computer security

See-family-photo-album-1-300x300.jpg

3 Things You [Probably] Do Online Every Day that Jeopardize Your Family’s Privacy

3 Things You [Probably] Do Online Every Day that Jeopardize Your Family’s Privacy

3 Things You [Probably] Do Online Every Day that Jeopardize Your Family’s PrivacyEven though most of us are aware of the potential risks, we continue to journal and archive our daily lives online publically. It’s as if we just can’t help it. Our kids are just so darn cute, right? And, everyone else is doing it, so why not join the fun?

One example of this has become the digital tradition of parents sharing first-day back-to-school photos. The photos feature fresh-faced, excited kids holding signs to commemorate the big day. The signs often include the child’s name, age, grade, and school. Some back-to-school photos go as far as to include the child’s best friend’s name, favorite TV show, favorite food, their height, weight, and what they want to be when they grow up.

Are these kinds of photos adorable and share-worthy? Absolutely. Could they also be putting your child’s safety and your family’s privacy at risk? Absolutely.

1. Posting identifying family photos

Think about it. If you are a hacker combing social profiles to steal personal information, all those extra details hidden in photos can be quite helpful. For instance, a seemingly harmless back-to-school photo can expose a home address or a street sign in the background. Cyber thieves can zoom in on a photo to see the name on a pet collar, which could be a password clue, or grab details from a piece of mail or a post-it on the refrigerator to add to your identity theft file. On the safety side, a school uniform, team jersey, or backpack emblem could give away a child’s daily location to a predator.

Family Safety Tips
  • Share selectively. Facebook has a private sharing option that allows you to share a photo with specific friends. Instagram has a similar feature.
  • Private groups. Start a private Family & Friends Facebook group, phone text, or start a family chat on an app like GroupMe. This way, grandma and Aunt June feel included in important events, and your family’s personal life remains intact.
  • Photo albums. Go old school. Print and store photos in a family photo album at home away from the public spotlight.
  • Scrutinize your content. Think before you post. Ask yourself if the likes and comments are worth the privacy risk. Pay attention to what’s in the foreground or background of a photo.
  • Use children’s initials. Instead of using your child’s name online, use his or her initials or even a digital nickname when posting. Ask family members to do the same.

2. Using trendy apps, quizzes & challengesfamily privacy

It doesn’t take much to grab our attention or our data these days. A survey recently conducted by the Center for Data Innovation found that 58 percent of Americans are “willing to share their most sensitive personal data” (including medical and location data) in return for using apps and services.

If you love those trendy face-morphing apps, quizzes that reveal what celebrity you look like, and taking part in online challenges, you are likely part of the above statistic. As we learned just recently, people who downloaded the popular FaceApp to age their faces didn’t realize the privacy implications. Online quizzes and challenges (often circulated on Facebook) can open you up to similar risk.

Family Safety Tips

  • Slow down. Read an app’s privacy policy and terms. How will your content or data be used? Is this momentary fun worth exchanging my data?
  • Max privacy settings. If you download an app, adjust your device settings to control app permissions immediately.
  • Delete unused apps. An app you downloaded five years ago and forgot about can still be collecting data from your phone. Clean up and delete apps routinely.
  • Protect your devices. Apps, quizzes, and challenges online can be channels for malicious malware. Take the extra step to ensure your devices are protected.

3. Unintentionally posting personal details

Is it wrong to want an interesting Facebook or Instagram profile? Not at all. But be mindful you are painting a picture with each detail you share. For instance: It’s easy to show off your new dog Fergie and add your email address and phone number to your social profile so friends can easily stay in touch. It’s natural to feel pride in your hometown of Muskogee, to celebrate Katie Beth‘s scholarship and Justin‘s home run. It’s natural to want to post your 23rd anniversary to your beloved Michael (who everyone calls Mickey Dee) on December 15. It’s also common to post about a family reunion with the maternal side of your family, the VanDerhoots.

family privacyWhile it may be common to share this kind of information, it’s still unwise since this one paragraph just gave a hacker 10+ personal details to use in figuring out your passwords.

Family Safety Tips

  • Use, refresh strong passwords. Change your passwords often and be sure to use a robust and unique password or passphrase (i.e., grannymakesmoonshine or glutenfreeformeplease) and make sure you vary passwords between different logins. Use two-factor authentication whenever possible.
  • Become more mysterious. Make your social accounts private, use selective sharing options, and keep your profile information as minimal as possible.
  • Reduce your friend lists. Do you know the people who can daily view your information? To boost your security, consider curating your friend lists every few months.
  • Fib on security questions. Ethical hacker Stephanie Carruthers advises people who want extra protection online to lie on security questions. So, when asked for your mother’s maiden name, your birthplace, or your childhood friend, answer with Nutella, Disneyland, or Dora the Explorer.

