Attacker groups adopt new penetration testing tool Brute Ratel

Read Time:37 Second

Security researchers have recently identified several attack campaigns that use APT-like targeting techniques and deploy Brute Ratel C4 (BRc4), a relatively new adversary simulation framework. While hackers abusing penetration testing tools is not a new development — Cobalt Strike and Metasploit’s Meterpreter have been used by threat groups for years — Brute Ratel is focused on detection evasion techniques, so it might pose a real challenge to defense teams.

“The emergence of a new penetration testing and adversary emulation capability is significant,” researchers from security firm Palo Alto Networks said in a new report analyzing several recent samples. “Yet more alarming is the effectiveness of BRc4 at defeating modern defensive EDR and AV detection capabilities.”

To read this article in full, please click here

Read More

What Types of Apps Track Your Location?

Read Time:7 Minute, 3 Second

Your mobile phone can do so many things, thanks to the wonders of technology. One of those things is having very accurate information about your location. In fact, some apps have to know your location to work.  

Of course, you can’t expect Google Maps to function as it should without tracking your location. But you’re right to question why a messaging app like WhatsApp needs to know your whereabouts. When it comes to protecting your online privacy, the less information that third parties have about you, the better. 

Keep reading to learn which mobile apps have location tracking and how you can revoke their access. 

How to see which apps are tracking your location 

On an iPhone, apps can track your location, but only after giving them access first. Here’s how to check which apps can monitor your location:  

Open the “Settings” app and click on “Privacy” to see a list of apps that have requested access to your location data. 
Click on “Location Services.” This will show you every app that can request access to your location. You’ll also see if you’ve given any apps permission to track your location. Note that the permission you give to apps to access your location can be at all times or only when you’re using the app.  
To check into a specific app, tap it. You’ll see what permission you’ve granted — the active one will have a checkmark. There are three options: 

Never: The app isn’t ever allowed to access your location data. 
When using the app: Whenever you open the app and use it, it’ll be able to track your whereabouts. 
Always: This means the app can access your location data at all times, whether you’re using it or not. 

If you have an Android device, you can check what permissions you’ve given to the app following these steps:  

Go to “Settings.”  
Then, go to “Apps & Notifications.”  
Select an app, tap “Permissions,” and tap on the triple-dot icon.  
Click on “All Permission” and scroll down to the Location section.  

You’ll see the GPS tracking permissions you’ve granted. The apps you’ve allowed access to your location all the time will be under “Allowed all the time.” The apps that can track you while you’re using them will be under “Allowed only while in use.” And you’ll find the apps you’ve never granted permission under “Not allowed.” 

How to stop apps from tracking your location

Remember that some apps need location data to function properly. For instance, a navigation app like Apple Maps isn’t very useful if it doesn’t know where you are. 

But whenever you want to turn off location tracking for particular apps, you can simply cancel their access. 

If you have an iOS device, follow these steps:  

Open “Settings.”  
Tap “Privacy” and click on “Location Services.”  
Next, tap the app you want to change the location setting for.  
Then, select the option you want, like “Always,” “While using,” or “Never.” 

To change the location setting for apps on an Android phone:  

Tap on “Settings.”  
Then, tap on “Apps & Notifications.”  
Pick an app and tap on “Permissions.”  
Switch “Location” to on or off. 

Common types of apps with location tracking

There are many reasons apps need to know your location history, such as personalizing your app experience. Not to mention that location tracking apps like Find My iPhone and family location-sharing apps like Life360 are very helpful for family members to keep track of their loved one’s location.  

But simply speaking, the main reason apps track your location is because it’s profitable. Your information is sold to marketers, making it easier to show you ads you should be interested in.   

This is why it’s always a good idea to check what apps access your location information. So, check them regularly, following the steps laid out above.  

Common apps to watch for location tracking include: 

Map apps

Of course, navigation apps need to know your current location so that they can direct you to where you want to go. Getting access to your real-time location allows them to give you turn-by-turn directions. The apps also use a GPS tracker to help you find establishments like restaurants or gas stations nearby.  

Ride-hailing apps

Ride-hailing apps like Uber and Lyft use your GPS location to let drivers know where to pick you up. Be careful about ride-hailing apps, though, because their tracking features are made to monitor your movement in the background. This means they can access your location all the time, even when the apps aren’t active.  

So, if you’re not a regular ride-hail user, check these phone tracking apps when you’re not using them and turn off the location settings until you need them again. 

