Hospitals and IoT device manufacturers must take a dual approach in securing connected telehealth devices.
As we gear up to feast with family and friends this Thanksgiving, we also get our wallets ready for Black Friday and Cyber Monday. Black Friday and Cyber Monday have practically become holidays themselves, as each year they immediately shift our attention from turkey and pumpkin pie to holiday shopping. Let’s take a look at these two holidays, and how their popularity can impact users’ online security.
The Origins of the Holiday Shopping Phenomenon
You might be surprised to find out that the term “Black Friday” was first associated with a financial crisis, not sales shopping. According to The Telegraph, the U.S. gold market crashed on Friday, September 24, 1869, leaving Wall Street bankrupt. It wasn’t until the 1950s that Black Friday was used in association with holiday shopping when large crowds of tourists and shoppers flocked to Philadelphia for a big football game. Because of all the chaos, traffic jams, and shoplifting opportunities that arose, police officers were unable to take the day off, coining it Black Friday. It wasn’t until over 50 years later that Cyber Monday came to fruition when Shop.org coined the term as a way for online retailers to participate in the Black Friday shopping frenzy.
Growth Over the Years
Since the origination of these two massive shopping holidays, both have seen incredible growth. Global interest in Black Friday has risen year-over-year, with 117% average growth across the last five years. According to Forbes, last year’s Black Friday brought in $6.2 billion in online sales alone, while Cyber Monday brought in a record $7.9 billion.
While foot traffic seemed to decrease at brick-and-mortar stores during Cyber Week 2018, more shoppers turned their attention to the internet to participate in holiday bargain hunting. Throughout this week, sales derived from desktop devices came in at 47%, while mobile purchases made up 45% of revenue and tablet purchases made up 8% of revenue.
So, what does this mean for Black Friday and Cyber Monday shopping this holiday season? Adobe Analytics projects that Thanksgiving and Black Friday will bring in $12.3 billion in online sales and Cyber Monday will bring in $9.48 billion. If one thing’s for sure, this year’s Black Friday and Cyber Monday sales are shaping up to be the biggest ones yet for shoppers looking to snag some seasonal bargains. However, the uptick in online shopping activity provides cybercriminals with the perfect opportunity to wreak havoc on users’ holiday fun.
Holiday Bargain or Shopping Scam?
Inherently, Black Friday and Cyber Monday are pretty similar, with the main difference being where users choose to shop. While Black Friday sees a mix of online and in-store shoppers, most consumers will participate in Cyber Monday sales from their mobile phones or desktops at work. Plus, with mobile Cyber Week sales increasing year over year, it’s clear that users are gravitating towards the convenience of shopping on the go. However, the increase in mobile online shopping also creates an opportunity for cybercriminals to exploit. The latest McAfee Mobile Threat Report revealed a huge increase in device backdoors, fake apps, and banking trojans. With more and more users turning to their smartphones this holiday shopping season, they are in turn potentially subject to a wide variety of mobile cyberattacks.
Another threat to users’ holiday shopping sprees? Rushed purchases. Thanks to a later Thanksgiving, Cyber Monday falls on December 2nd, leaving users with one less shopping week between Turkey Day and Christmas. Because of this time crunch, many users are feeling pressured to get their holiday shopping done in time and might forego some basic cybersecurity practices to speed up the online shopping process. This includes not checking online retailer authenticity, falling for fake Black Friday deals, and hastily giving up more personal information than necessary, all in the interest of jumping on a sale before it’s too late.
How to Stay Secure This Holiday Season
In the blur of the holiday shopping frenzy, how can you help protect your personal information online? Before whipping out your credit card this Black Friday and Cyber Monday, check out these cybersecurity tips to ensure your holiday shopping spree goes off without a hitch:
The post It’s Beginning to Look a Lot Like Holiday Shopping: Secure Your Online Purchases appeared first on McAfee Blogs.
While you might have been preoccupied with ghosts and goblins on Halloween night, a different kind of spook began haunting Google Chrome browsers. On October 31st, Google Chrome engineers issued an urgent announcement for the browser across platforms due to two zero-day security vulnerabilities, one of which is being actively exploited in the wild (CVE-2019-13720).
So, what is the Google Chrome zero-day exploit? While there are few specific details known at this time, researchers did uncover that the bug is a use-after-free flaw, which is a memory corruption flaw that attempts to access a device’s memory after it has been freed. If this occurs, it can cause a variety of issues including program crashes, execution of malicious code, or even allowing an attacker to gain full remote access to the device.
The second of the two vulnerabilities (CVE-2019-13721) affects PDFium, a platform developed by Foxit and Google. PDFium provides developers with capabilities to leverage an open-source software library for viewing and searching for PDF documents. Like the first bug, this flaw is also a use-after-free vulnerability. However, there have been no reports of it being exploited by cybercriminals for malicious purposes yet.
