cybersecurity

twitter24-300x169.jpg

It’s Beginning to Look a Lot Like Holiday Shopping: Secure Your Online Purchases

It’s Beginning to Look a Lot Like Holiday Shopping: Secure Your Online Purchases

As we gear up to feast with family and friends this Thanksgiving, we also get our wallets ready for Black Friday and Cyber Monday. Black Friday and Cyber Monday have practically become holidays themselves, as each year they immediately shift our attention from turkey and pumpkin pie to holiday shopping. Let’s take a look at these two holidays, and how their popularity can impact users’ online security.

The Origins of the Holiday Shopping Phenomenon

You might be surprised to find out that the term “Black Friday” was first associated with a financial crisis, not sales shopping. According to The Telegraph, the U.S. gold market crashed on Friday, September 24, 1869, leaving Wall Street bankrupt. It wasn’t until the 1950s that Black Friday was used in association with holiday shopping when large crowds of tourists and shoppers flocked to Philadelphia for a big football game. Because of all the chaos, traffic jams, and shoplifting opportunities that arose, police officers were unable to take the day off, coining it Black Friday. It wasn’t until over 50 years later that Cyber Monday came to fruition when Shop.org coined the term as a way for online retailers to participate in the Black Friday shopping frenzy.

Growth Over the Years

Since the origination of these two massive shopping holidays, both have seen incredible growth. Global interest in Black Friday has risen year-over-year, with 117% average growth across the last five years. According to Forbes, last year’s Black Friday brought in $6.2 billion in online sales alone, while Cyber Monday brought in a record $7.9 billion.

While foot traffic seemed to decrease at brick-and-mortar stores during Cyber Week 2018, more shoppers turned their attention to the internet to participate in holiday bargain hunting. Throughout this week, sales derived from desktop devices came in at 47%, while mobile purchases made up 45% of revenue and tablet purchases made up 8% of revenue.

It’s Beginning to Look a Lot Like Holiday Shopping: Secure Your Online Purchases

So, what does this mean for Black Friday and Cyber Monday shopping this holiday season? Adobe Analytics projects that Thanksgiving and Black Friday will bring in $12.3 billion in online sales and Cyber Monday will bring in $9.48 billion. If one thing’s for sure, this year’s Black Friday and Cyber Monday sales are shaping up to be the biggest ones yet for shoppers looking to snag some seasonal bargains. However, the uptick in online shopping activity provides cybercriminals with the perfect opportunity to wreak havoc on users’ holiday fun.

Holiday Bargain or Shopping Scam?

Inherently, Black Friday and Cyber Monday are pretty similar, with the main difference being where users choose to shop. While Black Friday sees a mix of online and in-store shoppers, most consumers will participate in Cyber Monday sales from their mobile phones or desktops at work. Plus, with mobile Cyber Week sales increasing year over year, it’s clear that users are gravitating towards the convenience of shopping on the go. However, the increase in mobile online shopping also creates an opportunity for cybercriminals to exploit. The latest McAfee Mobile Threat Report revealed a huge increase in device backdoors, fake apps, and banking trojans. With more and more users turning to their smartphones this holiday shopping season, they are in turn potentially subject to a wide variety of mobile cyberattacks.

It’s Beginning to Look a Lot Like Holiday Shopping: Secure Your Online Purchases

Another threat to users’ holiday shopping sprees? Rushed purchases. Thanks to a later Thanksgiving, Cyber Monday falls on December 2nd, leaving users with one less shopping week between Turkey Day and Christmas. Because of this time crunch, many users are feeling pressured to get their holiday shopping done in time and might forego some basic cybersecurity practices to speed up the online shopping process. This includes not checking online retailer authenticity, falling for fake Black Friday deals, and hastily giving up more personal information than necessary, all in the interest of jumping on a sale before it’s too late.

How to Stay Secure This Holiday Season

In the blur of the holiday shopping frenzy, how can you help protect your personal information online? Before whipping out your credit card this Black Friday and Cyber Monday, check out these cybersecurity tips to ensure your holiday shopping spree goes off without a hitch:

  • Look for the lock icon. Secure websites will start with “https,” not just “http.” Double-check that you see the padlock icon right next to the web address in your browser. If you don’t, it’s best to avoid making purchases on that website.
  • If you can help it, shop on your desktop. Although shopping on a smartphone allows you to make purchases on the go, this opens you up to threats like mobile malware and fake shopping apps. Additionally, URLs are often shortened on mobile devices, making it easier for scammers to trick you with clone websites.
  • Ask the critics. Cybercriminals will often create fake websites to try and exploit users looking to get in on the Black Friday and Cyber Monday action. If you’re unsure about a product or retailer, read lots of reviews from trusted websites to help see if it’s legitimate.
  • Be on the lookout for suspicious websites. Misspellings, grammatical errors, and poor website design are often a sign that it’s a rip off of a legitimate site. If the site looks a little rough around the edges, this is probably a sign that it was created by a cybercriminal.
  • Don’t be too optimistic. Beware of bogus Black Friday and Cyber Monday deals with fake “free” offers. If you spot an ad online that seems too good to be true, chances are it probably is.
  • Use a comprehensive security solution. Using a solution like McAfee Total Protection can help your holiday shopping spree go smoothly by providing safe web browsing, virus protection, and more. Click here for 50% off so you can shop knowing your devices and data are secured.

It’s Beginning to Look a Lot Like Holiday Shopping: Secure Your Online Purchases

Looking for more security tips and trends? Be sure to follow @McAfee Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post It’s Beginning to Look a Lot Like Holiday Shopping: Secure Your Online Purchases appeared first on McAfee Blogs.

McAfee_consumer_1parent1daughter_tablet_cooking_72dpi-300x200-2.jpg

What You Need to Know About the Google Chrome Vulnerabilities

What You Need to Know About the Google Chrome Vulnerabilities

While you might have been preoccupied with ghosts and goblins on Halloween night, a different kind of spook began haunting Google Chrome browsers. On October 31st, Google Chrome engineers issued an urgent announcement for the browser across platforms due to two zero-day security vulnerabilities, one of which is being actively exploited in the wild (CVE-2019-13720).

So, what is the Google Chrome zero-day exploit? While there are few specific details known at this time, researchers did uncover that the bug is a use-after-free flaw, which is a memory corruption flaw that attempts to access a device’s memory after it has been freed. If this occurs, it can cause a variety of issues including program crashes, execution of malicious code, or even allowing an attacker to gain full remote access to the device.

The second of the two vulnerabilities (CVE-2019-13721) affects PDFium, a platform developed by Foxit and Google. PDFium provides developers with capabilities to leverage an open-source software library for viewing and searching for PDF documents. Like the first bug, this flaw is also a use-after-free vulnerability. However, there have been no reports of it being exploited by cybercriminals for malicious purposes yet.

Luckily, Google has quickly acknowledged the vulnerabilities and is rolling out a patch for these bugs over the coming days. Meanwhile, follow these security tips to help safeguard your data and devices:

  • Update, update, update. Be sure to install the latest Chrome browser update immediately to help mitigate any risk of falling victim to these exploits.
  • Turn on automatic updates. Practice good security hygiene by turning on automatic updates. Cybercriminals rely on unpatched software to exploit vulnerabilities, so ensure that your device software is updated as soon as patches are available.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

 

The post What You Need to Know About the Google Chrome Vulnerabilities appeared first on McAfee Blogs.

twitter47-300x169-2.jpg

Chapter Preview: Ages 11 to 17 – From Tweens to Teens

Chapter Preview: Ages 11 to 17 – From Tweens to Teens

For anyone who asks what happens during the tween through teen years, the best answer is probably, “What doesn’t happen?!”

Just so you know, I’ve been there, done that, and got the T-shirt. And I survived. My kids were the first generation to grow up on social media. Like most teens in the mid-2000s, they got their first taste with MySpace and then switched to Facebook as the masses shifted there around 2009. They also got into other platforms, like Instagram, and stuck with them while others came and went. And yes, sharing almost every facet of their lives presented many challenges. I won’t get into details here as it might embarrass my kids, but suffice it to say that mistakes were made.

Being a security and privacy practitioner, I made sure there were lots of discussions on how to use these platforms safely. The early discussions centered on privacy and the permanence of data, but eventually led to security talks as the platforms were inundated with scams and other malicious activities. As you can imagine, when my kids were tweens and teens, the internet was a different place than it is today, and I’m sure it will be very different 10 to 15 years from now.

 

This chapter of “Is Your Digital Front Door Unlocked?” steps you through what your tween and teen face as they spend an increasing amount of time online and using connected things. It expands upon some of the topics discussed earlier in the book with more of an eye towards how those topics impact this age group, while offering advice and insights on topics that often surface at this age. We tackle some big topics too, such when to get your child a smartphone, how many children will make friends that they will only know online, cyberstalking, and the secret digital life of teens that every parent should know. This chapter packs a big punch—as it should, because these are some big years for parents and kids alike.

Gary Davis’ book, Is Your Digital Front Door Unlocked?, is available September 5, 2019 and can be ordered at amazon.com.