We’ve all unwittingly uploaded content, used apps, or clicked buttons that may have compromised our privacy. That’s okay, don’t beat yourself up. Just take a few hours and clean up, lockdown, and streamline your social content. With new knowledge comes new power to close the security gaps and create new digital habits.

The post 3 Things You [Probably] Do Online Every Day that Jeopardize Your Family’s Privacy appeared first on McAfee Blogs.

McAfee_consumer_1male2female_tablet_laptop_coffeeshop_72dpi-300x180.jpg

Lights, Camera, Cybersecurity: What You Need to Know About the MoviePass Breach

Lights, Camera, Cybersecurity: What You Need to Know About the MoviePass Breach

If you’re a frequent moviegoer, there’s a chance you may have used or are still using movie ticket subscription service and mobile app MoviePass. The service is designed to let film fanatics attend a variety of movies for a convenient price, however, it has now made data convenient for cybercriminals to potentially get ahold of. According to TechCrunch, the exposed database contained 161 million records, with many of those records including sensitive user information.

So, what exactly do these records include? The exposed user data includes 58,000 personal credit cards and customer card numbers, which are similar to normal debit cards. They are issued by Mastercard and store a cash balance that users can use to pay so they can watch a catalog of movies. In addition to the MoviePass customer cards and financial information numbers, other exposed data includes billing addresses, names, and email addresses. TechCrunch reported that a combination of this data could very well be enough information to make fraudulent purchases.

The database also contained what researchers presumed to be hundreds of incorrectly typed passwords with user email addresses. With this data, TechCrunch attempted to log into the database using a fake email and password combination. Not only did they immediately gain access to the MoviePass account, but they found that the fake login credentials were then added to the database.

Lights, Camera, Cybersecurity: What You Need to Know About the MoviePass Breach

Since then, TechCrunch reached out to MoviePass and the company has since taken the database offline. However, with this personal and financial information publicly accessible for quite some time, users must do everything in their power to safeguard their data. Here are some tips to help keep your sensitive information secure:

  • Review your accounts. Be sure to look over your credit card and banking statements and report any suspicious activity as soon as possible.
  • Place a fraud alert. If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
  • Consider using identity theft protection. A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity.

And, as always, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Lights, Camera, Cybersecurity: What You Need to Know About the MoviePass Breach appeared first on McAfee Blogs.

img_1613212764085495-300x225.jpg

Dorms, Degrees, and Data Security: Prepare Your Devices for Back to School Season

Dorms, Degrees, and Data Security: Prepare Your Devices for Back to School Season

With summer coming to a close, it’s almost time for back to school! Back to school season is an exciting time for students, especially college students, as they take their first steps towards independence and embark on journeys that will shape the rest of their lives. As students across the country prepare to start or return to college, we here at McAfee have revealed new findings indicating that many are not proactively protecting their academic data. Here are the key takeaways from our survey of 1,000 Americans, ages 18-25, who attend or have attended college:

Education Needs to Go Beyond the Normal Curriculum

While many students are focused on classes like biology and business management, very few get the proper exposure to cybersecurity knowledge. 80% of students have been affected by a cyberattack or know a friend or family member who has been affected. However, 43% claim that they don’t think they will ever be a victim of a cybercrime in the future.

Educational institutions are very careful to promote physical safety, but what about cyber safety? It turns out only 36% of American students claim that they have learned how to keep personal information safe through school resources. According to 42% of our respondents, they learn the most about cybersecurity from the news. To help improve cybersecurity education in colleges and universities, these institutions should take a certain level of responsibility when it comes to training students on how they can help keep their precious academic data safe from cybercriminals.

Take Notes on Device Security

Believe it or not, many students fail to secure all of their devices, opening them up to even more vulnerabilities. While half of students have security software installed on their personal computers, this isn’t the case for their tablets or smartphones. Only 37% of students surveyed have smartphone protection, and only 13% have tablet protection. What’s more, about one in five (21%) students don’t use any cybersecurity products at all.

Class Dismissed: Cyberattacks Targeting Education Are on the Rise

According to data from McAfee Labs, cyberattacks targeting education in Q1 2019 have increased by 50% from Q4 2018. The combination of many students being uneducated in proper cybersecurity hygiene and the vast array of shared networks that these students are simultaneously logged onto gives cybercriminals plenty of opportunities to exploit when it comes to targeting universities. Some of the attacks utilized include account hijacking and malware, which made up more than 70% of attacks on these institutions from January to May of 2019. And even though these attacks are on the rise, 90% of American students still use public Wi-Fi and only 18% use a VPN to protect their devices.

