Amy Zegart on Spycraft in the Internet Age

Read Time:1 Minute, 11 Second

Amy Zegart has a new book: Spies, Lies, and Algorithms: The History and Future of American Intelligence. Wired has an excerpt:

In short, data volume and accessibility are revolutionizing sensemaking. The intelligence playing field is leveling­ — and not in a good way. Intelligence collectors are everywhere, and government spy agencies are drowning in data. This is a radical new world and intelligence agencies are struggling to adapt to it. While secrets once conferred a huge advantage, today open source information increasingly does. Intelligence used to be a race for insight where great powers were the only ones with the capabilities to access secrets. Now everyone is racing for insight and the internet gives them tools to do it. Secrets still matter, but whoever can harness all this data better and faster will win.

The third challenge posed by emerging technologies strikes at the heart of espionage: secrecy. Until now, American spy agencies didn’t have to interact much with outsiders, and they didn’t want to. The intelligence mission meant gathering secrets so we knew more about adversaries than they knew about us, and keeping how we gathered secrets a secret too.

[…]

In the digital age, however, secrecy is bringing greater risk because emerging technologies are blurring nearly all the old boundaries of geopolitics. Increasingly, national security requires intelligence agencies to engage the outside world, not stand apart from it.

I have not yet read the book.

Read More

Google Cloud adds agentless threat detection to virtual machine workloads

Read Time:35 Second

As more enterprise computing workloads are moving to the cloud, so are the attackers. Virtual servers have been targeted by cryptomining and ransomware groups over the past few years, and they typically don’t benefit from the same levels of protection as endpoints. Google has set to change that with VM-based threat detection for its cloud computing platform.

When it comes to cloud computing, efficiency and flexibility are very important. Servers are scaled based on the workloads they are expected to run. Any additional security scanning and monitoring that requires a software agent running inside the virtual machines would add overhead and consume CPU cycles and memory.

To read this article in full, please click here

Read More

Critical Patches Issued for Microsoft Products, February 08, 2022

Read Time:24 Second

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

How We Can All Work Together For a Better Internet

Read Time:6 Minute, 28 Second

Let’s face it – we would not be the same people we are today if it wasn’t for the internet. The internet has opened our eyes to so much information that we are privileged to have right at our fingertips. However, it’s important to remember that with so many individuals with access to the web, it can quickly become a place where rumors are spread, cyberattacks are cast, and misinformation arises. At McAfee, we are committed to protecting both you and your family.  Together, through education and online protection, we can work together to experience a better internet for everyone. On this Safer Internet Day, here are our top 5 recommendations: 

For Parents 

With a connected family, it’s important to pay attention to what your family members are connected to (IoT devices in the home, smartphones, tablets, etc.) and how they interact online. Maybe your son is an avid gamer, or your teenager is a social media mogul who enjoys tweeting and scrolling through TikTok. As a parent, you play a crucial role in setting an example for your children and loved ones. So, it’s important to teach them how to use the internet responsibly. Here are some tips for helping your family stay safe online:  

Set up parental controls, if necessary. While your child’s device plays a key role in connecting them to the outside world, that same device can also expose them to cyberbullying, predators, risky behavior, and self-image struggles. If your child has started to ignore their homework and other family responsibilities, they are oversharing online, or they won’t give you their device without a fight, it may be time to consider setting up parental controls.  
Make sure your child has a healthy relationship with social media. Any activity in excess can cause harm – social media included. If your child’s screen time is climbing due to excessive social media scrolling, help them to establish new habits like setting a device curfew and educating them on the effects of too much screen time.  
Teach your family about best practices for securing their online accounts. Using strong passwords and multi-factor authentication can make your family’s internet experience better, providing protection against common online threats.  

For College Students 

In a time when students are reliant on connectivity to be successful in their education, it’s important that they connect to the internet safely. Ensuring a safe connection can prevent any security hiccups from standing in the way of you and your degree. If you are a college student, follow these tips to help you stay safe in a hybrid or distance learning environment:  

Use a VPN when connecting to your university’s Wi-Fi network. Avoid hackers infiltrating your connection by using a VPN, which allows you to send and receive data while encrypting, or scrambling, your information so others can’t read it. VPNs also prevent hackers from gaining access to other devices connected to your Wi-Fi.   
Choose an encrypted online conferencing tool. Does the video conferencing tool you’re considering use end-to-end encryption? This ensures that only meeting participants can decrypt secure meeting content. Additionally, be sure to read the privacy policies listed by the video conferencing programs to find the one that is the most secure and fits your needs.    

