A targeted attack campaign has been compromising home and small-business routers since late 2020 with the goal of hijacking network communications and infecting local computers with stealthy and sophisticated backdoors. Attacks against home routers are not new, but the implants used by attackers in this case were designed for local network reconnaissance and lateral movement instead of just abusing the router itself.

“The rapid shift to remote work in spring of 2020 presented a fresh opportunity for threat actors to subvert traditional defense-in-depth protections by targeting the weakest points of the new network perimeter—devices that are routinely purchased by consumers but rarely monitored or patched—small office/home office (SOHO) routers,” researchers from Black Lotus Labs, the threat intelligence arm of telecommunications company Lumen Technologies said in a recent report.

To read this article in full, please click here

Read More

In the spirit of #PrideMonth, McAfee hosted month-long celebrations across the world. One of these was a live event hosted by the McAfee Pride Community with a guest speaker from the Resource Center that focused on the history of Pride, support, allyship, and belonging.

We took a moment to ask our event guest speaker, Leslie McMurray, about the work that Resource Center does, the importance of pride, and what companies can do to create inclusive work environments.

Tell us a bit about Resource Center and what you do?

“We like to say, if we had an “elevator pitch”, we would need a really tall building! Resource Center has been around for 39 years and is one of the largest LGBTQIA+ community centers in the United States, it is a primary HIV/AIDS service organization in Texas.

Some of the work that we do includes operating a food pantry and hot meal program that serves low-income people living with HIV. We have a case management department that helps locate resources that we don’t directly provide, like housing. And we have a primary care clinic that is gender-affirming and a ten-chair dental clinic that also serves those living with HIV.

We also have a youth program called Youth First that serves youth from middle-to-high school. We have a behavioral health program and a clinic that does free testing for HIV and STDs along with a mobile health unit that does free testing in outlying areas. Finally, our advocacy department has three full-time employees!

Why it is important to learn about pride?

“Sometimes we get asked “What’s ‘Pride’ about? Why do you need a parade?”

It’s important to understand that LGBTQIA+ people are still working to achieve equal rights – the same as everyone else.

The tipping point of the fight for equal rights in the US dates back to 1969 when the Stonewall Uprising took place in Manhattan. The first Pride march was held a year later to honor the anniversary of the Stonewall Uprising and continues to take place during the month of June each year. And while we appreciate the attention during the month, the continued fight for equal rights for the LGBTQIA+ community is yearly, and we need continuous support and allyship of people and businesses year-round.

So it’s really important for people to learn about diverse populations, understand what their challenges are, and educate yourself on these issues – from that spring’s allies.”

What should companies do to create inclusive work environments

“One of the simplest things for companies to do is to include ‘Sexual Orientation, Gender Identity and Gender expression’ in your Equal Employment Opportunity statement. Other things companies can do is to look at putting a policy in place for transgender employees who are transitioning and consider including transgender healthcare in your company benefits package.

Make sure to help foster understanding by getting employees to do training with organizations like Resource Center. And empower upper management to lead the way ensuring all employees can bring their whole selves to work. Finally, when the opportunity arises look at working with and bringing in non-profit organizations into your company to continue spreading awareness and support for the LGBTQIA+ community.

And while June wraps up Pride month, year-round we work towards a workplace and community where all can belong – a workplace where our unique differences are celebrated and where we all stand together for equality. #McAfeePrid

Learn more about the incredible work that Resource Center does here

Interested in building your career at a company where you can belong? Search our openings!

The post #McAfeePride2022 appeared first on McAfee Blog.

Read More

The CIS Benchmarks development team has been hard at work preparing several brand new Benchmarks and updates for July 2022.

Read More

Fewer people carry cash these days, kids included. This growing paperless reality fast-forwards the parenting task of educating kids on financial responsibility. As of 2021, most cash apps allow kids 13 and up to open accounts (previously, the age was 18). Kids can also get a cash app debit card for retail purchases. But while cash apps are a popular and convenient tool, they come with some risks families should consider.  