Dorms, Degrees, and Data Security: Prepare Your Devices for Back to School Season

Become a Cybersecurity Scholar

In order to go into this school year with confidence, students should remember these security tips:

  • Never reuse passwords. Use a unique password for each one of your accounts, even if it’s for an account that doesn’t hold a lot of personal information. You can also use a password manager so you don’t have to worry about remembering various logins.
  • Always set privacy and security settings. Anyone with access to the internet can view your social media if it’s public. Protect your identity by turning your profiles to private so you can control who can follow you. You should also take the time to understand the various security and privacy settings to see which work best for your lifestyle.
  • Use the cloud with caution. If you plan on storing your documents in the cloud, be sure to set up an additional layer of access security. One way of doing this is through two-factor authentication.
  • Always connect with caution. If you need to conduct transactions on a public Wi-Fi connection, use a virtual private network (VPN) to keep your connection secure.
  • Discuss cyber safety often. It’s just as important for families to discuss cyber safety as it is for them to discuss privacy on social media. Talk to your family about ways to identify phishing scams, what to do if you may have been involved in a data breach, and invest in security software that scans for malware and untrusted sites.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Dorms, Degrees, and Data Security: Prepare Your Devices for Back to School Season appeared first on McAfee Blogs.

McAfee_consumer_family_selfportrait-beach_72dpi-300x200.jpg

Downloaded FaceApp? Here’s How Your Privacy Is Now Affected

Downloaded FaceApp? Here’s How Your Privacy Is Now Affected

If you’ve been on social media recently, you’ve probably seen some people in your feed posting images of themselves looking elderly. That’s because FaceApp, an AI face editor that went viral in 2017, is making a major comeback with the so-called FaceApp Challenge — where celebrities and others use the app’s old age filter to add decades onto their photos. While many folks have participated in the fun, there are some concerns about the way that the app operates when it comes to users’ personal privacy.

According to Forbes, over 100,000 million people have reportedly downloaded FaceApp from the Google Play Store and the app is the number one downloaded app on the Apple App Store in 121 different countries. But what many of these users are unaware of is that when they download the app, they are granting FaceApp full access to the photos they have uploaded. The company can then use these photos for their benefit, such as training their AI facial recognition algorithm. And while there is currently nothing to indicate that the app is taking photos for malicious intent, it is important for users to be aware that their personal photos may be used for other purposes beyond the original intent.

Downloaded FaceApp? Here’s How Your Privacy Is Now Affected

So, how can users enjoy the entertainment of apps like FaceApp without sacrificing their privacy? Follow these tips to help keep your personal information secure:

  • Think before you upload. It’s always best to err on the side of caution with any personal data and think carefully about what you are uploading or sharing. A good security practice is to only share personal data, including personal photos, when it’s truly necessary.
  • Update your settings. If you’re concerned about FaceApp having permission to access your photos, it’s time to assess the tools on your smartphone. Check which apps have access to information like your photos and location data. Change permissions by either deleting the app or changing your settings on your device.
  • Understand and read the terms. Consumers can protect their privacy by reading the Privacy Policy and terms of service and knowing who they are dealing with.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Downloaded FaceApp? Here’s How Your Privacy Is Now Affected appeared first on McAfee Blogs.

McAfee_consumer_1female_laptop_working_cafe_72dpi-300x200.jpg

Watch Your Webcam: Tips to Protect Your Mac From Zoom Hackers

Watch Your Webcam: Tips to Protect Your Mac From Zoom Hackers

You’ve probably heard of the popular video conferencing platform, Zoom. This platform enables its millions of users in various locations to virtually meet face to face. In an effort to enhance user experience and work around changes in Safari 12, Zoom installed a web server that allows users to enjoy one-click-to-join meetings. Unfortunately, a security researcher recently disclosed that this product feature acts as a flaw that could allow cybercriminals to activate a Mac user’s webcam without their permission.

How exactly does this vulnerability work? Cybercriminals are able to exploit a feature that allows users to send a meeting link directly to a recipient. When the recipient clicks on the link, they are automatically launched into the video conferencing software. If the user has previously installed the Zoom app onto their Mac and hasn’t turned off their camera for meetings, Zoom will auto-join the user to a conference call with the camera on. With this flaw, an attacker can send a victim a meeting link via email message or web server, allowing them to look into a victim’s room, office, or wherever their camera is pointing. It’s important to note that even if a user has deleted the Zoom app from their device, the Zoom web server remains, making the device susceptible to this vulnerability.