Luckily, Google has quickly acknowledged the vulnerabilities and is rolling out a patch for these bugs over the coming days. Meanwhile, follow these security tips to help safeguard your data and devices:
The post What You Need to Know About the Google Chrome Vulnerabilities appeared first on McAfee Blogs.
For anyone who asks what happens during the tween through teen years, the best answer is probably, “What doesn’t happen?!”
Just so you know, I’ve been there, done that, and got the T-shirt. And I survived. My kids were the first generation to grow up on social media. Like most teens in the mid-2000s, they got their first taste with MySpace and then switched to Facebook as the masses shifted there around 2009. They also got into other platforms, like Instagram, and stuck with them while others came and went. And yes, sharing almost every facet of their lives presented many challenges. I won’t get into details here as it might embarrass my kids, but suffice it to say that mistakes were made.
Being a security and privacy practitioner, I made sure there were lots of discussions on how to use these platforms safely. The early discussions centered on privacy and the permanence of data, but eventually led to security talks as the platforms were inundated with scams and other malicious activities. As you can imagine, when my kids were tweens and teens, the internet was a different place than it is today, and I’m sure it will be very different 10 to 15 years from now.
This chapter of “Is Your Digital Front Door Unlocked?” steps you through what your tween and teen face as they spend an increasing amount of time online and using connected things. It expands upon some of the topics discussed earlier in the book with more of an eye towards how those topics impact this age group, while offering advice and insights on topics that often surface at this age. We tackle some big topics too, such when to get your child a smartphone, how many children will make friends that they will only know online, cyberstalking, and the secret digital life of teens that every parent should know. This chapter packs a big punch—as it should, because these are some big years for parents and kids alike.
Gary Davis’ book, Is Your Digital Front Door Unlocked?, is available September 5, 2019 and can be ordered at amazon.com.
The post Chapter Preview: Ages 11 to 17 – From Tweens to Teens appeared first on McAfee Blogs.
Cybercriminals seem to get more and more sophisticated with their attacks, and phishing scams are no different. The McAfee Labs team has observed a new phishing campaign using a fake voicemail message to trick victims into giving up their Office 365 email credentials. During the investigation, the team has found three different phishing kits being used to exploit targets.
How exactly does this sneaky phishing scam work? It all begins when a victim receives an email stating that they’ve missed a phone call, along with a request to log into their account to access the voice message. The email also contains an attached HTML file that redirects the victim to a phishing website. This website prepopulates the victim’s email address and asks them to enter their Office 365 credentials. What’s more, the stealthy attachment contains an audio recording of someone talking, leading the victim to believe that they are listening to a legitimate voicemail.
Once the victim enters their password, they are presented with a page stating that their login was successful. The victim is then redirected to the office.com login page, leading them to believe that everything is perfectly normal. Little do they know that their credentials have just been harvested by a cybercriminal.
While this sneaky scheme has been primarily used to target organizations, there is much to be taken away from this incident, as cybercriminals often disguise themselves as businesses to phish for user data. To protect yourself from these stealthy scams, check out the following tips:
The post 3 Tips to Protect Yourself From the Office 365 Phishing Scams appeared first on McAfee Blogs.
MDR providers can provide a first-of-its-kind solution: Protection across the endpoints, user accounts and the network itself, in one solution.
Halloween time is among us and ghosts and goblins aren’t the only things lurking in the shadows. This past month has brought a variety of spooky cyberthreats that haunt our networks and devices. From malicious malware to restricting ransomware, October has had its fair share of cyber-scares. Let’s take a look at what ghoulish threats have been leading to some tricks (and no treats) around the cybersphere this month.
The infection begins when a user visits a particular website and is served a malicious advertisement. Ghostcat fingerprints the browser to collect device information and determines if the ad is running on a genuine webpage. Ghostcat also checks if the ad is running on an online publishers’ page that has been specifically targeted by this campaign. If these conditions are met, then the malware serves a malicious URL linked to the ad.
Bewitched WAV Files
Ghostcat isn’t the only way malware is being spread lately, as, according to ZDNet, attackers have manipulated WAV audio files to spread malware and cryptominers. By using a technique called stenography, malware authors can hide malicious code inside of a file that appears normal, which allows hackers to bypass security software and firewalls.
Previously, cybercriminals have used stenography revolving around image file formats like PNG or JPEG. However, these crooks have now upped the ante by using WAV audio files to hide different types of malware. Most recently, researchers found that this technique is used to hide DLLs, or dynamic link libraries that contain code and data that can be used by more than one program at the same time. If malware was already present on an infected host device, it would download and read the WAV file, extract the DLL, and install a cryptocurrency miner called XMRrig. Cryptocurrency miners compile all transactions into blocks to solve complicated mathematical problems and compete with other miners for bitcoins. To do this, miners need a ton of computer resources. As a result, miners tend to drain the victim’s device of its computer processor’s resources, creating a real cybersecurity headache.
Finally, we have the mysterious MedusaLocker ransomware. According to BleepingComputer, this threat is slithering its way onto users’ devices, encrypting files until the victim purchases a decryptor.
