KnowBe4 report revealed that 35.2% of users with no security training were prone to clicking on suspicious links

Read More

Read this statement, then read it again: Just five distracted seconds at 55 mph is equivalent to driving the length of a football field with your eyes closed. This alarming truth from the National Highway Traffic Safety Administration (NHTSA), highlights the need for parents to address the issue of distracted driving with their teens.  

Additional distracted driving statistics are mind-blowing. According to the NHSTA, 77 percent of drivers admitted to using their phones while driving, 74 percent used their map app, 56 percent read emails or texts, 27 percent updated or checked their social media accounts, and shockingly, 19 percent of drivers—equivalent to one in five—engaged in online shopping while driving. 

In the United States, distracted driving has become a leading cause of fatal crashes, accounting for 25 to 30 percent of all fatal crashes. Furthermore, overall highway fatalities have increased by 22 percent, as reported recently by The Los Angeles Times, which attributed this rise to the allure of technology turning our cars into “candy stores of distraction.” 

Passenger/Peer Distractions 

While technology plays a significant role in distracted driving, other everyday choices and factors can also contribute to accidents. Eating while driving, managing a lively pet in the car, navigating unfamiliar streets, and even talking with peer passengers can distract young drivers. Studies have shown that crash risk doubles when teens drive with one peer passenger and quadruples with three or more teen passengers.  

In the throes of summer, it’s a great time for parents to have a conversation with their teen drivers about the dangers of distracted driving and texting while driving. Here are some important topics to discuss and tips to help keep your kids safe on the road: 

Safe Driving Tips for Teens 

Put the phone away: Encourage every family member, including parents, to put their phones out of reach while driving. Setting this example will demonstrate the importance of focusing on the road and minimizing distractions. 
Lead by example: Parents are the most influential role models for young drivers. Turn off phone notifications, stow your phone away, and prioritize safe driving habits. Your actions speak louder than words, so make sure to set clear guidelines and follow them consistently.  
No selfies or videos: Everyone’s crazy for TikTok videos and Insta reels, which is why this point is so important. Discuss the risks of taking selfies or recording videos while driving. Encourage your teen to resist the urge to engage in any social posting or activities that may distract them from driving. This also applies to passengers who might distract the driver. 
Establish clear rules: Every family is unique, so establish clear rules that make sense for your family regarding device use and driving. Discuss expectations and consequences, such as losing phone or car privileges, if the rules are broken. 
Use tech to limit tech: Consider utilizing apps or devices that monitor your teen’s driving behavior. These tools can track speed, location, hard braking, and sudden acceleration. Using these tools together allows you to address concerns and areas for improvement. Most smartphones offer built-in Drive Safe modes, and there are also apps available that block incoming texts or track phone activity. Some parents have even opted for dash cams to for monitoring teen driving behavior. McAfee’s Parental Controls, McAfee+ Ultimate allows you view your kids’ device activity, locate them on a live map, and receive automated notifications when they enter or leave familiar places. Tracking can also help parents avoid calling while kids are driving.  
Be proactive: Engage your teen in conversations about real-life driving scenarios, such as dealing with aggressive or angry drivers, navigating dicey weather conditions, or handling peer pressure while in a vehicle. Help them understand the risks involved and some appropriate responses in different situations. 
Keep on talking: Communication is crucial. Regularly discuss safe driving habits with your teen and maintain an open line of communication about their driving experiences. By building trust, you can make a significant impact on their driving behavior. 
Speak up as a passenger: Teach your teen how to advocate for safe driving when they are passengers in other vehicles. Encourage them to ask friends (or any age of driver—even a parent) to put away their devices while driving. Helping them find their voice in these situations can save lives. 

Remember, developing good (or better) habits takes time, effort, consistency, and parental involvement in teen driving. Preventing distracted driving with positive behavior change won’t happen overnight. Repeat yourself when it comes to road safety without apologies. Giving your child rules and expectations demonstrates love. By making some of these shifts, hopefully, you will worry less, raise wiser drivers, and improve safety for everyone on the roads.   

The post Parent’s Guide: 8 Ways to Help Your Teen Combat Distracted Driving appeared first on McAfee Blog.