The post Chapter Preview: Ages 11 to 17 – From Tweens to Teens appeared first on McAfee Blogs.

twitter74-300x169.jpg

3 Tips to Protect Yourself From the Office 365 Phishing Scams

3 Tips to Protect Yourself From the Office 365 Phishing Scams

Cybercriminals seem to get more and more sophisticated with their attacks, and phishing scams are no different. The McAfee Labs team has observed a new phishing campaign using a fake voicemail message to trick victims into giving up their Office 365 email credentials. During the investigation, the team has found three different phishing kits being used to exploit targets.

How exactly does this sneaky phishing scam work? It all begins when a victim receives an email stating that they’ve missed a phone call, along with a request to log into their account to access the voice message. The email also contains an attached HTML file that redirects the victim to a phishing website. This website prepopulates the victim’s email address and asks them to enter their Office 365 credentials. What’s more, the stealthy attachment contains an audio recording of someone talking, leading the victim to believe that they are listening to a legitimate voicemail.

3 Tips to Protect Yourself From the Office 365 Phishing Scams

Once the victim enters their password, they are presented with a page stating that their login was successful. The victim is then redirected to the office.com login page, leading them to believe that everything is perfectly normal. Little do they know that their credentials have just been harvested by a cybercriminal.

While this sneaky scheme has been primarily used to target organizations, there is much to be taken away from this incident, as cybercriminals often disguise themselves as businesses to phish for user data. To protect yourself from these stealthy scams, check out the following tips:

  • Go directly to the source. Be skeptical of emails claiming to be from companies with peculiar asks or messages. Instead of clicking on a link within the email, it’s best to go straight to the company’s website to check the status of your account or contact customer service.
  • Be cautious of emails asking you to take action. If you receive an email asking you to take a certain action or download software, don’t click on anything within the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links.
  • Hover over links to see and verify the URL. If someone sends you an email with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the email altogether.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post 3 Tips to Protect Yourself From the Office 365 Phishing Scams appeared first on McAfee Blogs.

img_1581534021300415-300x225.jpg

A Cybersecurity Horror Story: October’s Creepiest Threats and How to Stay Secure

A Cybersecurity Horror Story: October’s Creepiest Threats and How to Stay Secure

Halloween time is among us and ghosts and goblins aren’t the only things lurking in the shadows. This past month has brought a variety of spooky cyberthreats that haunt our networks and devices. From malicious malware to restricting ransomware, October has had its fair share of cyber-scares. Let’s take a look at what ghoulish threats have been leading to some tricks (and no treats) around the cybersphere this month.

Ghostcat Malware

One ghost that recently caused some hocus pocus across the Web is Ghostcat-3PC. According to SC Magazine, the malware’s goal is to hijack users’ mobile browsing sessions.

The infection begins when a user visits a particular website and is served a malicious advertisement. Ghostcat fingerprints the browser to collect device information and determines if the ad is running on a genuine webpage. Ghostcat also checks if the ad is running on an online publishers’ page that has been specifically targeted by this campaign. If these conditions are met, then the malware serves a malicious URL linked to the ad.

From there, this URL delivers obfuscated JavaScript, which creates an obscure source or machine code. The attackers behind Ghostcat use this to trick the publishers’ ad blockers, preventing them from detecting malicious content. The code also checks for additional conditions necessary for the attack, like ensuring that the malware is being run on a mobile device and a mobile-specific browser, for example. If the malware concludes that the browsing environment fits the descriptions of their target, it will serve a fraudulent pop-up, leading the user to malicious content.

Bewitched WAV Files

Ghostcat isn’t the only way malware is being spread lately, as, according to ZDNet, attackers have manipulated WAV audio files to spread malware and cryptominers. By using a technique called stenography, malware authors can hide malicious code inside of a file that appears normal, which allows hackers to bypass security software and firewalls.

Previously, cybercriminals have used stenography revolving around image file formats like PNG or JPEG. However, these crooks have now upped the ante by using WAV audio files to hide different types of malware. Most recently, researchers found that this technique is used to hide DLLs, or dynamic link libraries that contain code and data that can be used by more than one program at the same time. If malware was already present on an infected host device, it would download and read the WAV file, extract the DLL, and install a cryptocurrency miner called XMRrig. Cryptocurrency miners compile all transactions into blocks to solve complicated mathematical problems and compete with other miners for bitcoins. To do this, miners need a ton of computer resources. As a result, miners tend to drain the victim’s device of its computer processor’s resources, creating a real cybersecurity headache.

