DNS Vulnerabilities?

Ten Best Network Scanning Tools for Network Security

The post Discussing Different Aspects of Next-Level Network Security appeared first on .

7 Steps For Proper Patch Management Process

Patch Management Process

At the wake of the Intel’s Microarchitectural Data Sampling flaws (MDS), data centers that depend on Intel microprocessors have their system administrators are hard at work in figuring out how to roll-out the mitigation patches timely, effectively and efficiently. Unlike a typical patch management process, mitigating MDS is not an easy undertaking, given that proof-of-concept code is available publicly and can be weaponized anytime. And since MDS is a hardware flaw, the corrective action is penalized by lower performance, as much as 40% with Intel’s Hyperthreading disabled, according to Apple.

The biggest impact will not felt by end-users, but by the enterprise, most especially server farms and cloud-service providers who use Intel processors (90% of the market share). In effect, full implementation of mitigation means that the machine’s value decreases significantly since it can only provide a portion of its expected overall performance. Luckily, AMD and ARM-based processors are not affected, a much smaller number of data centers use them and are not affected by the MDS flaws by default.

Of course, the patch management process may vary from company-to-company, and for case-to-case basis. A firm that requires a 24/7 machine for a specific critical task may remain to be unpatched for MDS if it is a stand-alone air-gapped (not connected to the public Internet) computer. Meanwhile, a machine that has a public interface requires immediate installation of mitigation patches as supplied by Intel, Microsoft, Apple, and Linux distribution providers.

Here in hackercombat.com, we provide some tips in rolling-out an effective patch management process that has minimal impact on employee productivity without compromising IT security:

1. Build/update corporate computing inventory

Day 1 of company operations, a comprehensive inventory of all computing devices should exist. However, in the real world, it is not always the case, in some companies having a complete inventory may even be an afterthought. In the case of MDS mitigations, AMD and ARM machines are not affected, a comprehensive inventory will show the statistics how many Intel, AMD and ARM machines are currently being used in the organization. This gives the implementing team a baseline on how many machines are involved in the process of patch management software, giving them an idea of how long the procedure of updates will last.

2. Establish a list of machines that fully require the patches

Not all machines affected by a flaw or an exploit needs to be patched. Yes, you heard it right, we are advocating for a reasonable level of patch management process, not a perfect one. For the case of MDS mitigations, machines that are air-gapped need not be updated. These non-networked computers perform a specific task, and never used for any other auxiliary purpose. Non-networked computers are usually secured physically, and there is no way to remotely access them in order for a 3rd party to use a weaponized flaw against the machine.

3. Define a test machine for simulating full roll-out of patches

Installation of patches is the quickest part of any patch management process, however, rolling the patches to all the qualified machines at the same time only invites further trouble down the line. Combination of application software, drivers and other system updates from the past can complicate the patch management process. There will be times that a specific machine will not behave as expected after the installation of a patch in combination with another installed software or driver in the system. In these instances, the conflict can be determined early if the patches are deployed to test machines first or only for a limited sample of production machines.

4. Backup critical and user data before installing the patches

With the availability of cloud-backup, lower cost of hard drives and other consumer storage devices there is no valid alibi not to have a credible backup strategy. System backup for the affected machines should be implemented before rolling-out the patch management process. This way, if trouble comes such as system corruption occurs, the affected system can be restored from the backup painlessly instead of rebuilding it from scratch.

5. IT team to enforce full monitoring of patched machines for the next 24-hours

The first 24-hours after the patch management process implementation is crucial for monitoring. Once staff members start to use the patched machines again, the problem may be reported, which requires full documentation which is helpful in formulating a quick workaround or even a permanent fix at a later date.

6. Perform reconfiguration for those that failed to pass the quality test after the patch installation

A failed rolled-out does not mean leaving the machine unmitigated. There are times a small tweak is all that is needed in order to fix the problem after the patch management process. The procedure may require a Windows Registry edit, a knowledgebase instruction from the software vendor or change of commodity hardware such as a new network card.

7. Perform step 1

The post 7 Steps For Proper Patch Management Process appeared first on .

How to Secure DNS Servers and Prevent Security Issues

Hackers often tend to target DNS software, aiming to cause security breaches. Let’s discuss how to secure DNS servers using some very effective methods. Here we go…

Using a DNS forwarder helps

Using a DNS forwarder is of great help when it comes to securing DNS servers. A DNS forwarder is nothing but a DNS server that can be used to perform queries on behalf of another DNS server, thereby helping offload processing duties from the public DNS server. A DNS forwarder also helps prevent the public DNS server from interacting with Internet DNS servers, thereby protecting the resource records of the internal domain. So, it’s good to configure the internal DNS server to use a DNS forwarder for all the domains for which it’s not authoritative than letting your DNS server do the recursion and contacting DNS servers.

How to secure DNS servers with DNS resolvers and DNS advertisers

DNS resolvers and DNS advertisers help greatly when it comes to securing DNS servers. A DNS resolver is a DNS server that performs recursion to resolve names for domains for which the public DNS server is not authoritative while a DNS advertiser is a DNS server that resolves queries for domains for which the DNS server is not authoritative. The DNS resolver can be made available to your internal users or only to external users (thereby providing them a secure alternative- a DNS server outside your administrative control), or, if needed, to both internal and external users together. The DNS advertiser enhances security by preventing users from using your public DNS server to resolve names in other domains.

Caching-only DNS servers help increase security

Using a caching-only DNS server (which is not authoritative for any DNS domains) helps increase DNS security. Upon receiving a response, a caching-only DNS server caches the result and returns the answer to the system that issues the DNS query. Thus, the caching-only DNS server can, over time, amass a large cache of responses, thereby improving DNS response times for DNS clients of that server. Similarly, caching-only DNS servers can be used as forwarders too, thereby using them for performing recursion on behalf of the internal DNS servers. Thus, dependence on the ISP’s DNS servers can be avoided, thereby enhancing overall security.