Social media

Like most free apps, social media apps collect personal and location data so they can learn who you are. And everything they know about you is used for advertising purposes. This is why you might get “find my friends” suggestions and ads about cafes, stores, and everything else that’s available in your area.  

Something to be aware of is that the ways social media apps like Facebook ask for permission to access your location data aren’t always straightforward. For instance, if you’re posting a photo, the app will ask you to “Turn on Location Services” to add a geo-tag. And if you do, they’ve got the green light to track your whereabouts.  

News and weather apps

When you check the news and weather forecast by using an app, the app asks for your location to provide you with information based on where you are.  

Giving these apps your location can help with the user experience since you won’t have to search for local news or weather updates. But not giving the apps access to your phone location doesn’t affect how they operate.  

Coupon apps

Coupon apps like Flipp want as much information from you as possible to personalize your experience. Location sharing helps these apps provide you with the closest stores to shop and ongoing sales near you. 

In the case of coupon apps, geofencing helps in their marketing quite a lot. With geofencing, apps use radio frequency identification (RFID), Wi-Fi, and GPS location to send ads at exactly the right moment to a target device. The ad can be sent as an SMS, email, or app notification when a cellphone enters or leaves a geofence.  

An example would be a text message that says, “Today only! Spend $50 and get the item of the day for $0.99!” when a customer enters a grocery store.  

Streaming apps

Streaming apps like Netflix and Spotify may ask for your location so that you don’t get access to geo-restricted content. For instance, live streaming TV apps need your location to confirm regional blackouts and other features. But other than that, they don’t necessarily need to monitor your location to work. 

Insurance apps

Car insurance companies have found a way to use technology by offering discounts to clients who allow them to collect personal information and share location data. Some of the information they want include your phone use while driving, how fast you drive, or how sharply you brake. Insurance companies claim that their phone tracker apps collect data to reward good behavior and avoid accidents. 

See how McAfee Security for Mobile keeps your device safe

Our mobile phones are one of our most valuable possessions because we rely on them to get us through the day. That’s why it’s important to understand how information about you and your activities is used, shared, and sold.  

 

The good news is that you can protect your digital life with McAfee Mobile Security, which allows you to connect safely and seamlessly to the digital world with a virtual private network (VPN). You’ll also have access to an antivirus app that regularly scans for online threats like malware.  

 

This means you can use public hotspots, make bank transactions, and surf the web in a safe space. McAfee helps protect your credentials and personal information so that you can continue to enjoy the internet your way.  

The post What Types of Apps Track Your Location? appeared first on McAfee Blog.

Read More

Setting Up Parental Controls in TikTok, Instagram & Snapchat

Read Time:6 Minute, 5 Second

It’s a question we get a lot from parents: “How can I keep my kids safe when they are constantly hopping between so many different apps?” We get it, there’s a lot to stay on top and all of it changes constantly. Unfortunately, that question doesn’t have a simple answer. But there are some baseline actions every parent can take to boost their child’s safety on popular apps like TikTok, Snapchat, and Instagram.  

The safety equation is threefold, with every piece as important to your child’s overall safety as the next.  

Connection and conversation. The first part of the safety equation is maintaining a strong relationship with your child so that dialogue (two-way; no lectures) on digital safety and wellbeing becomes commonplace and they know they can come to you if they have a problem. One way to keep those conversations rolling is to download your child’s favorite apps so that you understand first-hand how the communities work and the type of content that’s being shared. 
Install parental controls. The second part of the safety equation is to add parental controls. Do we have an agenda here? You betcha! For decades, we’ve put some of the world’s brightest engineering minds into designing digital tools that allow families to enjoy the best of the Internet without giving them the rest of the Internet that could put their emotional and physical wellbeing at risk. McAfee’s targeted software helps parents monitor and filter web searches and content, set time limits, and view daily activity reports.  
Access platform tools. The third way is to take a few minutes to ensure your kids are using the platform-level tools available on both their devices and within the apps. Both Apple and Android phones have basic safety and wellbeing features. Additionally, the apps your kids likely love—Tik Tok, Snapchat, and Instagram—have their own set of safety tools.  

Screentime is Climbing 

A report released in 2021 by Common Sense Media found that teenagers (ages 13-18) use an average of nine hours of entertainment media per day and that tweens (ages 8-12) use an average of six hours a day, not including time spent using media for school or homework. The report also found that boys spend more time on gaming devices while girls spend more time on social media and that mobile devices now account for 41% of all screen time among tweens and 46% among teens. 