For Working Professionals 

Regardless of your industry, you are likely to rely on the internet to do your job. Restaurant workers use online POS systems, bank tellers require access to their customers’ online accounts – the list goes on. With so much of your day spent online, it’s important to keep internet safety best practices top of mind so you can continue to work free from potential cyber interruptions. No matter what career path you are on, following these tips can help you stay safe online and continue to do your job with confidence:  

Be on the lookout for phishing scams targeting employees and their companies. Hackers will oftentimes target employees with phishing campaigns to access sensitive corporate data. If you receive an email, text, or phone call prompting you to take immediate action and log in to an account, make a payment, confirm personal information, or click on a suspicious link, it’s likely a phishing scam. Send a screenshot of the suspicious message (never forward!) to your company’s IT team to confirm, and then delete the message.  
Separate personal and business devices. Set boundaries between your personal and work life, including the technology you use for both. Avoid sharing your company’s devices with family members who are not aware of the best security practices, especially children. Also, keep personal accounts separate from company accounts to prevent sharing information through personal channels. 
Adhere to company policies and standards. Ensure you understand your company’s policies and confidentiality agreements when it comes to sharing files, storing documents, and other online communications. Use company-approved cloud applications that follow strict security standards to avoid inadvertently exposing sensitive company information through unsecured means. This measure can also apply when using video conferencing software. Limit the amount of sensitive information shared via video conferencing platforms and through messaging features just in case uninvited hackers are eavesdropping. 

For Entertainment Seekers  

If you can dream it, you can stream it. With so much media at your fingertips, it’s important to remember that cybercriminals tend to focus their threats on trending consumer behaviors. For example, cybercriminals will tend to focus their scams on popular TV shows or movies in the hopes that an unsuspecting user will click on their malicious download. Because streaming has become so popular in recent years, consumers should prioritize the safety of their online streaming platforms like Spotify, Netflix, Hulu, etc. Here are some ways to stay protected while streaming:  

Watch what you click. Be cautious and only access entertainment content directly from a reliable source. The safest thing to do is to subscribe to a streaming site that offers the content or download the movie from credible websites, instead of downloading a “free” version from a website that could contain malware. 
Refrain from using illegal streaming sites. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do your device a favor and stream the show from a reputable source. 

For Mobile Moguls  

As technology has become more advanced, we’ve become accustomed to the many benefits that come with taking our devices with us everywhere we go. For example, we can deposit checks from home with our mobile banking apps and can use vehicle location services on our phones to remind us where we parked. Here’s how you can stay protected while on-the-go:  

Use a mobile security solution. Protect your pocket-sized digital life with a reliable solution like McAfee Mobile Security. It actively shields you from malicious links or websites, unauthorized third-party activities, and even phishing scams. Additionally, it allows you to connect safely with a VPN and regularly scans your device for unwanted threats.  

“There’s no doubt the internet has brought so many benefits to our daily life,” says Alex Merton-McCann, McAfee’s Cyber Safety Ambassador. “I honestly can’t imagine life without it! But in order for us all to continue benefiting from its many pluses, we all have a responsibility to make it a safe and enjoyable place. So, let’s #playitfaironline and commit to being respectful and kind towards each other online to ensure life online is safe and enjoyable for us all!” 

Check out #SaferInternetDay and #SID2022 hashtags on social media to be a part of the conversation. 

The post How We Can All Work Together For a Better Internet appeared first on McAfee Blog.

Read More

Private browsing vs VPN – Which one is more private?

Read Time:3 Minute, 42 Second

As people turn to the Internet for news and answers to tough questions, it only makes sense that it would come to know you better than your closest friends and family. When we go online for answers to personal questions, we’re sharing our deepest secrets with search engines. While some people are happy to share that level of personal information with strangers, some turn to private browsing, or incognito mode, to help protect their personal data.  

The thing is, incognito mode doesn’t work the way people think it does. When you open an incognito window, you’re told that “You’ve gone incognito.” The explanation underneath says that your browsing history, website visits, cookies, and information you put in forms, won’t be saved. This is where the confusion starts. 

What the incognito explanation doesn’t tell you is that your browsing information isn’t blocked or hidden from advertisers while in incognito modeSo even though your browsing information “won’t be saved” on your device or available after you close the window, that doesn’t stop the internet from seeing everything you’ve been up to while in that session. Incognito mode That’s why more and more people use virtual private networks, or VPN, to protect their browsing history from prying eyes. If you’re new to VPN, this might be the perfect time to learn about what they are, how they work and why you might choose a VPN over private browsing.  

What do virtual private networks do?  

VPN protects your devices by wrapping your internet connection in a secure tunnel that only you can access. This stops people —like those nosey advertisers—from seeing what sites you visit. With a secure connection to the Internet, every search request, every website you browse, is hidden from sight. It’s important to point out that VPN don’t make you anonymous; they make it so only you can see what you’re doing online. You can learn more about VPN in this blog post I wrote late last year. 

What does incognito mode do? 

Incognito modes work by opening an isolated browser window. It stays separate from the rest of your browser tabs or windows, as if it’s on another device. Using incognito mode deletes cookies—the things advertisers use to follow you around the internet—and browsing history, but that’s about it. 

