McAfee Wins Product of the Year for Best Online Protection

Read Time:1 Minute, 41 Second

You can feel even more confident that you’ll enjoy life online with us at your side. AV-Comparatives has awarded McAfee as its 2021 Product of the Year.

McAfee makes staying safe simple, and now this endorsement by an independent lab says we protect you best.

Over the course of 2021, AV-Comparatives subjected 17 different online protection products to a series of rigorous tests. Their labs investigated each product’s ability to protect against real-world Internet threats, such as thousands of emerging malicious programs and advanced targeted attacks, along with the ability to provide protection without slowing down the computer.

McAfee topped the field, taking home the award for AV-Comparatives’ Product of the Year thanks to our highest overall scores across the seven different testing periods throughout the year. McAfee further took a Gold Award for the Malware Protection Test, in addition to recognition for its clean, modern, and touch-friendly design and for the way that McAfee Firewall coordinates perfectly with Windows.

“We’re honored by the recognition,” says Chief Technology Officer, Steve Grobman. “The strong reputation that AV-Comparatives carries in the industry cements our place as a leader in online protection.” He goes on to say, “Our work continues. The internet is evolving to be integral to every part of our lives. This creates new opportunities for cyber criminals and drives the evolution of the threat landscape. McAfee is committed to staying one step ahead of these sophisticated threats, ensuring customers can safely utilize the full value of our online world.”

Read the full AV-Comparatives annual report and protect yourself and your family with the year’s top-rated antivirus. Give it a look for yourself with a free 30-day trial of McAfee Total Protection, which includes McAfee’s award-winning anti-malware technology plus identity monitoring, Secure VPN, and safe browsing for an all-in-one online protection.

The post McAfee Wins Product of the Year for Best Online Protection appeared first on McAfee Blogs.

Read More

UK Government to Launch PR Campaign Undermining End-to-End Encryption

Read Time:23 Second

Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Presumably they’ll lean heavily on the “think of the children!” rhetoric we’re seeing in this current wave of the crypto wars. The technical eavesdropping mechanisms have shifted to client-side scanning, which won’t actually help — but since that’s not really the point, it’s not argued on its merits.

Read More

When It comes to Cybersecurity – An ounce of prevention

Read Time:5 Minute, 11 Second

Benjamin Franklin advised fire-threatened Philadelphians in 1736 that, “An ounce of prevention is worth a pound of cure. Clearly, preventing fires is better than fighting them……”

So, to what extent are we able to protect ourselves from Cybersecurity events? With the alphabet soup of acronyms out there such as NIST, ISO, SOC, CISA, DevSecOps, etc…… protecting your business from Cybersecurity threats can be overwhelming. Making Cybersecurity a priority can save your business down the road.

Threat Actors, once in, may lay dormant for months much like a human virus. The hacker with the persistent access in place will sit in the background infecting as much as possible and gathering as much data as they can. Like a cold, you may feel fine, but you’ll notice things are off a bit. You get tired easier; seem a little sluggish.

The same symptoms will occur in your IT environment as the malware spreads downloading data and expanding across your global network corrupting backups and leaving little options. Once the actor has embedded themselves, they will strike. Ransomware and stolen customer data can put an enterprise out of business for months.

Social engineering

Social engineering is the most prevalent way threat actors find their way into your environment. Disguising themselves as legitimate web sites, email, and customer service entities they depend on people’s kindness, willingness to help and urgency to resolve perceived threats/problems. Training your employees on recognizing these threats is both simple and critical in preventing an intrusion.

Verifying the URL on a link is the quickest and easiest way to determine validity. The safest bet; is if you don’t know who sent it don’t click it. Look up the phone number for the company on an independent site and call them to verify the request. Do not use the number that was embedded in the email. Many businesses or government entities will never call or email you. Getting an unexpected call from the Social Security administration or the IRS will never happen. Instead, they will use traditional mail.

Network design and architecture

Architecting a robust network with multiple layers of firewall protection, redundant pathways for both external and internal and isolating critical data is paramount in limiting the damage done by a threat actor. In the first layer all client data should be completely isolated from external facing equipment. Access to these environment’s should be heavily restricted to a limited number of people and applications.

The next layer is the application layer and should be divided into those applications accessing the data and those processing it. Lastly is the customer facing layers. These will sit on the public internet or companies’ intranet and be most exposed to threats. Utilizing a simple three-layer approach can prevent most leakage points from being exposed. More complex architectures may be needed depending on the industry or the data.

Asset inventory/patches

All assets on the network must be identified and tracked. Assets that are not in the inventory or patched can be Trojan horses themselves. Sitting on the network these assets are easy targets for Threat Actors. Knowing the age of the assets and patch levels is critical. Older assets may be out of maintenance; therefore, they may no longer have patches available and can be easily exploited.

Newer assets may sit unpatched due to the application utilizing them not being able to support the most recent patches. These machines must be isolated and scrutinized more closely. Lastly, having an active patching process of N-1 or better as well as subscribing to the latest threat alerts with your vendors is paramount to making sure you are safely secured.

Backups

Backups of data and applications are necessary to restoring your operations in the event of a ransomware or other intrusions. Since Threat Actors may have been lurking in your environment for months prior to being identified, your backups may be corrupted. If this occurs, once you restore, the Threat Actor will simply shut you down again. It’s imperative to keep the restoration environment isolated until you can scan all restored systems and verify that they are clean prior to going back online.

Budgets

Some intrusions occur due to carelessness or lack of processes and procedures. In others, it is a lack of budgetary foresight creating cyber risk. Technology debt occurs quickly when finances are tight, and decisions are made to put off upgrades and maintenance to save money. “We’ll take care of it next year when things are better”, so they say.

