Most hackers need 5 hours or less to break into enterprise environments

Read Time:40 Second

Around 40% of ethical hackers recently surveyed by the SANS Institute said they can break into most environments they test, if not all. Nearly 60% said they need five hours or less to break into a corporate environment once they identify a weakness.

The SANS ethical hacking survey, done in partnership with security firm Bishop Fox, is the first of its kind and collected responses from over 300 ethical hackers working in different roles inside organizations, with different levels of experience and specializations in different areas of information security. The survey revealed that on average, hackers would need five hours for each step of an attack chain: reconnaissance, exploitation, privilege escalation and data exfiltration, with an end-to-end attack taking less than 24 hours.

To read this article in full, please click here

Read More

BrandPost: You can’t have zero trust without visibility

Read Time:39 Second

Words of wisdom from Sun Tzu: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.”

One of those battles is defending the network against cyberattacks, and it’s constant. The military general and strategist was wise millennia beyond his time. He knew the power of complete visibility against an enemy who relies on evasive maneuvers.

Network security has not fundamentally changed over the course of the last several decades. While we’ve seen new architectures emerge, if you take a step back, you’ll see that the security industry has simply shifted the same detection and prevention techniques to new locations (on-prem, public cloud, as-a-service from cloud, cloud-native).

To read this article in full, please click here

Read More

How Do Hackers Hack Phones and How Can I Prevent It?

Read Time:7 Minute, 27 Second

How do hackers hack phones? Several ways. Just as there are several ways you can prevent it from happening to you. 

The thing is that our phones are like little treasure chests. They’re loaded with plenty of personal data, and we use them to shop, bank, and take care of other personal and financial matters—all of which are of high value to identity thieves.  

However, you can protect yourself and your phone by knowing what to look out for and by taking a few simple steps. Let’s break it down by first taking a look at some of the more common attacks.  

Types of Smartphone Hacks and Attacks 

Hacking software 

Whether hackers sneak it onto your phone by physically accessing your phone or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, hacking software can create problems for you in a couple of ways: 

Keylogging: In the hands of a hacker, keylogging works like a stalker by snooping information as you type, tap, and even talk on your phone.  
Trojans: Trojans are types of malware that can be disguised in your phone to extract important data, such as credit card account details or personal information. 

Some possible signs of hacking software on your phone include: 

A battery that drains way too quickly. 
Your phone runs a little sluggish or gets hot. 
Apps quit suddenly or your phone shuts off and turns back on. 
You see unrecognized data, text, or other charges on your bill.   

In all, hacking software can eat up system resources, create conflicts with other apps, and use your data or internet connection to pass along your personal information into the hands of hackers—all of which can lead to some of the symptoms listed above. 

Phishing attacks 

These are a classic form of attack. In fact, hackers have leveled them at our computers for years now too. Phishing is where hackers impersonate a company or trusted individual to get access to your accounts or personal info or both. And these attacks take many forms, like emails, texts, instant messages, and so forth, some of which can look really legitimate. Common to them are links to bogus sites that attempt to trick you into handing over that info or that install malware to wreak havoc on your device or likewise steal information. Learning how to spot a phishing attack is one way to keep yourself from falling victim to one. 

Bluetooth hacking 

Professional hackers can use dedicated technologies that search for vulnerable mobile devices with an open Bluetooth connection. Hackers can pull off these attacks when they are range of your phone, up to 30 feet away, usually in a populated area. When hackers make a Bluetooth connection to your phone, they can possibly access your data and info, yet that data and info must be downloaded while the phone is within range. As you probably gathered, this is a more sophisticated attack given the effort and technology involved. 

SIM card swapping 

In August of 2019, the CEO of Twitter had his SIM card hacked by SIM card swapping scam. SIM card swapping occurs when a hacker contacts your phone provider, pretends to be you, and then asks for a replacement SIM card. Once the provider sends the new SIM to the hacker, the old SIM card will be deactivated, and your phone number will be effectively stolen. This means the hacker has taken control of your phone calls, messages, and so forth. This method of hacking requires the seemingly not-so-easy task of impersonating someone else, yet clearly, it happened to the CEO of a major tech company. Protecting your personal info and identity online can help prevent hackers from impersonating you to pull off this and other crimes.  

Ten tips to prevent your phone from being hacked 

While there are several ways a hacker can get into your phone and steal personal and critical information, here are a few tips to keep that from happening: 