MedusaLocker Ransomware

Finally, we have the mysterious MedusaLocker ransomware. According to BleepingComputer, this threat is slithering its way onto users’ devices, encrypting files until the victim purchases a decryptor.

This strain will perform various startup routines to prep the victim’s device for encryption. Additionally, it will ensure that Windows networking is running and mapped network drives (shortcuts to a shared folder on a remote computer or server) are accessible. Then, it will shut down security programs, clear data duplicates so they can’t be used to restore files, remove backups made with Windows backup, and disable the Windows automatic startup repair.

For each folder that contains an encrypted file, MedusaLocker creates a ransom note with two email addresses to contact for payment. However, it is currently unknown how much the attackers are demanding for the victim to have their files released or if they actually provide a decryptor once they receive a payment.

With all of these threats attempting to haunt networks and devices, what can users do to help themselves have a safe and secure spooky season? Follow these tips to keep cybersecurity tricks at bay:

  • Watch what you click. Avoid clicking on unknown links or suspicious pop-ups, especially those coming from someone you don’t know.
  • Be selective about which sites you visit. Only use well-known and trusted sites. One way to determine if a site is potentially malicious is by checking its URL. If the URL address contains multiple grammar or spelling errors and suspicious characters, avoid interacting with the site.
  • If your computer slows down, be cautious. One way you can identify a cryptojacking attack – poor performance. If your device is slow or acting strange, start investigating and see if your device may be infected with malware.
  • Surf the web safely. You can use a tool like McAfee WebAdvisor, which will flag any sites that may be malicious without your knowing.
  • Use a comprehensive security solution. To secure your device and help keep your system running smoothly and safely, use a program like McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post A Cybersecurity Horror Story: October’s Creepiest Threats and How to Stay Secure appeared first on McAfee Blogs.

shutterstock_600587690-300x200.jpg

7 Ways to Help Girls Pursue Their Passion for Tech

7 Ways to Help Girls Pursue Their Passion for Tech

7 Ways to Help Girls Pursue Their Passion for TechOne of my favorite binges of late is the Netflix series Halt and Catch Fire. It’s a story about the personal computer revolution of the 1980s. The lead character, Cameron Howe, is a brilliant, self-assured young woman who runs circles around her, mostly male, co-workers, with her mad coding skills.

I remember being influenced by a similar female lead. It was Jane Craig (played by Holly Hunter) in the movie Broadcast News. As the credits rolled, I knew I wanted to be a journalist. Likewise, Cameron Howe (played by Mackenzie Davis) possesses just the right mix of courage and intellect required to spark the tech fire in girls today.

STEM and beyond

What better way to close out our National Cybersecurity Awareness Month (NCSAM) series than to encourage the next generation of cybersecurity superheroes to grow their STEM (Science, Technology, Engineering, Math) skills and consider a future in cybersecurity?

Cybersecurity is a rewarding career, boasting an average salary of $96,000, and yet few women pursue the field. According to The U.S. Department of Labor, employment opportunities for Information Security Analysts will grow by 28% between 2016 and 2026. It’s also predicted that 3.5 million jobs in cybersecurity will remain unfilled by 2021.

Why focus on girls? Because while the numbers are improving, in the tech field or otherwise, in 2019, women are still paid 80 cents for every dollar their male counterparts earn, and 93.4 percent of Fortune 500 CEOs are men.

If your daughter shows a talent for tech, here are a few ways to nurture that passion.

  1. Challenge stereotypes. Girls get steeped in pink from the moment they arrive in the delivery room. This “pinkification,” in general, experts argue, is one factor distracting girls from pursuing tech. Consider the conscious and even unconscious ways you may be deterring your daughter from pursuing traditionally male subjects such as computers, engineering, robotics, or programming. Challenge perceptions like a 2012 Girl Scouts found there’s a common belief that girls are not high achievers in math and science. However, a study by the American Association of University Women found high school girls and boys perform equally in the subjects.
  2. Expose her to the rock stars. Women like YouTube CEO Susan Wojcicki, Facebook’s Sheryl Sandberg, HP’s Meg Whitman, and Google coder Marisa Mayer are great role models for girls today. Also, choose media (check ratings before viewing to stay age-appropriate) with strong female leads who excel in tough career fields.
  3. Ask her. How many times do we make assumptions and skip this crucial step in parenting? Ask your daughter what camps appeal most to her, what activities she enjoys, what qualities she admires most in others, and what she dreams of achieving.7 Ways to Help Girls Pursue Their Passion for Tech
  4. Don’t overdo it. If your daughter has a natural ability in STEM subjects, don’t push too hard. She will find her path. Suggest adjacent activities to complement her strengths. Is she good at math? Encourage a musical instrument as a hobby. Good at science? Suggest cooking or gardening to compliment her love for creative problem-solving. Integrate creative activities such as art, writing, or theatre.
  5. Seek out tech opportunities. Few kids will pursue experiences on their own, so consider giving them a nudge. Encourage age-appropriate camps, clubs, and activities that play to her strengths. The choices in quality camps — rocketry, science, coding, physics — are endless. Be your daughter’s tech companion. Take her to a women’s tech conference so she can begin to visualize her future and meet women who work in the field. Encourage an internship or even a job shadowing opportunity during high school or college, like this one that changed Gwendolyn’s career path.
  6. Model, teach resilience. The tech field tends to be a male-dominated culture of “brogrammers,” which can be intimidating for women. For this reason, your daughter may need to develop a tough skin and learn to push through obstacles with ease.
  7. Help her find her people. Organizations like Girls Go CyberstartGirls Who CodeCode.org, and uscyberpatriot.org can be game-changers for a tech-minded girl and help grow her passion among peers.