If you check your browser’s cookies while in incognito mode, you’ll see that you’re still picking up cookies as you browse, just like you would with a normal browsing window. While it’s great that incognito mode deletes those cookies when you close the window, that doesn’t help you while you browse. Advertisers are still able to see what sites you’re browsing and target you with ads accordingly. 

What’s the difference between VPN and private browsing? 

VPN: 

Encrypt your internet connection 
Help hide your browsing from snoops 
Help hide your search requests 
Help protect your personal information 
Can protect multiple devices 
Block some types of online tracking 

Private browsing: 

Deletes personal data when you stop browsing 
Only active in one browser window  
Hides Internet activity from other users on shared devices 

Why use private browsing over VPN? 

We wouldn’t recommend using incognito mode instead of a VPN, ever. Incognito mode has its place in your online security toolkit, but it’s not a replacement for other types of protection. If you share a device with other people, like family members or at a library, then you might want to use incognito mode to make sure your partner doesn’t accidentally find out how much you spent on that new TV in the den. 

If you’re concerned with advertisers tracking you and watching what you do online, then you should consider using a VPN to protect your privacy. 

Way’s to get VPN protection 

If you’re already a McAfee Total Protection subscriber, you have access to unlimited VPN usage. Protect your personal information, like your banking information and credit cards, from prying eyes with McAfee Total Protection’s Secure VPN. If you haven’t already signed up, now’s the perfect time. McAfee Total Protection provides security for all your devices, giving you peace of mind while you shop, bank and browse online.  

The post Private browsing vs VPN – Which one is more private? appeared first on McAfee Blog.

Read More

Unraveling the climate change and Cybersecurity connection

Read Time:5 Minute, 14 Second

This blog was written by an independent guest blogger.

Cybersecurity and climate change. These two issues seem, at least on the surface, like they couldn’t be farther apart. One conjures Matrix-like, futuristic visions of tech bros and shadowy figures hunched over laptops. The other, third-world dystopias, famine, and mass extinction.

However, a deeper dive into these important global concerns shows that they are more intrinsically connected than you think. In fact, some experts believe that climate change is the biggest security threat mankind has ever faced. That includes cybersecurity, and these are issues that affect everyone on the planet to varying extents.

How exactly does climate change impact cybersecurity, what are the economic impacts of these issues, and what can we do to mitigate the problem?

In the words of Zach Stein, co-founder of Carbon Collective, a first of its kind investment advisory firm that focuses on solving climate change through targeted investments and divestments: “We can’t take these all-or-nothing views. The world is nuanced. It means we need to give room for people and companies to improve.”

Where climate change-related security threats originate

Climate change poses a national security threat that extends far beyond our borders. We now experience 100-year weather events annually, Diminished biodiversity adversely affects the food chain and resource availability, as do droughts and extreme flooding. These problems lead to social anxiety and unrest, contribute to mass migration and displacement, and make us all more vulnerable.

Between pandemics and work/school closings due to inclement weather, more people are working and learning from home. However, many business owners and school administrators don’t prioritize even the most basic cyber security best practices for home-bound students and workers. This increases the attack surface and puts more business owners, government agencies, and individuals at risk for cybercrime.

Crime is also increased by economic stress.

Desperation leads to desperate acts. During such times, you’ll see an increase in scams, identity theft, and hacking exploits. You also have politically or socially motivated hacks by persons on both sides of the climate change argument, either in an effort to make a statement, prove a point, or benefit financially from instability.

The environmental and financial impact of cyber crime

The increased use of computing resources due to a surge in remote work, blockchain mining, and supercomputing also contributes to climate change. People who no longer trust financial institutions due to prominent hacks and leaks are shopping and trading online or putting their money in cryptocurrencies.

This poses its own set of climate-related and cybersecurity threats.

In 2019 alone, Bitcoin mining consumed more energy than the entire country of Switzerland. Data centers accounted for two percent of the world’s total power consumption that same year, and that was before the use of such centers really exploded. Internet usage accounts for another 10 percent of global energy consumption.

Infrastructure investment, resource mining, and fossil fuel production contribute to negative economic, supply chain, and environmental impacts. These and related industries have long been favorite targets of cyber criminals. The 2021 ransomware attack on the Colonial Pipeline cost the company $4.4 billion to end, and resulted in untold damage to the company’s finances and reputation, This was merely one out of hundreds of such attacks on energy producers and related organizations,

The economic impact of energy sector security hits companies, workers and their families, and consumers who have to pay in loss of service or income and increased prices.

Veering away from dependence on fossil fuels toward more sustainable energy sources is a start.

Here are a few more solutions.