Configure DNS servers to prevent cache pollution

Configuring DNS servers to prevent cache pollution is good. Thus, the DNS server cache wouldn’t be polluted with bogus entries and users would be protected from being forwarded to malicious websites. For Windows 2003, the DNS server is configured to prevent cache pollution by default. For Windows 2000 DNS server, it can be configured by opening the Properties dialog box for the DNS server, clicking the Advanced tab, then selecting the Prevent Cache Pollution checkbox and then finally restarting the DNS server.

Go for DDNS for secure connections only

DDNS is indeed of great help for DNS administrators, but DDNS updates, if allowed unchecked, could pose security risks as a hacker can configure a host to dynamically update DNS host records of a file server, web server or database server and get connections diverted. Hence, it’s always good to enable DDNS only for secure connections. Thus, it’s important to perform dynamic updates over secure connections only; this can be done by configuring the DNS server to use Active Directory-integrated zones and requiring secure dynamic updates.

Configure DNS servers to disable zone transfers

Disabling zone transfers helps greatly in enhancing DNS security. If zone transfers are enabled, it becomes possible for anyone to issue a DNS query that would cause a DNS server configured to allow zone transfers to dump all of its zone database files, the information from which can very easily be misused by a hacker. Such information can be used to spy on the naming schema in an organization and also to attack key infrastructure services. So, it’s good to configure the DNS servers to deny zone transfer requests or to allow them only to specific servers in a network.

Control DNS access using firewalls

Controlling DNS access using firewalls is important. Configure firewalls to block connections from external hosts to DNS servers that are used only for internal client queries. Similarly, there needs to be a firewall policy setting that blocks internal users from using the DNS protocol to connect to external DNS servers. Firewalls can also be configured to regulate queries from DNS servers that are used as caching-only forwarders.

Setting access controls on DNS file systems entries and registry entries

Setting access controls on DNS server-related file system entries and also on registry entries would help secure DNS servers. Such access controls ensure that only accounts that require access to these (file system entries or registry entries) can read or change them.

Also, Read:

Hacker Group Has Been Hacking DNS Traffic on D-Link Routers

How To Deal With DNS Vulnerabilities?

EDNS To Improve DNS Resolution Worldwide By February 2019

DHS Issues Security Order After DNS Hijack Attacks From Ira

Faster Internet with Privacy-Focused 1.1.1.1 DNS Service

The post How to Secure DNS Servers and Prevent Security Issues appeared first on .

Points To Consider Before Selecting a Secure Web Gateway

Information technology has undergone a major transformation in recent years. Today, infrastructure, applications, and data – almost everything – are moving to the cloud. Whether it’s the public or private cloud infrastructure, cloud technology has revolutionized the IT ecosystem. Today, however, this raises global questions about how to protect the data stored in the cloud.

This rise in cloud technology has also changed the way employees used to work; it has made many people care less about the security of their data and that of the organization. When an employee works outside the corporate network, he does not even bother to turn on the VPN and work. And that’s where secure web gateways come into force.

What is a secure web gateway?

A secure web gateway (SWG) actually refers to content control software. When we talk about content control, it means that this specific software filters and manages the content on the Internet. This software essentially prevents malicious Internet traffic from running on the corporate network and ensures the security of the enterprise. In simple terms, it actually provides content relevant to the work or policy of the company and not to the user sitting outside the network.

In recent years, SWG has become a tool for organizations around the world. This is not very new – SWG has been there since the inception of the web. Today, however, it is more sophisticated than content filtering and is offered both in the on-prem forms and cloud. However, SWGs are capable of preventing or restricting malicious traffic, and that not all companies know to use SWG.

Things to Keep In Mind

You should have complete know-how about the web-related threats and vulnerabilities.

This is the first and foremost thing every organization should do. Companies need to understand the threats and vulnerabilities they are facing. They also need to make sure the path and source of the threat and what damage they are causing and could cause in the future.

What to consider when opting for secure web gateway?

You must have extensive knowledge of Web threats and vulnerabilities. This is the most important thing any organization should do. Businesses need to know the threats and vulnerabilities they are exposed to. They must also state the trajectory and source of the threat, as well as the damage they could cause in the future.

When you have strong knowledge about what you are going to deal with, you plan better. And when you plan better, you come up with strong solutions. So, before evaluating or opting for a specific secure web gateway, you should know what is happening.

If you know exactly what you are going to deal with, plan better. And if you plan better, you can offer solid solutions. So before you select a specific secure web gateway, you need to know what’s going on.

What measure to take?

When you’re done analyzing the threats and vulnerabilities, review the existing actions you’ve already taken or the tools you’ve configured to handle malicious traffic. Check each tool and see the results of these tools.

If you do not have the required resources and infrastructures, check to see if you can set this parameter and how much it will cost. If your budget is exceeded, you can see some of the cloud service providers. It is always a good idea to review our existing sources before using a brand new tool.

Do you have the bandwidth to deploy extra security tool?

You might feel a high level of need to deploy a secure web gateway product in order to make your web security infrastructure stronger, but one simply can’t buy an SWG product and get it fit in — you have to make sure that you have the required infrastructure and resources to make the most out of the tool.

Does your existing infrastructure align with cloud infrastructure?

The cloud approach can solve local problems but has its own requirements. So, if you choose a cloud infrastructure, make sure your existing processes and methods are working properly. Also, make sure you have the support you need for a cloud-centric deployment. This concerns the infrastructure.

Now, when you talk about tools and implementing a cloud-based security tool, you need to check whether it can integrate with existing local tools. If you can afford to meet those challenges, a cloud-based SWG is definitely a great way to eliminate cyber-attacks and malicious traffic from the corporate network.