Read More

Graham Cluley Security News is sponsored this week by the folks at Uptycs. Thanks to the great team there for their support! Your developer’s laptop is just a hop away from cloud infrastructure. Attackers don’t think in silos, so why would you have siloed solutions protecting public cloud, private cloud, containers, laptops, and servers? Uptycs … Continue reading “Ensure the security and reliability of your applications at every stage, from development to production, with Uptycs”

Read More

The Bank of England’s Prudential Regulation Authority is at the center of the UK’s push to improve operational resilience

Read More

A way to manage too much data

To protect the business, security teams need to be able to detect and respond to threats fast. The problem is the average organization generates massive amounts of data every day. Information floods into the Security Operations Center (SOC) from network tools, security tools, cloud services, threat intelligence feeds, and other sources. Reviewing and analyzing all this data in a reasonable amount of time has become a task that is well beyond the scope of human efforts.

AI-powered tools are changing the way security teams operate. Machine learning (which is a subset of artificial intelligence, or “AI”)—and in particular, machine learning-powered predictive analytics—are enhancing threat detection and response in the SOC by providing an automated way to quickly analyze and prioritize alerts.

Machine learning in threat detection

So, what is machine learning (ML)? In simple terms, it is a machine’s ability to automate a learning process so it can perform tasks or solve problems without specifically being told do so. Or, as AI pioneer Arthur Samuel put it, “. . . to learn without explicitly being programmed.”

ML algorithms are fed large amounts of data that they parse and learn from so they can make informed predictions on outcomes in new data. Their predictions improve with “training”–the more data an ML algorithm is fed, the more it learns, and thus the more accurate its baseline models become.

While ML is used for various real-world purposes, one of its primary use cases in threat detection is to automate identification of anomalous behavior. The ML model categories most commonly used for these detections are:

Supervised models learn by example, applying knowledge gained from existing labeled datasets and desired outcomes to new data. For example, a supervised ML model can learn to recognize malware. It does this by analyzing data associated with known malware traffic to learn how it deviates from what is considered normal. It can then apply this knowledge to recognize the same patterns in new data.

Unsupervised models do not rely on labels but instead identify structure, relationships, and patterns in unlabeled datasets. They then use this knowledge to detect abnormalities or changes in behavior. For example: an unsupervised ML model can observe traffic on a network over a period of time, continuously learning (based on patterns in the data) what is “normal” behavior, and then investigating deviations, i.e., anomalous behavior.

Large language models (LLMs), such as ChatGPT, are a type of generative AI that use unsupervised learning. They train by ingesting massive amounts of unlabeled text data. Not only can LLMs analyze syntax to find connections and patterns between words, but they can also analyze semantics. This means they can understand context and interpret meaning in existing data in order to create new content.

Finally, reinforcement models, which more closely mimic human learning, are not given labeled inputs or outputs but instead learn and perfect strategies through trial and error. With ML, as with any data analysis tools, the accuracy of the output depends critically on the quality and breadth of the data set that is used as an input.

A valuable tool for the SOC

The SOC needs to be resilient in the face of an ever-changing threat landscape. Analysts have to be able to quickly understand which alerts to prioritize and which to ignore. Machine learning helps optimize security operations by making threat detection and response faster and more accurate.

ML-powered tools automate and improve the analysis of large amounts of event and incident data from multiple different sources in near real time. They identify patterns and anomalies in the data and then prioritize alerts for suspected threats or critical vulnerabilities that need patching. Analysts use this real-time intelligence to enhance their own insights and understand where they can scale their responses, or where there are time-sensitive detections they need to investigate.

Traditional threat detection methods, such as signature-based tools that alert on known bad traffic can be augmented with ML. By combining predictive analytics that alert based on behavioral anomalies with existing knowledge about bad traffic, ML helps to reduce false positives.

ML also helps make security operations more efficient by automating workflows for more routine security operations response. This frees the analyst from repetitive, manual, and time-consuming tasks and gives them time to focus on strategic initiatives.

New capabilities enhance threat intelligence in USM Anywhere

The USM Anywhere platform has long utilized both supervised and unsupervised machine learning models from AT&T Alien Labs and the AT&T Alien Labs Open Threat Exchange (OTX) for most of its curated threat intelligence. The Open Threat Exchange is among the largest threat intelligence sharing platforms in the world. Its more than 200,000 members contribute new intelligence to the platform on a daily basis.

Alien Labs uses ML models in several ways, including to automate  the extraction of indicators of compromise (IOCs) from user threat intelligence submissions in the OTX and then enrich these IOCs with context, such as associated threat actors, threat campaigns, regions and industries being targeted, adversary infrastructure, and related malware.

