Have you ever lost your suitcase on vacation? You arrive at baggage claim, keeping your eyes peeled for your belongings. The carousel goes around and around dozens of times, but there’s no mistaking it: Your bag is gone. It could be anywhere!  

Now, you have to shop for new outfits and restock your toiletries. A logistical headache for sure.  

But have you ever lost your smartphone or your personally identifiable information (PII) on vacation? The stress and ramifications of either scenario puts the minor inconvenience of buying toothpaste into perspective. Not only is it an expensive piece of technology to replace, but the real cost comes from sensitive personal information stored on your phone that could land in a stranger’s hands.  

To travel-proof your PII and mobile devices, here are some key steps you should take before, during, and after your big international trip. 

Before Your Trip 

The surefire way to ensure your device isn’t stolen or lost while traveling internationally is to leave it at home. If that’s a viable option, do it! When traveling outside your home country, your phone plan might not even work abroad. Before you depart, think about how you might use your smartphone on vacation. To stay in contact with your traveling partners, consider outfitting your party with prepaid phones. These basic phones are usually inexpensive, and you can buy them at most airports and convenience stores when you arrive at your destination. 

If you do decide to bring your phone, here are a few quick device security measures you can put into place to protect your device and the sensitive information you have on it.  

Enable passcode entry or face ID. If your device does fall into the wrong hands, passcode-protecting your device is a great way to immediately deny someone access, thus keeping your PII private.

Clear your cache. Before you depart, clear your cache and browsing history on your phone. This way, you don’t have any of your usernames or passwords stored, and there are no hints on your device as to which bank you use or online shopping sites with which you have an account.  

Invest in device security accessories. You’re not going to win any fashion awards, but phone tethers are one way to keep your device attached to your body, making it very difficult for someone to steal it. 

Also before you depart, do some research on the local dress, polite customs, and a few useful phrases in the local language. It’s best to try to blend in as much as possible while traveling. Revise your packing list to carry as little as possible. Wrangling a pile of luggage could distract you from paying attention to your surroundings. 

During Travel 

Seeing world-famous landmarks with your own eyes is one of the best parts of traveling, though tourist hot spots are infamous for various pickpocketing schemes. Even when you’re dazzled by the sights, remain aware of your surroundings.  

Another way to protect the information on your device is to be careful when logging into public wi-fi networks and scanning QR codes while you’re traveling. Cybercriminals can lurk on the free networks provided by hotels, cafes, airports, public libraries, etc. They wait for someone to log on and make a purchase or check their bank balance and swoop in to digitally eavesdrop on their sessions. 

Luckily, there’s an easy way to surf public wi-fi networks safely: virtual private networks (VPN). When you enable a VPN on your device, it encrypts all the information running into and out of your device, making it nearly impossible for someone to track your online comings and goings. McAfee+ includes a VPN among its many other services. 

QR codes are a convenient way for museums, restaurants, and other establishments to direct customers to a website for more information instead of dealing with paper pamphlets and menus. When you scan a QR code, double check that it’s official and ok to scan. Cybercriminals may post legitimate-looking QR codes that direct to suspicious sites or download malware to your device. 

After Travel 

Once you’re home from your adventure, it’s best practice to do some digital housekeeping. For example, delete your vacation-specific apps, like the train services you used to check schedules or book tickets. The fewer apps you have, the fewer chances a cybercriminal has of stealing your personal or payment information. 

Then, for the next few weeks, keep an eye on your credit card statements and any suspicious activity regarding your credit or identity. While you’re monitoring your accounts, might as well change your passwords while you’re in there. McAfee+ offers identity monitoring, credit reports, and identity theft coverage to give you extra peace of mind. 

Bon Voyage! 

Don’t let the unease of pickpockets or hidden malware stop you from enjoying your trip! Really, it only takes a few moderations to your daily routine to help you keep your devices and identity safer. 

The post A Traveler’s Guide to International Cybersecurity appeared first on McAfee Blog.