What to expect from a secure web gateway product?

This is the penultimate but one of the most important things to keep in mind. You need to pick the issues you want to fix: the format of the threats you want to detect and fix, the type of traffic you want to block, and so on. If you have a vision or set of results that you expect, you can participate in the evaluation of the secure web gateway product and see if this product can deliver the results. It makes no sense to spend time and money on a product if it does not.

Related Resources:

Six Top Secure Web Gateway Vendors

Secure Web Gateway Mechanics Made Simple

What is the Difference between a Firewall, Router & Secure Web Gateway

 

The post Points To Consider Before Selecting a Secure Web Gateway appeared first on .

ITIL Service Operation Processes: A Brief Introduction

The ITIL Service Operation (SO), which is one of the five core publications that form part of the ITIL Service Management Lifecycle under ITIL (Information Technology Infrastructure Library) Framework, provides guidance regarding maintaining stability in IT Services and helps manage services in supported environments.

The ITIL SO module takes care of some very important responsibilities including the monitoring of services, the resolving of incidents, the fulfilling of requests and the execution of operational tasks. Once the formal handover from the Service Transition process module is done, the SO module takes control of new/changed services and takes care of the execution of all design and transition plans. The SO module also measures all these plans for actual efficiency.

The Objectives

The ITIL SO module, which is totally customer facing, ensures that IT services are delivered efficiently and effectively and also that quality of service is maintained. Hence, key functionalities like fixing problems and service failures, fulfilling of user requests, executing routine operation tasks etc come under the purview of the SO module. The SO module also takes care of some other important aspects including reducing incidents and problems, minimizing impact of service outages on businesses, ensuring authorized access only to agreed IT services, assisting organizations in delivering benefits within SLA in the best of manners, supporting users in service-related matters etc.

The Processes

There are five processes that come under ITIL SO. They are- Event Management, Incident Management, Request Fulfilment, Problem Management and Access Management.

While Event Management is basically about ensuring constant monitoring of CIs and services, Incident Management, as the term suggests, ensures that IT services are restored to working state quickly after unexpected incidents. Request Fulfilment is all about the acknowledging and processing of service requests from users and Problem Management helps find root cause of problems and seeking to mitigate impacts of problems or trying to prevent them from happening. The last, Access Management is all about ensuring authorized access to services and functions in accordance with pre-defined policies.

These five processes are assigned to two major functional groups- the Service Desk and the Technical Support Group (Technical, Application and IT Operations Management), about which we discuss in detail in the next section.

The Functions

ITIL SO comprises four functions and two sub-functions. The functions are- Service Desk, Technical Management, IT Operations Management and Applications Management.

Service Desk, which is the first and single point of contact, takes care of things like coordinating between end user and service provider, managing logged tickets, ensuring timely closure of user requests etc.

Technical Management is all about managing the IT infrastructure by providing technical expertise and support.

The IT Operations management deals with IT related day-to-day operational activities and comprises two sub-functions, namely IT Operations Control (monitoring and controlling of IT services and the underlying infrastructure) and Facilities Management (management of the physical environment where the IT infrastructure is located).

Application Management, as the term suggests, is all about managing applications throughout their lifecycle.

The Benefits

There are many benefits of the ITIL Service Operations process.

The main benefit, however, is that it helps reduce unplanned expenditure for organizations through optimized handling of service outages and proper identification of their causes. By ensuring that the duration and frequency of service outages are minimized, ITIL SO helps organizations make full use of services.

ITIL SO processes support an organizations security policy by ensuring proper access management and also helps obtain operational data to be used by other ITIL processes. Providing quick, effective access to standard IT services also is one of the benefits. It also helps provide a framework for automating iterative operations, thereby helping increase efficiency and better utilization of human resources.

The post ITIL Service Operation Processes: A Brief Introduction appeared first on .

Fraudulently Acquired IPv4 Addresses Revoked by ARIN

The US Registry for Internet Numbers, Ltd. (ARIN) won a legal case, against multi-year program designed to deceive the Internet community by approximately 735,000 IPv4 addresses. John Curran, President, and CEO of ARIN announced that the fraud had been discovered through an internal due diligence process.

ARIN is a non-profit organization responsible for distributing Internet numbers in the United States, Canada and parts of the Caribbean. The emerging market of IPv4 address transmission and growing demand has led to new attempts to fraudulently recover IPv4 addresses.

This is the first arbitration under the ARIN Registration Service Contract and the related process in the US District Court for the Eastern District of Virginia. ARIN has been able to prove the existence of a complicated scheme to fraudulently acquire resources, including many legalized official attestations sent to ARIN. “A company in South Carolina obtained and utilized 11 shelf companies across the United States, and intentionally created false aliases purporting to be officers of those companies, to induce ARIN into issuing the fraudulently sought IPv4 resources and approving related transfers and reassignments of these addresses. The defrauding party was monetizing the assets obtained in the transfer market, and obtained resources under ARIN’s waiting list process.” (ARIN Press Release).

The fraudulent entity adopts an aggressive position after ARIN requests to produce certain documents and explain its behavior. The suspects filed a motion for provisional detention orders and initial orders for ARIN in the US District Court and requested a hearing the following morning just before Christmas. “The aggressive posture was taken after ARIN indicated its intent to revoke addresses, while permitting defrauding entity to renumber to allow existing bona fide customers not to have service interrupted,” ARIN’s General Counsel told CircleID. “The litigation was filed against ARIN to seek an injunction to stop ARIN from revoking and enter arbitration. Some addresses were transferred for money prior to that demand, others were pending transfer and were never transferred due to ARIN investigation.”