While the thought of someone unknowingly accessing a user’s Mac camera is creepy, this vulnerability could also result in a Denial of Service (DoS) attack by overwhelming a user’s device with join requests. And even though this patch has been successfully patched by Zoom, it’s important for users to realize that this update is not enforced by the platform. So, how can Zoom users avoid getting sucked into a potentially malicious call? Check out these security tips to stay secure on conference calls:

  • Adjust your Zoom settings. Users can disable the setting that allows Zoom to turn your camera on when joining a meeting. This will prevent a hacker from accessing your camera if you are sent a suspicious meeting link.
  • Update, update, update. Be sure to manually install the latest Zoom update to prevent DoS or other potential attacks. Additionally, Zoom will introduce an update in July that allows users to apply video preferences from their first call to all future calls. This will ensure that if a user joins their first meeting without video, this setting will remain consistent for all other calls.

And, as usual, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Watch Your Webcam: Tips to Protect Your Mac From Zoom Hackers appeared first on McAfee Blogs.

twitter39-300x169.jpg

#Verified or Phishing Victim? 3 Tips to Protect Your Instagram Account

#Verified or Phishing Victim? 3 Tips to Protect Your Instagram Account

If you’re an avid Instagram user, chances are you’ve come across some accounts with a little blue checkmark next to the username. This little blue tick is Instagram’s indication that the account is verified. While it may seem insignificant at first glance, this badge actually means that Instagram has confirmed that the account is an authentic page of a public figure, celebrity, or global brand. In today’s world of social media influencers, receiving a verified badge is desirable so other users know you’re a significant figure on the platform. However, cybercriminals are taking advantage of the appeal of being Instagram verified as a way to convince users to hand over their credentials.

So, how do cybercriminals carry out this scheme? According to security researcher Luke Leal, this scam was distributed as a phishing page through Instagram. The page resembled a legitimate Instagram submission page, prompting victims to apply for verification. After clicking on the “Apply Now” button, victims were taken to a series of phishing forms with the domain “Instagramforbusiness[.]info.” These forms asked users for their Instagram logins as well as confirmation of their email and password credentials. However, if the victim submitted the form, their Instagram credentials would make their way into the cybercriminal’s email inbox. With this information, the cybercrooks would have unauthorized access to the victim’s social media page. What’s more, since this particular phishing scam targets a user’s associated email login, hackers would have the capability of resetting and verifying ownership of the victim’s account.

#Verified or Phishing Victim? 3 Tips to Protect Your Instagram Account

Whether you’re in search of an Instagram verification badge or not, it’s important to be mindful of your cybersecurity. And with Social Media Day right around the corner, check out these tips to keep your online profiles protected from phishing and other cyberattacks:

  • Exercise caution when inspecting links. If you examine the link used for this scam (Instagramforbusiness[.]info), you can see that it is not actually affiliated with Instagram.com. Additionally, it doesn’t use the secure HTTPS protocol, indicating that it is a risky link. Always inspect a URL before you click on it. And if you can’t tell whether a link is malicious or not, it’s best to avoid interacting with it altogether.
  • Don’t fall for phony pages. If you or a family member is in search of a verified badge for their Instagram profile, make sure they are familiar with the process. Instagram users should go into their own account settings and click on “Request on verification” if they are looking to become verified. Note that Instagram will not ask for your email or password during this process, but will send you a verification link via email instead.
  • Reset your password. If you suspect that a hacker is attempting to gain control of your account, play it safe by resetting your password.

And, as usual, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post #Verified or Phishing Victim? 3 Tips to Protect Your Instagram Account appeared first on McAfee Blogs.

img_1613966792344381-240x300.jpg

Process Reimaging: A Cybercrook’s New Disguise for Malware

Process Reimaging: A Cybercrook’s New Disguise for Malware

As of early 2019, Windows 10 is running on more than 700 million devices, including PCs, tablets, phones, and even some gaming consoles. However, it turns out the widespread Windows operating system has some inconsistencies as to how it specifically determines process image file locations on disk. Our McAfee Advanced Threat Research team decided to analyze these inconsistencies and as a result uncovered a new cyberthreat called process reimaging. Similar to process doppelganging and process hollowing, this technique evades security measures, but with greater ease since it doesn’t require code injection. Specifically, this technique affects the ability for a Windows endpoint security solution to detect whether a process executing on the system is malicious or benign, allowing a cybercrook to go about their business on the device undetected.