Combating the twin threats of climate change and cybercrime

At their annual meeting in Davos, a consortium of world business and economic leaders compiled the 2022 Global Threat Report. Among their findings was the fact that it will take a unified, global effort to head off long-term climate catastrophe. This includes a more aggressive approach toward mitigation and greater investment in sustainable energy.

However, it will take more than energy conservation or performing the occasional risk assessment to combat these issues. Some concrete measures that can reduce vulnerabilities toward cybercrime and climate change include:

• Exploring new technologies. Crypto-mining platforms have committed to exploring methods that use fewer resources during the cryptomining and NFT minting process. This includes use of Hyperledger Fabric to centralize block creation, initiating blockchain smart contracts for easier validation, and developing more efficient cooling methods for data centers and supercomputers.

• Educating stakeholders. This includes not only teaching users basic security practices but also educating them on how to spot and avoid scams, such as identifying misinformation about climate-related emergencies. From the design and security side, baking cyber security into app and platform design, reducing the risk matrix, and proactive cyber security practices are methods to reduce the cost and risk.

Business leaders and IT professionals should include climate change in their risk assessment protocols and procedures. For example, having a backup plan in the case of a weather or cybercrime event that limits business disruption and prevents accidents like spills or leaks. Incentivizing companies to invest in smarter, sustainable technologies and reducing environmental risk will also make a huge impact.

• Increasing cybersecurity investment. Businesses in the tech, financial, and energy sectors should prioritize cybersecurity spending, invest in more efficient production technologies, and upgrade or replace vital infrastructure. It’s also incumbent upon government intelligence agencies and policy makers to set up dedicated departments, platforms, and unified protocols to assess, prevent, and combat climate change and cyber security threats.

• Deploying technologies to prevent climate-related disasters. This is in addition to hardening critical infrastructure and prioritizing proactive cyber security and risk identification. For a start, asset management, resource allocation, and equipment maintenance can be automated using AI-based technologies.

Final thoughts

Instability, food insecurity, and widespread environmental damage contribute to the kind of despair and hopelessness that leads to mass unrest and criminal behavior. Desperate conditions lead to desperate acts. They also increase the number, methods, opportunities of people willing to take advantage of social disruption and decline.

Proactive cybersecurity won’t reverse the effects of climate change. However, it will help reduce the financial and economic impact of global warming on businesses, individuals, and society at large.

Read More

#SaferInternetDay: Porn Sites Face Legal Duty to Verify Age of UK Users

Read Time:2 Minute, 5 Second

#SaferInternetDay: Porn Sites Face Legal Duty to Verify Age of UK Users

Pornographic websites will be legally obliged to introduce robust checks to verify the age of users under new plans published by the UK government. The measure is designed to protect children from accessing pornography from commercial providers.

Announced on Safer Internet Day, the standalone provision has been added to the UK’s Online Safety Bill. The obligation will apply to commercial providers of pornography as well as the sites that allow user-generated content.

Currently, there are little or no protections to prevent those under 18 from accessing large quantities of pornography online. This has led to concerns over the way young people understand relationships, sex and consent.

The companies can choose how to comply with their new legal duty, but the UK regulator, Ofcom, is likely to recommend using age verification technologies that minimize the handling of users’ data. Options include checking a user’s age against details that their mobile provider holds, verifying via a credit card check and other database checks such as government-held data like passport information. However, no specific solutions have been mandated to enable more effective technology to be adopted in the future.

The government added that measures these firms put in place should not process or store data that is irrelevant to checking age, while any verification technologies used must be secure, effective and adhere to privacy legislation.

Companies that fail to comply could be hit by a fine of up to 10% of their annual worldwide turnover or have their website blocked in the UK. Additionally, the website owners may be held criminally liable if they fail to cooperate with Ofcom.

Digital Minister Chris Philp commented: “It is too easy for children to access pornography online. Parents deserve peace of mind that their children are protected online from seeing things no child should see.

“We are now strengthening the Online Safety Bill so it applies to all porn sites to ensure we achieve our aim of making the internet a safer place for children.”

Previous proposals by the UK government to introduce a national online pornography age verification system were dropped because implementing it would be too difficult.

Yesterday, the government announced new measures to strengthen the Online Safety Bill, including the creation of three new offenses relating to abusive and offensive online communications. It is now working with Ofcom to ensure the provisions can come into force shortly after the bill’s passage.

Read More

7 top challenges of security tool integration

Read Time:37 Second

Enterprises are frequently deploying new security tools and services to address needs and threats. A key consideration is how to integrate these various offerings—in many cases provided by different vendors—into the existing infrastructure to support a cohesive security strategy.

The move to the cloud has made security integration somewhat easier, but the process can still be a major hurdle for organizations as they try to build strong protection against the latest threats. Here are some of the challenges they might face and how can they effectively address them.

1. Too many security tools

A common security integration problem stems from something many organizations are doing: deploying too many security products and services.

To read this article in full, please click here

Read More