Some fraudulently obtained addresses were transferred to third parties; however ARIN made no effort to pursue the parties that received the completed transfer, ARIN’s General Counsel told CircleID. The reason being: “(a) addressed were in another RIR service region (e.g. RIPE NCC and APNIC) and (b) ARIN did not see any evidence they knew of or participated in the fraud. In other words, they appeared to be bona fide 3rd parties.”

On May 1, 2019, ARIN obtained an arbitration award, which included revoking all fraudulent resources and $ 350,000 to ARIN for its legal fees.

UPDATE May 15, 2019: “Charleston Man and Business Indicted in Federal Court in Over $9M Fraud” – United States Department of Justice issues a statement announcing Amir Golestan, 36, of Charleston, and Micfo, LLC, were charged in federal court in a twenty-count indictment. The indictment charges twenty counts of wire fraud, with each count punishable by up to 20 years imprisonment.

Related Resources:

Wireless Network Security Assessment Guide | 5 Step Assessment

Ten Best Network Scanning Tools for Network Security

The post Fraudulently Acquired IPv4 Addresses Revoked by ARIN appeared first on .

Announcing the all new Attack Surface Analyzer 2.0

Few of us know what is really happening on our systems when we install new software from new or untrusted sources. This is important because most installation processes require elevated privileges, which can lead to undesired system configuration changes. Knowing what changes have been made is vital to maintaining the security of your system, data, and networks. Identifying those changes can be challenging and time consuming without a little help.

The classic Attack Surface Analyzer 1.0 was released in 2012 to help software developers and IT professionals identify changes made to Windows operating systems during application installations. This year, we decided to rewrite the tool to take advantage of modern, cross-platform technologies like .NET Core and Electron. Attack Surface Analyzer 2.0 now runs on Windows, Linux, and macOS and is available as an open source project on GitHub.

Attack Surface Analyzer 2.0 can help you identify potential security risks introduced by changes to an operating system’s security configuration by identifying changes in key areas, including:

  • File System
  • User Accounts
  • System Services
  • Network Ports (listeners)
  • System Certificate Stores
  • Windows Registry

This tool can play an important role in ensuring that the software you develop or deploy doesn’t adversely affect the operating system security configuration by allowing you to scan for specific types of changes.

Results from the comparison analysis feature highlight relevant changes, which can be easily viewed or exported.

The tool includes both Electron and command line interface options. Results for the command line use option are written to a local HTML or JSON file, making it easy to include as part of your automated toolchain.

Detecting these types of changes can be error prone and time consuming. Attack Surface Analyzer 2.0 helps make it easy.

We look forward to your comments, ideas, and contributions for improving this tool. To learn more about Attack Surface Analyzer 2.0, please visit our GitHub project page at github.com/Microsoft/AttackSurfaceAnalyzer.

The post Announcing the all new Attack Surface Analyzer 2.0 appeared first on Microsoft Security.

Wi-Fi Woes: Android Hotspot App Leaves 2 Million Passwords Exposed

Logging onto a free Wi-Fi network can be tempting, especially when you’re out running errands or waiting to catch a flight at the airport. But this could have serious cybersecurity consequences. One popular Android app, which allowed anyone to search for nearby Wi-Fi networks, was recently left exposed, leaving a database containing over 2 million network passwords unprotected.

How exactly were these passwords exposed? The app, which had been downloaded by millions of users, allowed anyone to search for Wi-Fi networks in their area. The app also lets users upload their Wi-Fi network passwords from their devices to its database for others to use. When the database was left exposed and unprotected, anyone could access and download its contents. Each record in the database contained the Wi-Fi network name, its precise geolocation, its basic service set identifier, and the network password in plaintext. Because the app didn’t require users to obtain permission from the network owner, it would be quite easy for a cybercriminal to modify router settings and point unsuspecting users to malicious websites. What’s more, a threat actor could also read unencrypted traffic that goes across a wireless network, allowing them to steal passwords and private data.

Thankfully, the web host was able to take down the database containing the Wi-Fi passwords within a day of being notified. But it’s important for users to be aware of the cybersecurity implications that free or public Wi-Fi presents. Check out the following tips to help protect your data:

  • Change your Wi-Fi password. If you think your password may have been affected by this exposure, err on the side of caution and reset it. Be sure to make your new password complex and unique.
  • Keep your network password private. Wi-Fi networks could be susceptible to a number of threats if their passwords are left in the wrong hands. Only share your passwords with family, friends, and those you trust, and never upload your password to a public database for strangers to use.
  • Safeguard your online privacy. Use a security solution like McAfee Safe Connect to encrypt your online activity, protect your privacy by hiding your IP address, and better defend against cybercriminals.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Wi-Fi Woes: Android Hotspot App Leaves 2 Million Passwords Exposed appeared first on McAfee Blogs.

How To Secure Your Smart Home

Do you live in a “smart” home? If you look around and see interactive speakers, IP cameras, and other internet-connected devices like thermostats and appliances, you are now one of the millions of people who live with so-called “smart” devices. They bring convenience and comfort into our lives, but they also bring greater risks, by giving cybercrooks new opportunities to access our information, and even launch attacks.

You may remember a couple of years ago when thousands of infected devices were used to take down the websites of internet giants like Twitter and Netflix by overwhelming them with traffic. The owners of those devices were regular consumers, who had no idea that their IP cameras and DVRs had been compromised. You may also have heard stories of people who were eavesdropped on via their baby monitors, digital assistants, and webcams when their private networks were breached.

Unfortunately, these are not rare cases. In recent months, the “Internet of Things” (IoT) has been used repeatedly to spy on businesses, launch attacks, or even deliver cryptojacking malware or ransomware.

Still, given the benefits we get from these devices, they are probably here to stay.  We just need to acknowledge that today’s “smart” devices can be a little “dumb” when it comes to security. Many lack built-in security protections, and consumers are still learning about the risks they can pose. This is particularly concerning since the market for smart devices is large and growing. There are currently 7 billion IoT devices being used worldwide, and that number is expected to grow to 22 billion by 2025.