Let’s dive into the details of this threat. Process reimaging leverages built-in Windows APIs, or application programming interfaces, which allow applications and the operating system to communicate with one another. One API dubbed K32GetProcessImageFileName allows endpoint security solutions, like Windows Defender, to verify whether an EXE file associated with a process contains malicious code. However, with process reimaging, a cybercriminal could subvert the security solution’s trust in the windows operating system APIs to display inconsistent FILE_OBJECT names and paths. Consequently, Windows Defender misunderstands which file name or path it is looking at and can no longer tell if a process is trustworthy or not. By using this technique, cybercriminals can persist malicious processes executing on a user’s device without them even knowing it.

So, the next question is — what can Windows users do to protect themselves from this potential threat? Check out these insights to help keep your device secure:

  • Update your software. Microsoft has issued a partial fix that stops cybercriminals from exploiting file names to disguise malicious code, which helps address at least part of the issue for Windows Defender only. And while file paths are still viable for exploitation, it’s worth updating your software regularly to ensure you always have the latest security patches, as this is a solid practice to work into your cybersecurity routine.
  • Work with your endpoint security vendor. To help ensure you’re protected from this threat, contact your endpoint security provider to see if they protect against process reimaging.

And, as always, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Process Reimaging: A Cybercrook’s New Disguise for Malware appeared first on McAfee Blogs.

twitter56-300x169.jpg

Bargain or Bogus Booking? Learn How to Securely Plan Summer Travel

Bargain or Bogus Booking? Learn How to Securely Plan Summer Travel

With summertime just around the corner, families are eagerly looking to book their next getaway. Since vacation is so top-of-mind during the summer months, users are bound to come across websites offering cheap deals on flights, accommodations, and other experiences and activities. With so many websites claiming to offer these “can’t-miss deals,” how do you know who to trust?

It turns out that this is a common concern among folks looking for a little summer getaway. According to our recent survey of 8,000 people across the UK, US, Canada, Australia, France, Germany, Spain, and Singapore, 54% of respondents worry about their identity being stolen while booking and purchasing travel and accommodation online. However, 27% don’t check the authenticity of a website before booking their vacation online. Over half of these respondents say that it doesn’t cross their minds to do so.

These so-called “great deals” can be difficult to pass up. Unfortunately, 30% of respondents have been defrauded thanks to holiday travel deals that were just too good to be true. What’s more, 46.3% of these victims didn’t realize they had been ripped off until they arrived at their holiday rental to find that the booking wasn’t actually valid.

In addition to avoiding bogus bookings, users should also refrain from risky online behavior while enjoying their summer holidays. According to our survey, 44.5% of respondents are putting themselves at risk while traveling by not checking the security of their internet connection or willingly connecting to an unsecured network. 61% also stated that they never use a VPN, while 22% don’t know what a VPN is.

Unfortunately, travel-related attacks aren’t limited to just travelers either; hotels are popular targets for cybercriminals. According to analysis conducted by the McAfee Advanced Threat Research team, the most popular attack vectors are POS malware and account hijacking. Due to these attacks, eager vacationers have had their customer payment, credit card data, and personally identifiable information stolen. In order for users to enjoy a worry-free vacation this summer, it’s important that they are aware of the potential cyberthreats involved when booking their trips online and what they can do to prevent them.

Bargain or Bogus Booking? Learn How to Securely Plan Summer Travel

We here at McAfee are working to help inform users of the risks they face when booking through unsecured or unreliable websites as well as when they’re enjoying some summertime R&R. Check out the following tips so you can enjoy your vacation without questioning the status of your cybersecurity:

  • Always connect with caution. If you need to conduct transactions on a public Wi-Fi connection, use a virtual private network (VPN) to help keep your connection secure.
  • Think before you click. Often times, cybercriminals use phishing emails or fake sites to lure consumers into clicking links for products or services that could lead to malware. If you receive an email asking you to click on a link with a suspicious URL, it’s best to avoid interacting with the message altogether.
  • Browse with security protection. Use a comprehensive security solution, like McAfee Total Protection, which includes McAfee WebAdvisor that can help identify malicious websites.
  • Utilize an identity theft solution. With all this personal data floating around online, it’s important to stay aware of any attempts to steal your identity. Use an identity theft solution, such as McAfee Identity Theft Protection, that can help protect personally identifiable information from identity theft and fraud.

And, as always, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Bargain or Bogus Booking? Learn How to Securely Plan Summer Travel appeared first on McAfee Blogs.

vox-messenger-secure-corpLogo-60x60

End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.

Vox Messenger is a secure alternative to other popular chat messenger apps.

Available for Free. Whitelabel Corporate Edition Coming Soon.

All Rights Reserved - Copyright @ 2018 - Vox Messenger (a Division of Kryotech Ltd.)