Instant Transactions 

Cash apps allow kids to exchange money with friends directly from a secondary established account, much like handing another person cash. Cash apps have become a popular tool with kids and an easy way to split costs or pay someone for a purchase. Cash apps also come in handy for families and allow parents to instantly send their children money for daily expenses such as school or sports fees, meals, purchases, or entertainment. Some common cash apps include Venmo, Zelle, Cash App (Square), Pay Pal, Zelle, and Facebook Pay, among others.   

Some Risk 

Sounds awesome right? But with ease comes risk. Most money transfer app funds are not FDIC insured. That means if your child (or you) accidentally sends money to an unintended recipient, they may have a tough time recovering those funds.  

Every app comes with some degree of risk. While the leading cash apps are considered secure and can be used with little concern, there’s always the potential of a cyber crook finding a security loophole that exposes your money, banking information, and identity.  

10 Cash App Safety Tips for Families 

Discuss the risks. Clicks within a cash transfer app equal real cash. Help your kids understand digital money is equal to actual dollars. Take the time to discuss current scams and how to practice extra care when using cash apps.  
Use safeguards. Using security best practices is not a skill that comes naturally to most people. It’s something that must be practiced and improved constantly. Just like computers, mobile devices can be infected with viruses and malware. One way to protect mobile devices (and cash apps) is to subscribe to a mobile antivirus product, such as McAfee Mobile Security, which includes safe browsing, scanning for malicious apps, and locating your device if it is lost or stolen.  
Layer up app security. In addition to an antivirus tool, guide your kids in how to add additional security to their cash apps. Guide them in how to follow password security protocols and how to add protection in the form of a PIN code, facial ID, or fingerprint ID. While you are at it, make sure your child locks their device in the same way. These steps offer more protection in case your child’s phone is stolen or lost, and a stranger attempts to use the cash app.  
Slow down and verify. As fast as kids’ fingers move on keypads, advise your child to slow down and verify spelling and a recipient’s account address when using a cash app. Most cash app providers will not help users recover misdirected funds. One typo or clicking on the wrong Jake Williams in the recipient list can cost you or your child big bucks.  
Only connect with friends. When using cash apps, advise kids to only exchange money with people they know. Scammers have been known to befriend minors only to ask for a loan or offer goods or services. Once the payment is sent, the scammer instantly deletes their accounts and is gone without a trace.  
Stay on top of cash app scams. Check BBB Scam Tracker to see how bad actors are targeting cash app users. In searching cash app scams on this site, consider reading the personal stories (click “details” of each reported scam) of the people who have been victimized. This might be a very effective way to converse with your kids about the natural consequences of online scams.  
Safeguard personal data. Remind kids not to share their email, address, or other information. Also, avoid clicking pop-up ads, trendy quizzes, and random website URLs designed to plant malware on a device that steals bits and pieces of personal info that can be used for various attacks, including financial and identity theft.  
Link your app with a credit card. If possible, consider linking your child’s cash app to a credit card rather than a bank account. Debit cards remove cash from an account instantly, but credit cards offer consumer protection in cases of fraudulent transactions. The one drawback is that a credit card company will charge interest on your balance.  
Keep app balances low. Cyber crooks can’t steal funds that aren’t there. For that reason, it’s wise to keep balances low in your child’s cash app account.  
Teach financial literacy basics. The cash app conversation is an excellent opportunity to begin or expand your family’s conversation on financial literacy. Here are several helpful resources that will help you teach your kids financial literacy at any age.     

The use of cash apps is here to stay and, no doubt, an integral part of the overall paperless fast track we’re all on. Guiding kids into this realm equipped with knowledge and confidence is a powerful way parents can help kids enjoy the responsibility of money without falling prey to digital risks.     