Cybercrooks have already taken note of these opportunities since malware attacks on smart devices have escalated rapidly. In fact, McAfee reported that malware directed at IoT devices was up 73%in the third quarter of 2018 alone.

So, whether you have one IoT device, or many, it’s worth learning how to use them safely.

Follow these smart home safety tips:

  • Research before you buy—Although most IoT devices don’t have built-in protection, some are safer than others. Look for devices that make it easy to disable unnecessary features, update software, or change default passwords. If you already have an older device that lacks many of these features, consider upgrading it.
  • Safeguard your devices—Before you connect a new IoT device to your home network — allowing it to potentially connect with other data-rich devices, like smartphones and computers— change the default username and password to something strong, and unique. Hackers often know the default settings and share them online.Then, turn off any manufacturer settings that do not benefit you, like remote access. This is a feature some manufacturers use to monitor their products, but it could also be used by cybercrooks to access your system. Finally, make sure that your device software is up-to-date by checking the manufacturer’s website. This ensures that you are protected from any known vulnerabilities.
  • Secure your network—Your router is the central hub that connects all of the devices in your home, so you need to make sure that it’s secure. If you haven’t already, change the default password and name of your router. Make sure your network name does not give away your address, so hackers can’t locate it. Then check that your router is using an encryption method, like WPA2, which will keep your communications secure. Consider setting up a “guest network” for your IoT devices. This is a second network on your router that allows you to keep your computers and smartphones separate from IoT devices. So, if a device is compromised, a hacker still cannot get to all the valuable information that is saved on your computers. Check your router’s manual for instructions on how to set up a guest network. You may also want to consider investing in an advanced internet router that has built-in protection and can secure and monitor any device that connects to your network.
  • Install comprehensive security software –Finally, use comprehensive security software that can safeguard all your devices and data from known vulnerabilities and emerging threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How To Secure Your Smart Home appeared first on McAfee Blogs.

What MWC 2019 Shows Us About the Future of Connectivity

The time has come to say goodbye to Barcelona as we wrap up our time here at Mobile World Congress (MWC). Although it’s hard to believe that the show is already over, MWC 2019 managed to deliver a slew of showstoppers that captured our attention. Here are some of my main takeaways from the event:

Foldable Phones Are the Future

 MWC is an opportunity for telecommunications companies, chipmakers, and smartphone firms to show off their latest and greatest innovations, and they sure delivered this year. One particular device that had the show floor buzzing was the Huawei Mate X, a 5G-enabled smartphone that folds out to become an 8-inch tablet. Additionally, Samsung revealed its plans to hold a press event in early April for its foldable smartphone, the Galaxy Fold. Unlike Huawei’s Mate X, the Galaxy Fold bends so that it encloses like a book. Although neither of these devices are available at to the public yet, they’ve definitely made a bold statement when it comes to smartphone design.

Smart Home Technology Goes Mobile

 Google is one company taking advantage of smartphone enhancements by putting its Google Assistant into the Android texting app. Assistant for Android Messages allows slices of Google search results to be laid out for users based on their text messages. For example, if one user texted another asking to grab some lunch, a bubble would pop up authorizing Assistant to share suggestions for nearby restaurant locations. While Assistant for Android currently only works for movies and restaurants, we can imagine how this technology could expand to other facets of consumer lives. This addition also demonstrates how AI is slowly but surely making its way onto almost every high-end phone through its apps and other tools.

Enhancing the Gaming Experience with 5G, VR, and AR

Not to be shown up, gaming developers also made a statement by using 5G technology to bring gamers into a more immersed gaming environment. Mobile game developer Niantic, creator of Pokémon Go and the upcoming Harry Potter: Wizards Uniteapp, is already working on games that will require a 5G upgrade. One such prototype the company showcased, codenamed Neon, allows multiple people in the same place to play an augmented reality (AR) game at the same time. Each players’ phone shows them the game’s graphics superimposed on the real world and allows the players to shoot each other, duck and dodge, and pick up virtual items, all in real-time.

Niantic wasn’t the only one looking to expand the gaming experience with the help of 5G. At the Intel and Nokia booths, Sony set up an Oculus Rift VR game inspired by Marvel and Sony’s upcoming film Spider-Man: Far From Home. Thanks to the low latency and real-time responsiveness of 5G, one player in the Nokia booth was able to race the other player in the Intel booth as if they were swinging through spiderwebs in Manhattan. Players were able to experience how the next-generation of wireless technology will allow them to participate in a highly immersive gaming experience.

Bringing 4G and 5G to the Automotive Industry

Gaming isn’t the only industry that’s getting a facelift from 5G. At the show, Qualcomm announced two new additions to their automotive platform: the Qualcomm Snapdragon Automotive 4G and 5G Platforms. One of the main features of these platforms is vehicle-to-everything communication, or C-V2X, which allows a car to communicate with other vehicles on the road, roadside infrastructure, and more. In addition, the platforms offer a high-precision, multi-frequency global navigation satellite system, which will help enable self-driving implementations. The platforms also include features like multi-gigabit cloud connectivity, high bandwidth low latency teleoperations support, and precise positioning for lane-level navigation accuracy. These advancements in connectivity will potentially help future vehicles to improve safety, communications, and overall in-car experience for consumers.

Securing Consumers On-the-Go

The advancements in mobile connectivity have already made a huge impact on consumer lifestyles, especially given the widespread adoption of IoT devices and smart gadgets. But the rise in popularity of these devices has also caught the interest of malicious actors looking to access users’ networks. According to our latest Mobile Threat Report, cybercriminals look to trusted devices to gain access to other devices on the user’s home network. For example, McAfee researchers recently discovered a vulnerability within a Mr. Coffee brand coffee maker that could allow a malicious actor to access the user’s home network. In addition, they also uncovered a new vulnerability within BoxLock smart padlocks that could enable cybercriminals to unlock the devices within a matter of seconds.