With those numbers increasing each year, it’s even more important to understand the different ways parents can help kids stay safe. Let’s break down a few safety basics on each app that are easy to access and use.    

Tik Tok Safety 

TikTok has some impressive safety guidelines broken down into topics parents could easily use as a springboard for some great family discussions. The guidelines and the Safety Center cover issues such as dangerous TikTok challenges and how to deal with other digital threats such as bullying, sexual content, fake news, and hateful behavior. You can increase safeguards using TikTok’s: 

Family Pairing. TikTok offers Family Pairing that allows parents to link their account with their child’s to co-control settings on privacy and content. This TikTok feature allows a parent to monitor and manage screen time, direct messages, set restrictions, and control friend and comment filters.  
Restricted Mode. There is a Restricted mode for accounts that can help filter basic mature content on TikTok. 
Privacy Settings. To ensure your child isn’t connecting with unknown people on TikTok, you can go into the settings and make their account private.  
Digital Wellbeing. We all know how easy it is to get sucked into spending hours on an app without even getting up to stretch or give our eyes or minds a break. Turning this function on will send alerts to users who have been on the app for more than two hours.  

Snapchat Safety 

Every app functions differently and thus, offers different ways to boost security. Snapchat provides a helpful guide for parents and educators, including safety tips and conversation starters. You can increase safeguards using Snapchat’s: 

Privacy Settings. Sit down with your child to ensure their privacy settings are adjusted to choose who can send them Snaps, view their Stories, or see their location on Snap Map. They can also manage who views your child’s content with My Story. 
Friends Only Feature. Snapchat was made for keeping in touch with your close friends, so the app Safety Center recommends users “only friend or accepts friend requests from people that you know in real life.” 
Report Abuse Feature. Ensure your kids understand how to report abuse on Snapchat, including harassment, bullying, or other safety concerns. If someone makes them uncomfortable, they can block that Snapchatter and leave any group chat. Here’s more on reporting abuse or safety concerns. 
Think before you share. Snaps are designed to delete by default within 24 hours. However, remind your kids that people who send Snaps can still take a screenshot or take a picture of the Snap with another device. Therefore, on Snapchat especially, advise your kids to think before sharing. 

Instagram Safety 

Instagram offers parents and minor users a library of safety and mental health resources accessible via the app’s Community Tab at the bottom of its home page. You can increase safeguards using Instagram’s: 

Family Center. A parent or guardian can supervise a teen’s Instagram account, provide extra support, and help balance their time. Parents of teens can remove supervision anytime, and the tool is automatically removed when the teen turns 18. 
Privacy Controls. Your teen’s account can be set to private, which means their content will only be seen by approved followers. In addition, they can also block and report abusive accounts.  
Comment Controls. Avoid unwanted interactions by encouraging your child to use “Comment Controls.” In addition, reporting and blocking tools also allow them to manage who can comment on their posts.  
Direct Message Safeguards. Instagram restricts Direct Messages (DMs) between teens (under 18) and adults they don’t follow. When an adult tries to message a teen who doesn’t follow them, they receive a notification that DM’ing that teen isn’t an option. For adults and teens already connected (i.e., one account follows the other), Instagram sends safety notices encouraging teens to be cautious in conversations with adults who have exhibited potentially suspicious behavior. (Note: This feature does not protect kids from connecting with fraudulent catfish accounts created using false profile and age information). 

One of the most powerful safety features is you—a child’s mom, dad, or guardian. Your face-to-face, heart-to-heart connection will speak loudest in your child’s life. If you haven’t lately, ask your child what’s going on in their digital life, who their friends are, what they’ve created to share, and what’s new, hilarious, or trending. You may get some resistance now and then but don’t let that discourage you from pressing in and doing all the things that help keep them as safe as possible online.   

The post Setting Up Parental Controls in TikTok, Instagram & Snapchat appeared first on McAfee Blog.

Read More

CVE-2014-8164

Read Time:7 Second

A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x.

Read More

Smart factories unprepared for cyberattacks

Read Time:32 Second

Organizations operating smart factories largely agree that cybersecurity is a critical component to their operations. Many, however, are unprepared to deal with the growing number of cyberthreats against them, according to a report released last week by Capgemini, a provider of technology and digital transformation consulting services.

The report, based on a survey of 950 organizations globally, finds that 80% agreed that cybersecurity is a critical component of a smart factory’s operations and while more than half (51%) acknowledge the number of cyberattacks will likely increase over the next 12 months, their current levels of preparedness are low.

To read this article in full, please click here

Read More