Equipping and guiding your digitally connected child is one of the toughest challenges you will face as a parent. As your child grows and changes, so too will their online activities. Friend groups, favorite apps, and online interests can shift from one month to the next, which is why parental controls can be a parent’s best friend.  

According to a report from Common Sense Media, teens spend an average of seven hours and 22 minutes on their phones a day. Tweens (ages 8 to 12) spend four hours and 44 minutes daily. This is time outside of schoolwork. 

That is a lot of time to stroll the streets of cyberspace for entertainment purposes, and it’s only increased since the pandemic.  

Striking a balance between screen time and healthy device use is an always-evolving challenge. On the one hand, your child’s device is an essential channel connecting them to their self-identity, peer acceptance, and emotional well-being. On the other hand, that same device is also the door that can bring issues such as cyberbullying, predators, risky behavior, and self-image struggles into your child’s life.  

Raising the Safety Bar 

Parental controls are tools that allow parents to set controls on their children’s internet use. Controls include content filters (inappropriate content), usage limits (time controls), and monitoring (tracking activity). 

Many of the technology your family already owns or sites your kids visit have basic parental controls (i.e., built-in controls for android and iPhone and social networks such as YouTube). However, another level of parental control comes in software specifically engineered to filter, limit, and track digital activity. These consumer-designed parental controls offer families a higher, more powerful form of protection.  

 If you are like many parents who land on this blog, you’ve hit a rough patch. You have concerns about your child’s online activity but aren’t sure how to begin restoring balance. Rightly, you want to find the best parental control software and put digital safeguards in place.  

8 Signs Your Family Needs Parental Controls 

Every family dynamic is different, as is every family’s approach to online monitoring. However, most parents can agree that when a negative influence begins to impact the family’s emotional and physical health, exploring new solutions can help get you back on track.  

Depending on your child’s age, you may need to consider parental controls if:  

 1. They don’t respond when you talk to them  

If your child is increasingly engrossed in their phone and it’s causing communication issues in your family, you may want to consider software that includes time limits. Connecting with your child during device-free time can improve communication.  

2. They’ve started ignoring homework and family responsibilities  

There are a lot of reasons grades can plummet, or interests can fade. However, if your child is spending more and more time online, limiting or monitoring what goes on in that time can help restore emotional balance and self-discipline to meet responsibilities.  

3. Their browser history shows access to risky content  

Innocent online searches can lead to not so innocent results or children may go looking for content simply because they’re curious. Parental controls automatically block age-inappropriate sites and filter websites, apps, and web searches.  

4. They won’t give you their device without a fight  

If the phone has become the center of your child’s world at the cost of parental respect and family rules, they may be engaged in inappropriate behavior online, connecting with the wrong friends, or struggling with tech balance. With the proper parental controls, a parent can block risky content, view daily activity, and set healthy time limits.  

5. They’re losing interest in family outings and other non-digital activities  

Poor habits form quietly over time. If your child has dramatically changed their focus in the past three to six months, consider zooming in on why. It may not be technology use, but you may consider an additional layer of protection if it is.   

6. They go into another room to respond to a text  

While everyone deserves privacy, if constantly sneaking away to communicate with a friend is your child’s new norm, you may consider making some screen time adjustments.  

7. They are exhausted  

Unbeknownst to parents, kids might be exchanging sleep for screen time. Parental controls can help you nip this unhealthy habit. Setting time limits can help kids experience deeper sleep, better moods, more focus, and more energy. 

8. They overshare online  

If you browse through your child’s social media and notice their profiles are public instead of private, or if your child tends to overshare personal information, parental controls can help you monitor future activity. 

Ideally, we’d all prefer to live in a world where we didn’t need parental controls at all. Unfortunately, that is neither a present nor future reality. So, we recalibrate, keep learning, and keep adding to our parenting skills. As always, we believe the first go-to digital safety tool is investing in consistent open and honest conversation with your child. And the second tool? Yup, reach for the parental controls. While you may hear some hemming and hawing from your kids at first, the peace of mind you gain from having parental controls in place will be worth it.  

The post 8 Signs It May Be Time for Parental Controls appeared first on McAfee Blog.