Cybersecurity is one of the fastest-growing, in-demand professions out there. With the rise in security breaches of all kinds, it’s also a field experts say is “future proof.” If your daughter shows a desire to fight the bad guys and make her mark safeguarding the digital realm, then cybersecurity may be the best place for her to start blazing her trails.

The post 7 Ways to Help Girls Pursue Their Passion for Tech appeared first on McAfee Blogs.

img_1598927672602465-300x225.jpg

McAfee Reveals the Most Dangerous Celebrities Across the Globe

McAfee Reveals the Most Dangerous Celebrities Across the Globe

Earlier this week, we revealed McAfee’s Most Dangerous Celebrity of 2019 in the U.S., Alexis Bledel. Growing from a young actress in “Gilmore Girls” to Ofglen in “A Handmaid’s Tale,” Bledel’s rising stardom helps to explain why she topped this year’s list. But, is that the case in other parts of the world as well? It’s time to take a trip around the globe and see which celebrities are considered risky in different regions.

In McAfee’s 13th annual study on the riskiest celebrities to search for online, the stars topping each list varied from country to country. While Bledel sits at the top of the most dangerous celebrity list in the U.S., singer Camila Cabello is ranked No. 1 in Spain. In Germany, model and TV personality Heidi Klum and actress Emilia Clarke tied each other for the country’s riskiest celebrity. Caroline Flack, the host of reality dating show “Love Island,” came in No. 1 in the U.K. In France, actor/producer Jamel Debbouze topped the list of the countries most dangerous celebrities. At the top of India’s most dangerous celebrity tally is international cricketer M.S. Dhoni. And, finally, rounding out the list of the riskiest celebrities around the world are comedian, actor, and TV host John Oliver in Australia and Malaysian actress Michelle Yeoh in Singapore.

Many users don’t realize that simple internet searches of their favorite celebrities could potentially lead to malicious content, as cybercriminals often leverage these popular searches to entice users to click on dangerous links. And while this year’s list of riskiest celebrities might vary from country to country, cybercriminals’ use of trending celebrities and pop culture icons continues to be an avenue used to exploit users’ security. It’s for these reasons that users must understand the importance of taking precautions when it comes to searching for the latest news on their favorite celebrities.

So, whether you’re checking out what Alexis Bledel has been up to since “Gilmore Girls” or looking for the latest drama on “Love Island” with Caroline Flack, be a proactive fan and follow these security tips when browsing the internet:

  • Be careful what you click. Users looking for information on their favorite celebrities should be cautious and only click on links to reliable sources for downloads. The safest thing to do is to wait for official releases instead of visiting third-party websites that could contain malware.
  • Refrain from using illegal streaming sites. When it comes to dangerous online behavior, using illegal streaming sites could wreak havoc on your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.
  • Protect your online safety with a cybersecurity solution. Safeguard yourself from cybercriminals with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.
  • Use a website reputation tool. Use a website reputation tool such as McAfee WebAdvisor, which alerts users when they are about to visit a malicious site.
  • Use parental control software. Kids are fans of celebrities too, so ensure that limits are set for your child on their devices and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post McAfee Reveals the Most Dangerous Celebrities Across the Globe appeared first on McAfee Blogs.

vox-messenger-secure-corpLogo-60x60

End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.

Vox Messenger is a secure alternative to other popular chat messenger apps.

Available for Free. Whitelabel Corporate Edition Coming Soon.

All Rights Reserved - Copyright @ 2018 - Vox Messenger (a Division of Kryotech Ltd.)