The post Kids & Cash Apps: What Parents Need to Know appeared first on McAfee Blog.

Read More

In this digital age, communicating online and through our devices has become the norm. From sharing highlights of last night’s game to sending cute animal videos back and forth, so much of our connectedness happens virtually. It’s become so easy to chat with friends and loved ones through social media that we don’t even have to think about it. We know who’s on the other end of the screen, so why would we worry? We know our friends would never send us a malicious link that would steal our information, so why be cautious? Right? 

Not necessarily. Though a message or link may seem like it’s coming from a friend, it’s also possible that it was sent without their knowledge. There are many ways for hackers to scam people very believably. The latest Facebook Messenger hack is just one of many examples. 

Facebook Frenemies 

According to PIXM, Facebook users have been conned for several months by a phishing scam that tricks them into handing over their account credentials. Users are shown a fake login page that copies Facebook’s user interface, giving it the illusion of being real. When someone enters their credentials, their password and login combo is sent to the hacker who then sends out the same link and fake login to the user’s friends through Facebook Messenger. Any user who clicks the link is asked to fill out their credentials, and the cycle repeats. PIXM estimates that over 10 million Facebook users have been duped by this scam since 2021. 

This hacker was able to utilize a technique to evade Facebook’s security checks. When a user clicks on the link in the Messenger app, the browser redirects to a legitimate app deployment service, then redirects again to the actual phishing pages with advertisements and surveys that accrue revenue for the hacker. Using this legitimate service link prevents Facebook from blocking it without blocking other legitimate apps and links as well. Researchers say that even if Facebook managed to block one of these links, several others are created with new unique IDs every day to replace it. 

Phishing scams like these are harder to detect due to the realistic-looking interface on the login pages and that these malicious links are seemingly coming from friends and family. However, there are always key things to look out for when faced with phishing scams. 

Swim Away From These Phishes 

Scams don’t always come from overtly sketchy emails or text messages from strangers. Sometimes they can (unintentionally) come from people we know personally. This isn’t to say that your friends online can’t be trusted! However, it’s important to always be cautious and keep an eye out for any odd behavior to stay on the safe side. Here are some key things to look out for when faced with potential malicious phishing scams: 

Lack of personalization. These types of scams may be coming from online friends you don’t speak to often, if at all. If someone you rarely speak to is sending you links out of the blue, that’s an automatic red flag. But if you’re still unsure or if this is coming from someone you know well, pay close attention to the message, the greeting (if any), and whether it’s personalized or not. If it seems cold or overly general, avoid it!
Links don’t look quite right. If you’re receiving a link through email, hover over the URL without clicking on it to see the link preview. If it looks suspicious, delete it altogether. For links being sent through social platforms, check to see if the URL matches the content in the message being sent to you or if there is a preview attached. If these things don’t match or aren’t present, it’s best to play it safe and stay away.
Spelling and tone seem off. If the message you’re receiving is riddled with spelling or grammar mistakes, proceed with caution, especially if it’s unlike your friend to have those types of errors in their messages. In that same vein, if the tone of the message doesn’t match the typical vibe of the person you’re receiving it from, it’s best to ignore it and move on!
The message is telling you to act. Always be wary of a strange message and link asking you to act. If the message is telling you to download something, don’t click any links or attachments. Simply delete the message and carry on!

When in doubt, just ask! If you’ve received a message and a link from a friend online, simply ask if they meant to send it to you. If they didn’t send it themselves, not only did you dodge a bullet, but your friend is also now aware that they’ve been hacked and can take the necessary precautions to ensure their information is protected. And if they did mean to send it to you, then you can click the link knowing that it’s safe to do so. It’s always best to err on the side of caution when it comes to your online security. 

The post Over 10 Million Facebook Users Hacked in Ongoing Phishing Scam appeared first on McAfee Blog.

Read More

The four algorithms will now become part of NIST’s post-quantum cryptographic standard

Read More