Use comprehensive security software on your phone. Over the years, we’ve gotten into the good habit of using this on our computers and laptops. Our phones? Not so much. Installing security software on your smartphone gives you a first line of defense against attacks, plus several of the additional security features mentioned below. 
Update your phone and its apps. Aside from installing security software, keeping current with updates is a primary way to keep you and your phone safe. Updates can fix vulnerabilities that cybercriminals rely on to pull off their malware-based attacks. Additionally, those updates can help keep your phone and apps running smoothly while also introducing new, helpful features. 
Stay safer on the go with a VPN. One way that crooks can hack their way into your phone is via public Wi-Fi, such as at airports, hotels, and even libraries. These networks are public, meaning that your activities are exposed to others on the network—your banking, your password usage, all of it. One way to make a public network private is with a VPN, which can keep you and all you do protected from others on that Wi-Fi hotspot.  
Use a password manager. Strong, unique passwords offer another primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one. 
Avoid public charging stations. Charging up at a public station seems so simple and safe. However, some hackers have been known to “juice jack” by installing malware into the charging station. While you “juice up,” they “jack” your passwords and personal info. So what to do about power on the road? You can look into a portable power pack that you can charge up ahead of time or run on AA batteries. They’re pretty inexpensive and easy to track down.  
Keep your eyes on your phone. Preventing the actual theft of your phone is important too, as some hacks happen simply because a phone falls into the wrong hands. This is a good case for password or PIN protecting your phone, as well as turning on device tracking so that you can locate your phone or even wipe it remotely if you need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.  
Encrypt your phone. Encrypting your cell phone can save you from being hacked and can protect your calls, messages, and critical information. To check if your iPhone is encrypted can go into Touch ID & Passcode, scroll to the bottom, and see if data protection is enabled (typically this is automatic if you have a passcode enabled). Android users have automatic encryption depending on the type of phone. 
Lock your SIM card. Just as you can lock your phone, you can also lock the SIM card that is used to identify you, the owner, and to connect you to your cellular network. By locking it, keeps your phone from being used on any other network than yours. If you own an iPhone, you can lock it by following these simple directions. For other platforms, check out the manufacturer’s website. 
Turn off your Wi-Fi and Bluetooth when not in use. Think of it as closing an otherwise open door. There are several attacks that a dedicated and well-equipped hacker can make on devices where Wi-Fi and Bluetooth are open and discoverable. Likewise, while not a hack, some retailers will track your location in a store using Bluetooth technology for marketing purposes—so switching it off can protect your privacy in some situations as well. You can easily turn off both from your settings and many phones let you do it from a pulldown menu on your home screen as well. 
Steer clear of third-party app stores. Google Play and Apple’s App Store have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites may not have that process in place. In fact, some third-party sites may intentionally host malicious apps as part of a broader scam. Granted, cybercriminals have found ways to work around Google and Apple’s review process, yet the chances of downloading a safe app from them are far greater than anywhere else. Furthermore, both Google and Apple are quick to remove malicious apps once discovered, making their stores that much safer. 

The post How Do Hackers Hack Phones and How Can I Prevent It? appeared first on McAfee Blog.

Read More

McAfee Secure VPN: Now with WireGuard for Faster Speeds and Enhanced Stability

Read Time:2 Minute, 39 Second

McAfee’s Secure VPN now supports the WireGuard protocol, which gives you faster connection speeds plus enhanced stability and security.  

WireGuard is the latest standard in Virtual Private Network (VPN) technology, and we’re rolling it out across McAfee Secure VPN and our comprehensive online protection software. And just as before, it offers smart protection that can be set to automatically turn on when you need it, so you can stay more private and more secure online. 

If you’re new to using a VPN, let’s take a quick look at two of the big things a VPN can do for you. 

It makes you more secure. 

The bank-grade encryption used by a strong VPN shields your data and information while it’s in transit, which makes it difficult for hackers to spy on your connection. (Think of your data and information traveling through a tunnel that no one else can use or see into.) In that way, a VPN makes all kinds of online activities more secure—like banking, shopping, and checking up on your finances, even using your apps.  

It protects your privacy. 

By masking your whereabouts and your IP address, along with encryption that helps keep your activities private, a VPN reduces the personal information that others can collect and track. That includes internet service providers, social media companies, businesses, app developers, websites, and others who gather your data for marketing purposes or for resale to third parties. 

A faster and more stable VPN with WireGuard 

A quick word about what WireGuard is in slightly more detail. It’s a VPN protocol, which is a series of technical rules that govern how your device can securely reach the VPN servers, validate your access to the requests you make online, and encrypt your browsing traffic so that only you can see what you are doing over the internet. WireGuard is one of several protocols that we support, such as the OpenVPN and IKEv2 protocols. While WireGuard improves upon OpenVPN and IKEv2 in many ways, both are still secure and safe ways in which a VPN can connect. 

Now with the latest WireGuard standard in place, our VPN offers faster speeds and improved stability compared to what previous standards offered. This gives you the security of a VPN with similar performance as if you were on a fully open connection—along with the added benefit of keeping your browsing and other activities private. 

Taken together, the improved speed and stability give privacy-conscious people a further reason to use a VPN more often than before. Because a VPN can minimize the exposure of data as it transmits to and from your devices, companies and data brokers can potentially learn far less about you, your shopping, your travels, your habits, and any other information that they could possibly collect and otherwise profit from. The more often you use a VPN, the less they can potentially gather. 

For more about VPNs and how ours can keep you more private and secure online, give us a visit here any time. 

The post McAfee Secure VPN: Now with WireGuard for Faster Speeds and Enhanced Stability appeared first on McAfee Blog.

Read More