This strain will perform various startup routines to prep the victim’s device for encryption. Additionally, it will ensure that Windows networking is running and mapped network drives (shortcuts to a shared folder on a remote computer or server) are accessible. Then, it will shut down security programs, clear data duplicates so they can’t be used to restore files, remove backups made with Windows backup, and disable the Windows automatic startup repair.
For each folder that contains an encrypted file, MedusaLocker creates a ransom note with two email addresses to contact for payment. However, it is currently unknown how much the attackers are demanding for the victim to have their files released or if they actually provide a decryptor once they receive a payment.
With all of these threats attempting to haunt networks and devices, what can users do to help themselves have a safe and secure spooky season? Follow these tips to keep cybersecurity tricks at bay:
The post A Cybersecurity Horror Story: October’s Creepiest Threats and How to Stay Secure appeared first on McAfee Blogs.
One of my favorite binges of late is the Netflix series Halt and Catch Fire. It’s a story about the personal computer revolution of the 1980s. The lead character, Cameron Howe, is a brilliant, self-assured young woman who runs circles around her, mostly male, co-workers, with her mad coding skills.
I remember being influenced by a similar female lead. It was Jane Craig (played by Holly Hunter) in the movie Broadcast News. As the credits rolled, I knew I wanted to be a journalist. Likewise, Cameron Howe (played by Mackenzie Davis) possesses just the right mix of courage and intellect required to spark the tech fire in girls today.
STEM and beyond
What better way to close out our National Cybersecurity Awareness Month (NCSAM) series than to encourage the next generation of cybersecurity superheroes to grow their STEM (Science, Technology, Engineering, Math) skills and consider a future in cybersecurity?
Cybersecurity is a rewarding career, boasting an average salary of $96,000, and yet few women pursue the field. According to The U.S. Department of Labor, employment opportunities for Information Security Analysts will grow by 28% between 2016 and 2026. It’s also predicted that 3.5 million jobs in cybersecurity will remain unfilled by 2021.
Why focus on girls? Because while the numbers are improving, in the tech field or otherwise, in 2019, women are still paid 80 cents for every dollar their male counterparts earn, and 93.4 percent of Fortune 500 CEOs are men.
If your daughter shows a talent for tech, here are a few ways to nurture that passion.
Cybersecurity is one of the fastest-growing, in-demand professions out there. With the rise in security breaches of all kinds, it’s also a field experts say is “future proof.” If your daughter shows a desire to fight the bad guys and make her mark safeguarding the digital realm, then cybersecurity may be the best place for her to start blazing her trails.
The post 7 Ways to Help Girls Pursue Their Passion for Tech appeared first on McAfee Blogs.
Earlier this week, we revealed McAfee’s Most Dangerous Celebrity of 2019 in the U.S., Alexis Bledel. Growing from a young actress in “Gilmore Girls” to Ofglen in “A Handmaid’s Tale,” Bledel’s rising stardom helps to explain why she topped this year’s list. But, is that the case in other parts of the world as well? It’s time to take a trip around the globe and see which celebrities are considered risky in different regions.
In McAfee’s 13th annual study on the riskiest celebrities to search for online, the stars topping each list varied from country to country. While Bledel sits at the top of the most dangerous celebrity list in the U.S., singer Camila Cabello is ranked No. 1 in Spain. In Germany, model and TV personality Heidi Klum and actress Emilia Clarke tied each other for the country’s riskiest celebrity. Caroline Flack, the host of reality dating show “Love Island,” came in No. 1 in the U.K. In France, actor/producer Jamel Debbouze topped the list of the countries most dangerous celebrities. At the top of India’s most dangerous celebrity tally is international cricketer M.S. Dhoni. And, finally, rounding out the list of the riskiest celebrities around the world are comedian, actor, and TV host John Oliver in Australia and Malaysian actress Michelle Yeoh in Singapore.
Many users don’t realize that simple internet searches of their favorite celebrities could potentially lead to malicious content, as cybercriminals often leverage these popular searches to entice users to click on dangerous links. And while this year’s list of riskiest celebrities might vary from country to country, cybercriminals’ use of trending celebrities and pop culture icons continues to be an avenue used to exploit users’ security. It’s for these reasons that users must understand the importance of taking precautions when it comes to searching for the latest news on their favorite celebrities.
So, whether you’re checking out what Alexis Bledel has been up to since “Gilmore Girls” or looking for the latest drama on “Love Island” with Caroline Flack, be a proactive fan and follow these security tips when browsing the internet:
The post McAfee Reveals the Most Dangerous Celebrities Across the Globe appeared first on McAfee Blogs.
End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.
Vox Messenger is a secure alternative to other popular chat messenger apps.
Available for Free. Whitelabel Corporate Edition Coming Soon.
All Rights Reserved - Copyright @ 2018 - Vox Messenger (a Division of Kryotech Ltd.)