And while consumers must take necessary security steps to combat vulnerabilities such as these, we at McAfee are also doing our part of help users everywhere remain secure. For instance, we’ve recently extended our partnerships with both Samsung and Türk Telekom in order to overcome some of these cybersecurity challenges. Together, we’re working to secure consumers from cyberthreats on Samsung Galaxy S10 smartphones and provide McAfee Safe Family protection for Türk Telekom’s fixed and mobile broadband customers.

While the likes of 5G, bendable smartphones, and VR took this year’s tradeshow by storm, it’s important for consumers to keep the cybersecurity implications of these advancements in mind. As the sun sets on our time here in Barcelona, we will keep working to safeguard every aspect of the consumer lifestyle so they can embrace improvements in mobile connectivity with confidence.

To stay on top of McAfee’s MWC news and the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post What MWC 2019 Shows Us About the Future of Connectivity appeared first on McAfee Blogs.

McAfee Partners With Telefónica To Help Secure Consumers Worldwide

These days, cyberattacks can feel relentless. Due to the interconnected nature of the world we live in, cybercriminals have managed to infiltrate our personal devices, our networks, and even our homes. That’s why we at McAfee believe it’s important now more than ever to secure every facet of the modern consumer lifestyle. And we’ve partnered with Telefónica to do just that.

This partnership first began back in February of last year, when ElevenPaths, Telefónica Cyber Security Unit, and McAfee announced we’re working together to reinforce the online security of Telefónica’s broadband and mobile customers across multiple markets. This partnership covers Europe and Latin America with plans to progressively roll out solutions in the different countries where Telefónica operates. It’s the first time a telecommunications company has delivered a security service to all of its customers, regardless of where they connect from. Fast forward to present day, and this partnership has only expanded. The global product developed by Telefónica and powered by McAfee was first launched in Spain as Movistar Conexión Segura, a service that protects home and mobile customers’ connectivity. Telefónica protects Fusión customers’ home connections with a smart router, thanks to the ElevenPaths solution powered by McAfee Secure Home Platform, which enables seamless security and easy activation. Conexión Segura is also available for Movistar mobile customers, including network protection and one license of Seguridad Dispositivo, a multi-device security protection. Only a few weeks after Spain, Movistar Argentina launched the solution for its fixed and mobile customers. These services help realize Telefónica’s “Security by Default” strategy, offering customers a more robust security solution that protects against threats like viruses, malware, phishing, and emerging IoT threats.

Telefónica and McAfee’s 360 partnership is dedicated to protecting the productivity of consumers everywhere. “This agreement gives customers current and contextual information on their cybersecurity status so they can stay connected with confidence,” said Pedro Pablo Pérez, Global Security VP of Telefónica and CEO of ElevenPaths, Telefónica Cybersecurity Unit.

ElevenPaths and Mcafee’s joint vision to create a more secure tomorrow brings us a step closer to stopping widespread cyberattacks. By joining forces to implement more robust security solutions around the world, we can ensure that our connectivity goes undisrupted. Because together is power.

To learn more about consumer security and our approach to it, be sure to follow us at @ElevenPaths and @McAfee.

The post McAfee Partners With Telefónica To Help Secure Consumers Worldwide appeared first on McAfee Blogs.

Kicking Off MWC 2019 with Insights on Mobile Security and Growing Partnerships

We’ve touched down in Barcelona for Mobile World Congress 2019 (MWC), which is looking to stretch the limits of mobile technology with new advancements made possible by the likes of IoT and 5G. This year, we are excited to announce the unveiling of our 2019 Mobile Threat Report, our extended partnership with Samsung to protect Galaxy S10 smartphones, and our strengthened partnership with Türk Telekom to provide a security solution to protect families online.

Mobile Connectivity and the Evolving Threat Landscape

These days, it’s a rare occurrence to enter a home that isn’t utilizing smart technology. Devices like smart TVs, voice assistants, and security cameras make our lives more convenient and connected. However, as consumers adopt this technology into their everyday lives, cybercriminals find new ways to exploit these devices for malicious activity. With an evolving threat landscape, cybercriminals are shifting their tactics in response to changes in the market. As we revealed in our latest Mobile Threat Report, malicious actors look for ways to maximize their profit, primarily through gaining control of trusted IoT devices like voice assistants. There are over 25 million voice assistants in use across the globe and many of these devices are connected to other things like thermostats, door locks, and smart plugs. With this increase in connectivity, cybercriminals have more opportunities to exploit users’ devices for malicious purposes. Additionally, cybercriminals are leveraging users’ reliance on their mobile phones to mine for cryptocurrency without the device owner’s knowledge. According to our Mobile Threat Report, cybersecurity researchers found more than 600 malicious cryptocurrency apps spread across 20 different app stores. In order to protect users during this time of rapid IoT and mobile growth, we here at McAfee are pushing to deliver solutions for relevant, real-world security challenges with the help of our partners.

Growing Partnerships to Protect What Matters

Some cybersecurity challenges we are working to overcome include threats like mobile malware and unsecured Wi-Fi. This year, we’ve extended our long-standing partnership with Samsung to help secure consumers from cyberthreats on Samsung Galaxy S10 smartphones. McAfee is also supporting Samsung Secure Wi-Fi service by providing backend infrastructure to protect consumers from risky Wi-Fi. In addition to mobile, this partnership also expands to help protect Samsung smart TVs, PCs, and laptops.