The behind-the-scenes capabilities in USM Anywhere have been reinforced by new, high-value machine learning models to help security teams find today’s most prevalent threats.

These new models help the platform generate higher-confidence alerts with less false positives and provide advanced behavioral detections to facilitate more predictive identification of both insider and external threats. Its supervised models can identify and classify malware into clusters and families to predict behaviors. They can also detect obfuscated PowerShell commands, domain generation algorithms, and new command-and-control infrastructure.

Since the platform has an extensible architecture, new models can be introduced as the threat landscape dictates, and existing models can be continuously refined.

For more on how machine learning is transforming today’s SOC and to learn how the USM Anywhere platform’s own analytics capabilities have evolved, tune in to our webinar on June 28.

Register now!

Read More

Shortlisted as one of the UK’s Most Innovative Cyber SMEs in 2023, the startup presented its vision of PTaaS during Infosecurity Europe

Read More

APIs have become fundamental to everyone’s digital life, yet API security continues to be overlooked, Contxt’s CEO Mayur Upadhyaya said during Infosecurity Europe

Read More

You may have heard recently in the news that several organizations, including banks, federal agencies, and corporate entities, have suffered data breaches due to a series of ransomware attacks initiated by the Clop hacker group (aka CLOP, CL0p). The group leveraged vulnerabilities (CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708) in MOVEit software, to obtain unauthorized access to sensitive data. The vulnerabilities themselves were exploited via a structured query language (SQL) injection attack, which allowed attackers access to databases hosted by the MOVEit application.  

SQL injection is a technique by which attackers exploit vulnerabilities that allows the injection of malicious code into an application to view or modify a database (in this case  MOVEit) 

Ransomware is a certain class of malware that tries to extort money as a ransom payment. The typical tactics for such malware are: 

Encrypt files on a machine and demand payment for file decryption.
Siphon important business, confidential or sensitive data, and then demand a payment to prevent public disclosure of such data. 

While there were no reports of file encryption in this wave, the malicious actors stole files from the impacted companies and are now extorting them by demanding payment to prevent the hackers from releasing the files to the public. It should be noted that this is not the first time Clop has used these tactics. 

How did this attack occur and how does this impact you? 

The U.S. Department of Homeland Security’s  Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) first warned of this attack via a press release on June 7, 2023. The attackers exploited a zero-day threat in MOVEIt software.  Internet-facing MOVEit transfer web applications were compromised through the vulnerabilities listed above and infected with malware that then subsequently stole data from underlying MOVEit databases. The result was that any file that was transferred using MOVEit could also have been stolen by malicious actors. Once the data was siphoned, the attackers contacted the organizations to inform them that they were victims of an attack and that the files would be published publicly if a ransom wasn’t paid on time.  

The impact of this is that potentially sensitive files that may have contained intellectual property or personally identifiable customer data could be made available on the Internet. This, of course, would have severe ramifications for not only the impacted organizations, but also for customers or users who had provided information to them.  

What can you do? 

If you operate a business that utilizes the MOVEit software, it is imperative that you follow guidance provided by Progress Software and CISA. 

It’s unlikely that individual consumers will be directly impacted by the CLOP malware. However, there is a possibility that you may have been indirectly impacted if an organization you have previously subscribed to or provided information to is a victim. This FAQ and blog by McAfee contains great details on what steps you should follow if your data is part of a data breach.  

Such breaches can also have a ripple effect where malicious actors who weren’t directly involved with the ransomware attack may take advantage of the event, to target potential victims with scams. Be cautious of emails or other correspondence claiming to be from a company that has been impacted by this Ransomware attack. Double-check the email address and verify any links that are present in the emails. Read more about how to recognize and protect yourself from phishing.  

The post CLOP Ransomware exploits MOVEit software appeared first on McAfee Blog.

Read More

Russia didn’t just attack Ukraine on the ground when it invaded that country on February 24, 2022, it also raided Ukraine’s data connections in space. On that date, “a multifaceted and deliberate cyber-attack against Viasat’s KA-SAT network resulted in a partial interruption of KA-SAT’s consumer-oriented satellite broadband service,” Viasat reported on March 30, 2022.

According to the satellite services provider, “the cyber-attack did impact several thousand customers located in Ukraine and tens of thousands of other fixed broadband customers across Europe.” They included the remote monitoring and control of 5,800 wind turbines owned by Germany’s Enercon, with a total capacity of 11 gigawatts.

To read this article in full, please click here

Read More