Read More

Peiter Zatko, aka Mudge, has filed a whistleblower complaint with the SEC against Twitter, claiming that they violated an eleven-year-old FTC settlement by having lousy security. And he should know; he was Twitter’s chief security officer until he was fired in January.

The Washington Post has the scoop (with documents) and companion backgrounder. This CNN story is also comprehensive.

Read More

Today, we publish our annual Impact Report. In our 2021 report, we highlight initiatives and share stories about our progress in creating a more inclusive workplace, supporting our communities, and protecting the planet.

Reflecting on 2021, it’s easy to see it was a monumental year for McAfee. Our business underwent an incredible transformation — we divested our Enterprise business and McAfee emerged as a worldwide leader for online protection, empowering individuals and families to live a safer life online. We also kicked off our journey to become a privately held company.

Our strides toward a better future

As we accelerate our journey as a dedicated consumer business and I evaluate our strides since our first report in 2018, I am humbled by our progress. In the last year, we’ve seen our representation for women reach 30.9% overall and for underrepresented professionals reach 14.8 percent. In addition, we’ve seen a 40% increase in the proportion of women promoted to director and above in the last year.

We maintained pay parity for women globally and underrepresented professionals in the U.S with our most recent audit revealing no disparities. We rolled out a new inclusion and awareness training and were recognized as the best company for multicultural women and dads. We prioritized our people’s well-being with a rollout of the Calm app, fitness challenges, and a week focused on wellness.

All the while, McAfee rose to meet the increased needs of our community with laptop donation programs and employee giving campaigns. We also made progress for sustainability redefining how and where we work.

The opportunities ahead to do better

However, it’s not lost on me that 2021 followed a year fraught with challenges that didn’t disappear with the end of 2020. And today, we continue to live and work against the backdrop of a global pandemic, respond to acts of racial injustice, and hear undeniable lived experiences of hate and intolerance.

It’s fueled our desire to do better. We know there is so much work to do and our responsibility to create an equitable workplace and world has never been greater. It’s the right thing to do and a business imperative—we rely on the fresh ideas and unique perspectives of the people of McAfee. Truthfully, it’s their tenacity and resiliency that inspire me.

Whether it’s showing up for one another during a COVID-19 surge, asking for more resources to become a better ally, or rallying around each other to prioritize health, our people are exceptional.

As we progress in 2022, grow as a consumer-focused business, and welcome our new President and CEO Greg Johnson, we will have the opportunity to take all we’ve learned and help turn our aspirations into reality. We will invest in our people, our community, and our planet, but also ask what we can do better.

I invite you to read our 2021 Impact Report to see our progress and our commitment.

The post McAfee launches Impact Report: How we’re doing and the opportunities ahead  appeared first on McAfee Blog.

Read More

A new strain of ransomware has been making victims for the past two months, masquerading as a Google software update application and reusing an open-source password management library for encryption. Dubbed HavanaCrypt by researchers from Cybereason, the new ransomware program features anti-analysis, data exfiltration and privilege escalation mechanisms, but doesn’t seem to be dropping a traditional ransom note.

HavanaCrypt deployment

The researchers don’t have a lot of information about the initial access vector because the sample they analyzed was obtained from VirusTotal, a web-based file scanning service, where it was likely uploaded by a victim. What is clear is that the metadata of the malicious executable has been modified to list the publisher as Google and the application name as Google Software Update and upon execution it creates a registry autorun entry called GoogleUpdate. Based on this information, one could assume that the lure used to distribute the ransomware, either via email or the web, is centered around a fake software update.

To read this article in full, please click here

Read More

While businesses are busy trying to protect themselves against ransomware attacks that spark headlines news, threat actors are sticking to one of the oldest and most effective hacking techniques—business email compromise (BEC).

Enterprise security has skewed toward ransomware in recent years, but FBI data highlights that  enterprises in aggregate are losing 51 times more money through BEC attacks. In 2021, BEC attacks in the US caused total losses of $2.4 billion, a 39% increase from 2020. In contrast, at the same time, companies in the US lost only $49.2 million to ransomware.