We’ve also strengthened our partnership with Türk Telekom, Turkey’s largest fixed broadband ISP. Last year, we announced this partnership to deliver cross-device security protection. This year, we’re providing a security solution to help parents protect their family’s digital lives. Powered by McAfee Safe Family, Türk Telekom’s fixed and mobile broadband customers will have the option to benefit from robust parental controls. These controls will allow parents to better manage their children’s online experience and give them greater peace of mind.

We’re excited to see what’s to come for the rest of MWC, and how these announcements will help improve consumers’ digital experiences. It is our hope that by continuing to extend our relationships with technology innovators, we can help champion built-in security across devices and networks.

To stay on top of McAfee’s MWC news and the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Kicking Off MWC 2019 with Insights on Mobile Security and Growing Partnerships appeared first on McAfee Blogs.

MWC 2019: The Key to Establishing Digital Trust with Intelligent Connectivity

These days, it’s rare to walk into a home that doesn’t have a smart device in use. From voice assistants, smart TVs, tablets, and more, these devices have greatly enhanced our way of life through intelligent connectivity. Intelligent connectivity is defined by the highly contextualized and personal experiences offered by the smart devices we utilize on a daily basis. However, as manufacturers continue to push out the latest technology to stay ahead of their competitors, device security isn’t always top-of-mind. As a result, the level of confidence consumers have in their devices is reduced. At McAfee, we understand that the notion of digital trust is imperative to the future of security as we adopt technologies shaped by the likes of 5G networks, the Internet of Things (IoT), artificial intelligence (AI), and big data. And as we head into Mobile World Congress 2019 (MWC), one can’t help but wonder, how will these advancements shape the future of mobile connectivity?

Almost every new device is built to connect, and as our 2019 Threats Predictions Report showed us, our dependence on technology is ubiquitous. Take your smartphone, for example. Everywhere you go, this minicomputer allows you to chat with your friends online, send emails, and look up new information with just the press of a button. Only upping the ante, 5G is set to roll out across the nation, bringing greater speed to handheld devices with more data and lower latency. These benefits will set the stage for more IoT devices, such as your smart refrigerator or smart plug, to connect to the network as well. The ability to control the temperature of your refrigerator from your smartphone is a pretty cool capability. But what happens if your smartphone gets hacked and a cybercriminal remotely disables your refrigerator? You may be left with a bigger problem than some spoiled food.

With all of your smart devices on the same 5G network, malicious actors can gain full access to the data that lives in your smart home technology through just your mobile phone. The increase in devices on the 5G network also increases the risk of Distributed Denial-of-service, or DDoS, attacks. These attacks are caused by cybercriminals flooding a network with so much traffic that it can’t operate or communicate as it normally would. And with more IoT devices operating on the 5G network, the consequences of such a cyberattack could be truly crippling. So, how can we continue to trust the devices we use on a daily basis despite the cybersecurity risks caused by greater connectivity?

Digital trust, or the level of confidence consumers have in their technology and mobile devices, is extremely delicate. And as our experiences with our devices become more and more personalized thanks to intelligent connectivity, it’s important to realize that it can’t be intelligent if there is no trust. That’s why consumers should embrace advancements in mobile technology but remember to keep cybersecurity practices at the forefront.

Whether you’re headed out to Barcelona for MWC 2019 or watching from afar, we here at McAfee are committed to helping you take the necessary precautions required in order to connect with confidence in a world where everything is built to connect.

Stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post MWC 2019: The Key to Establishing Digital Trust with Intelligent Connectivity appeared first on McAfee Blogs.

The Risks of Public Wi-Fi and How to Close the Security Gap

public wi-fi risksAs I write this blog post, I’m digitally exposed, and I know it. For the past week, I’ve had to log on to a hospital’s public Wi-Fi each day to work while a loved one recuperates.

What seems like a routine, casual connection to the hospital’s Wi-Fi isn’t. Using public Wi-Fi is a daily choice loaded with risk. Sure, I’m conducting business and knocking out my to-do list like a rock star but at what cost to my security?

The Risks

By using public Wi-Fi, I’ve opened my online activity and personal data (via my laptop) up to a variety of threats including eavesdropping, malware distribution, and bitcoin mining. There’s even a chance I could have logged on to a malicious hotspot that looked like the hospital network.

Like many public Wi-Fi spots, the hospital’s network could lack encryption, which is a security measure that scrambles the information sent from my computer to the hospital’s router so other people can’t read it. Minus encryption, whatever I send over the hospital’s network could potentially be intercepted and used maliciously by cybercriminals.

Because logging on to public Wi-Fi is often a necessity — like my situation this week — security isn’t always the first thing on our minds. But over the past year, a new normal is emerging. A lot of us are thinking twice. With data breaches, privacy concerns, the increase in the market for stolen credentials, and increasingly sophisticated online scams making the headlines every day, the risks of using public Wi-Fi are front and center.

Rising Star: VPNpublic wi-fi risks

The solution to risky public Wi-Fi? A Virtual Private Network (VPN). A VPN allows users to securely access a private network and share data remotely through public networks. Much like a firewall protects the data on your computer, a VPN protects your online activity by encrypting your data when you connect to the internet from a remote or public location. A VPN also conceals your location, IP address, and online activity.

Using a VPN helps protect you from potential hackers using public Wi-Fi, which is one of their favorite easy-to-access security loopholes.

Who Needs a VPN?

If you (or your family members) travel and love to shop online, access your bank account, watch movies, and do everyday business via your phone or laptop, a VPN would allow you to connect safely and encrypt your data no matter where you are.

A VPN can mask, or scramble, your physical location, banking account credentials, and credit card information.

Also, if you have a family data plan you’ve likely encouraged your kids to save data by connecting to public Wi-Fi whenever possible. Using a VPN, this habit would be secured from criminal sniffers and snoopers.

A VPN allows you to connect to a proxy server that will access online sites on your behalf and enables a secure connection most anywhere you go. A VPN also allows hides your IP address and allows you to browse anonymously from any location.