One year quickly becomes three. As long as mission critical applications are functioning as expected, long range planning for them are overlooked. Proper budgetary planning for equipment maintenance & replacements, software patching and application upgrades are an imperative. It must be an integral part of every company’s financial planning process.

Preparedness

Just like with home protection; running fire drills, having home escape plans, regularly testing your security system and maintaining your smoke detectors; you need to do the same with your IT environments. Have a certified third party review your infrastructure and application architecture to ensure it has solid protective layers in place and all sensitive data is isolated. Conduct a review of all security policies, procedures, and training.

Run external and internal penetration tests to see if any holes exist and quickly execute remediation plans. Have a ransomware playbook in place and run preparedness drills. Regularly scan your backups for known malware. Maintain an active asset inventory list and perform quarterly audits of move, adds and changes to ensure nothing is on the network that shouldn’t be there. 

An ounce of prevention

Even with proper grounding, installing smoke detectors, and sprinkler systems; fires still occur. Setting up and maintaining safety and security measures ensures that damage is avoided, minimized, and contained.

To the Threat Actor, data theft, ransomware, and denial of service attacks are a very profitable game. They are patient and will continue to probe until they find a way in. Companies that have fallen behind with updates and upgrades will become easy marks. As an IT leader you must stay one step ahead of them with proper planning and maintenance of your total environment.

Read More

Three recent events prove the need for an insider risk playbook

Read Time:53 Second

Every company, regardless of size, should have an insider risk management playbook in place to address the insider threat. The human factor is always in play, mistakes will happen that inadvertently place the company at risk. The other side of the human factor are the malevolent individuals who opt to break trust and willingly push aside their NDAs and in-place IT data handling processes and procedures to knowingly abscond with sensitive data.

Three recent incidents underscore the importance of having an insider risk management playbook:

Ubiquiti’s insider risk mitigation plan pays off

Malicious insider Nikolas Sharp of Ubiquiti stole his company’s data and then attempted to maneuver the post-investigation efforts away from his own actions and to extort from his employer $2 million. While the Ubiquiti team did not stop the exfiltration of the data, once an anomalous activity was discovered, they executed on their mitigation plan, and eventually brought in the FBI to address the criminal aspects of their insider incident.

To read this article in full, please click here

Read More

Critical Patches Issued for Microsoft Products, May 11, 2021

Read Time:24 Second

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Black Hat, White Hat, Gray Hat, Script Kiddies – Who they are?

Read Time:2 Minute, 3 Second

The term hacker often takes on a negative connotation. 

In the past, we often focused on the distinction between a hacker, a person with deep security knowledge who explores technologies, systems and related vulnerabilities out of pure passion, and crackers, the “malicious” counterpart, who uses his knowledge to cause damage and steal data. a certain value (for example, credit cards). 

RFC1392 provides the following definitions:

   hacker

      A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular. The term is often misused in a pejorative context, where “cracker” would be the correct term.

 cracker

      A cracker is an individual who attempts to access computer system without authorization. These individuals are often malicious, as  opposed to hackers, and have many means at their disposal for  breaking into a system.

Unfortunately, media have never bothered to understand the distinction and, for the masses, there is no difference between crackers and hackers.

In our opinion, here is the correct terminology to be used in the security sector:

Black hats (Crackers)

Crackers, or black hats, have got extraordinary computing skills but they lack ethics. They may violate laws by committing malicious or destructive acts.

Script Kiddies

An unskilled cracker who compromises systems using tools, scripts and software developed by others.

White Hats (Ethical Hacker)

An individual who uses his hacking skill for defensive purposes. 

They analyse computer systems or networks to detect security issues and give recommendations for improvement to their owners.

A white hat will penetrate a system only with the authorisation and upon request of the infrastructure owner. 

Gray Hats

Gray hats use their skills both offensively and defensively. 

They often look for system vulnerabilities without the permission or knowledge of the owner. If they find a security issue, they may reveal it to the owner upon the payment of a small fee. Sometimes, their ultimate goal is to show their skills and create awareness about the intrinsic insecurity of the Internet.

It may be useful to know some additional terms. State-sponsored hackers are employed by the government to penetrate other government systems to damage or gain top-secret information. You have surely heard about Cyber Terrorists, individuals moved by political or religious beliefs to create fear among civilians and influence the policy of the targeted governments.

An Examination of the Bug Bounty Marketplace

Read Time:1 Minute, 2 Second

Here’s a fascinating report: “Bounty Everything: Hackers and the Making of the Global Bug Marketplace.” From a summary:

…researchers Ryan Ellis and Yuan Stevens provide a window into the working lives of hackers who participate in “bug bounty” programs­ — programs that hire hackers to discover and report bugs or other vulnerabilities in their systems. This report illuminates the risks and insecurities for hackers as gig workers, and how bounty programs rely on vulnerable workers to fix their vulnerable systems.

Ellis and Stevens’s research offers a historical overview of bounty programs and an analysis of contemporary bug bounty platforms — ­the new intermediaries that now structure the vast majority of bounty work. The report draws directly from interviews with hackers, who recount that bounty programs seem willing to integrate a diverse workforce in their practices, but only on terms that deny them the job security and access enjoyed by core security workforces. These inequities go far beyond the difference experienced by temporary and permanent employees at companies such as Google and Apple, contend the authors. The global bug bounty workforce is doing piecework — they are paid for each bug, and the conditions under which a bug is paid vary greatly from one company to the next.

Read More