To read this article in full, please click here

Read More

French hospital is the latest to be hit

Read More

AT&T Cybersecurity is pleased to announce a code-free way for our USM Anywhere customers to make their own API-driven log collectors and custom parsers. This big advancement in threat detection and response technology will make it possible for customers to collect information from a much larger variety of sources and SaaS services without having to request new integrations or log parsers.

The foundation of threat detection is visibility; this means visibility into internal network activity, user logins and behaviors, and cloud application access to name just a few examples. And visibility is data. But getting all this information from the cloud, on premises, and user endpoints has always been a challenge. Business transformation has completely changed where our data lives and how we need to collect it.

Two big trends have emerged: businesses are flocking to SaaS services of every description, and the internet of things has massively expanded the number and type of devices we want to collect data from—think security cameras, meeting room equipment, even building control systems and thermostats. These trends have conspired to make it very difficult for security vendors to keep up with the demand for data collection tools. Custom applications need to be written to talk to cloud APIs, and even if old-school syslog is used by legacy building control systems, parsers are required to normalize and enrich the data before it can be used to find threats.

AT&T is proud to announce Custom AlienApps and Custom Log Parsers

The Custom AlienApps feature empowers customers to create their own REST API applications for collecting data from any cloud service with an API for collecting events. To do this, customers do not need to understand how to code in any scripting languages, nor do they need any special skills. All they will need to do is complete a simple configuration dialogue and provide some relevant information, which includes authentication type, location of the log endpoint.

Once the app has been successfully configured by the customer, it will reach out to the SaaS service and download the events that are waiting there. However, as you may know, not all log event data is the same. There is no standard way to perform logging, nor is there one convention for how to format logs or name the keys used in logs. Logs are essentially key value pairs, and the USM platform must normalize these pairs in order for detection to work. For example, network logs usually have a field for the source IP address of the event the log refers to. Sometimes vendors use sourceip=, and sometimes they use source_ip=, source-ip=, etc.

Figure 1: App mapping

Normalizing the logs is the job of a parser. With the new Custom Log Parser feature, customers can build their own parser by dragging and dropping fields instead of waiting for an engineer to build one for them. (See figure 1.) Note that this step should be performed carefully because all data correlation will depend on it. This new feature allows customers to create parsers not only for their custom AlienApps, but also for any “Generic Log” imported via syslog or an S3 bucket. See figure 2 for a graphical view of this.

Figure 2: Custom Log Parsers – graphical view

These innovations join a host of others in the AlienApps log ingestion framework. (See figure 3.) Our log processing architecture is built to accommodate as many methods as possible, and we continue to evolve and add others. In addition to making their own AlienApps and parsers, customers can ingest logs via our roster of 36 Advanced AlienApps for various cloud services. And these apps also allow customers to respond to alarms by using the containment capabilities of the various security products in their network, such as endpoint self-isolation or adding a firewall.

Figure 3: AlienApp log processing architecture

The USM platform also supports traditional syslog, in standard format and CEF. We currently have more than 570 parsers for different products. Additionally, the platform will process logs that are sent to an Amazon S3 bucket and grab logs from the customer’s IaaS services. We recently added sensorless log collection for AWS with our Cloud Connector feature, and we collect endpoint logs using our agent or the SentinelOne EDR agent.

If you’d like to learn more about Custom AlienApps and Custom Log Parsers, you can find full documentation in the USM Anywhere Help section. If you’re interested in trying out these features and are not already a customer, we invite you to sign up for a free trial.

Read More

Agencies team up to police borders and mitigate Russian cyber-threats

Read More

Those who apply security patches are finding that it’s becoming harder to time updates and determine the impact of patching on their organizations. Dustin Childs of the ZDI Zero Day Initiative and Trend Micro brought this problem to light at the recent Black Hat security conference: Patch quality has not increased and in fact is getting worse. We are dealing with repatching bugs that weren’t fixed right or variant bugs that could have been patched the first time.

Childs also pointed out that vendors are not providing good information about the Common Vulnerability Scoring System (CVSS) risk to easily analyze whether to patch. The vendor might give a high CVSS risk score to a bug that wouldn’t be easily exploited. I am having to dig more into details of a bug to better understand the risk of not applying an update immediately. Vendors are adding obscurity to bug information and making it harder to understand the risk.

To read this article in full, please click here

Read More

Biggest year so far was 2020

Read More