How VPNs work

To use a VPN you subscribe to VPN service, download the app onto your desktop or phone, set up your account, and then log onto a VPN server to conduct your online activity privately.

If you are still logging on to public Wi-Fi, here are a few tips to keep you safe until VPNs become as popular as Wi-Fi.

Stay Safe on Public Wi-Fi 

Verify your connection. Fake networks that mine your data abound. If you are logging on to Wi-Fi in a coffee shop, hotel, airport, or library, verify the exact name of the network with an employee. Also, only use Wi-Fi that requires a password to log on.public wi-fi risks

Don’t get distracted. For adults, as well as kids, it’s easy to get distracted and absorbed with our screens — this is risky when on public Wi-Fi, according to Diana Graber, author of Raising Humans in a Digital World. “Knowing how to guard their personal information online is one of the most important skills parents need to equip their young kids with today,” says Graber. “Lots of young people visit public spaces, like a local coffee shop or library, and use public Wi-Fi to do homework, for example. It’s not uncommon for them to get distracted by something else online or even tempted to buy something, without realizing their personal information (or yours!) might be at risk.”

Disable auto Wi-Fi connect. If your phone automatically joins surrounding networks, you can disable this function in your settings. Avoid linking to unknown or unrecognized networks.

Turn off Wi-Fi when done. Your computer or phone can still transmit data even when you are not using it. Be sure to disable your Wi-Fi from the network when you are finished using it.

Avoid financial transactions. If you must use public Wi-Fi, don’t conduct a sensitive transaction such as banking, shopping, or any kind of activity that requires your social security or credit card numbers or password use. Wait until you get to a secured home network to conduct personal business.

Look for the HTTPS. Fake or unsecured websites will not have the HTTPS in their address. Also, look for the little lock icon in the address bar to confirm a secure connection.

Secure your devices. Use a personal VPN as an extra layer of security against hackers and malware.

The post The Risks of Public Wi-Fi and How to Close the Security Gap appeared first on McAfee Blogs.

How Safe is Your Child’s School WiFi?

School WiFi. For many of our digital natives, school WiFi may even be a more important part of their daily life than the canteen!! And that is saying something…

You’d be hard pressed to find a child who rocked up to school without a device in their backpack in our digital age. The vast majority of schools have embraced the many positive learning benefits that internet-connected devices offer our kids. The traditional blackboard and textbook lessons that were confined to the four walls of the classroom are gone. Instead our kids can research, discover, collaborate, create and most importantly, learn like never before.

But in order for this new learning to occur, our kids need to be internet connected. And this is where school WiFi comes into play.

Do Parents Need to Be Concerned About School WiFi?

As parents, we have a responsibility to ensure our kids are safe and not at risk – and that includes when they are using the WiFi at school. Ideally, your child’s school should have a secure WiFi network but unfortunately, that doesn’t mean that they do. School budgets are tight and top-notch secure WiFi networks are expensive, so in some cases, security maybe jeopardised.

The other factor we shouldn’t ignore is that our batch of digital natives are very tech literate. The possibility that one of them may choose to cause some mayhem to their school WiFi network should also not be ignored!!

At the end of the day, the security of a WiFi network is all about whether it has tight access controls. If it allows only approved devices and people to connect via a secure login then it is more secure than public WiFi. However, if it is open to anyone or easy for anyone to connect to it, then you need to treat it like public WiFi.

What Are the Risks?

An unsecured school WiFi network is as risky as public WiFi which, according to the Harvard Business Review, is as risky as rolling a dice,

Students and staff who use an unsecured WiFi network are at risk of receiving phishing emails, being the victim of a ransomware attack or even having their data or personal details stolen. There is also a risk that the entire school’s operations could be disrupted and possibly even closed down through a DDOS – a Denial of Service Attack.

What Can Parents Do to Ensure Their Kids Are Safe Using School WiFi?

There are several steps parents can take to minimise the risks when their offspring use school WiFi.

  1. Talk To Your School

The first thing to do is speak to your child’s school to understand exactly how secure their network is. I’d recommend asking who has access to the network, what security practices they have in place and how they manage your child’s private data.

  1. Install Security Software

Operating a device without security software is no different to leaving your front door unlocked. Installing security software on all devices, including smartphones, will provide protection against viruses, online threats, risky websites and dangerous downloads. Check out McAfee’s Total Protection security software for total peace of mind!

  1. Keep Device Software Up To Date

Software updates are commonly designed to address security issues. So ensuring ALL your devices are up to date is a relatively easy way of minimising the risk of being hacked.

  1. Schedule Regular Data Back Up

If you are the victim of a ransomware attack and your data is backed up then you won’t even have to consider paying the hefty fee to retrieve your (or your child’s) data. Backing up data regularly should be not negotiable however life can often get in the way. Why not schedule automatic backups? I personally love online backup options such as Dropbox and Google Drive however you may choose to invest in a hard drive.

  1. Public Wi-Fi Rules?

If after talking to your school, you aren’t convinced that your child’s school WiFi network is secure, then I recommend that your kids should treat it as if it was public WiFi. This means that they should NEVER conduct any financial transactions using it and never share any personal details. But the absolute best way of ensuring your child is safe using an unsecured WiFi network, is to use a Virtual Private Network (VPN). A VPN like McAfee’s Safe Connect creates an encrypted tunnel so anything that is shared over WiFi is completely safe.

As a mum of 4, I am very keen to ensure my kids are engaged with their learning. And in our digital times, this means devices and WiFi. So, let’s support our kids and their teachers in their quest for interactive, digital learning but please don’t forget to check in and ensure your kids are as safe as possible while using WiFi at school.

Take Care

Alex xx

The post How Safe is Your Child’s School WiFi? appeared first on McAfee Blogs.