Read More

Authored by: Neil Tyagi  

Scam artists know no bounds—and that also applies to stealing your cryptocurrency. Crypto scams are like any other financial scam, except the scammers are after your crypto assets rather than your cash. 

Crypto scammers use many tactics in other financial crimes, such as pump-and-dump scams that lure investors to purchase an asset with fake claims about its value or outright attempts to steal digital assets. 

This time scammers were trying to get an investor to send a digital asset as a form of payment for a fraudulent transaction. 

It starts with a Tweet used as bait to lure innocent cryptocurrency investors into purchasing a non-existent token, related to a reputed company, SpaceX. 

The theme used here by scammers is the sale of the official cryptocurrency of SpaceX. In the above image we can also see the reach of the tweet is high. (224.4K views) 

 Protection with McAfee+:  

McAfee+ provides all-in-one online protection for your identity, privacy, and security. With McAfee+, you’ll feel safer online because you’ll have the tools, guidance, and support to take the steps to be safer online. McAfee protects against these types of scam sites with Web Advisor protection that detects malicious websites. 

The link present in this tweet redirects to  space[-]launch[.]net, which is already marked as malicious by McAfee. 

A WHOIS search on the site reveals it is hosted on Cloudflare. Cloudflare has increasingly become the number one choice for scammers to host malicious websites and protect their assets. 

A WHOIS lookup on the domain reveals redacted personal information. No surprises there  

When we click on the link, it takes us to a login page and asks for SpaceX login credentials. This page was designed as a phishing page for people who have real SpaceX login credentials. 

 

For people who don’t have SpaceX credentials, they can use the signup link.  

 

After we log in, it redirects to a landing page where one can purchase the supposedly original cryptocurrency launched by SpaceX

 

As you can see, it impersonates as the official SpaceX portal for buying their token. It also has all the elements related to SpaceX and its branding. 

In the above picture, we can see that scammers are employing the social engineering trick of FOMO (Fear Of Missing Out) as they have created a timer showing that the fake tokens are only available for purchase for the next 10 hours. This also makes sure that the scam would end before all the online security vendors flag the site. 

Scammers also allow users to purchase fake tokens from about 22 cryptocurrencies, the prominent being Bitcoin, Ethereum, and USDT. 

 

Scammers even offer a bonus of fake SpaceX tokens if users are ready to purchase a minimum amount

Here we can find the BTC wallet address of the scammers and see the transactions related to these wallets. 

The crypto wallet addresses of scammers for the following currencies are.  

BTC bc1qhhec8pkhj2cxtk6u0dace8terq22hspxkr5pee 
USDT 398a9BF5fe5fc6CaBB4a8Be8B428138BC7356EC1 
ETH 16a243E3392Ffd9A872F3fD90dE79Fe7266452F9 

Looking at transactions related to these addresses, we find people have become victims of this scam by sending payments to these wallets. The Bitcoin wallet above has gathered around 2,780 US dollars. You can also see three of the last transactions made to the account. 

Similarly, for Ethereum, the scammers have gathered around 1,450 US dollars 

We observed two popular cryptocurrencies, but scammers are using about 22 different crypto wallets.  

Crypto phishing scams constantly evolve, and new tactics emerge regularly. Users should take the initiative to educate themselves about the latest phishing techniques and scams targeting the cryptocurrency community. Also, stay informed by researching and reading about recent phishing incidents and security best practices. 

IOC (Indicator of Compromise)  

Domain 
Crypto Type 
Wallet address 

space[-]launch[.]net 
BTC 
bc1qhhec8pkhj2cxtk6u0dace8terq22hspxkr5pee 

space[-]launch[.]net 
USDT 
398a9BF5fe5fc6CaBB4a8Be8B428138BC7356EC1 

space[-]launch[.]net 
ETH 
16a243E3392Ffd9A872F3fD90dE79Fe7266452F9 

space[-]launch[.]net 
XRP 
rnmj4xsaaEaGvFbrsg3wCR6Hp2ZvgjMizF 

space[-]launch[.]net 
DASH 
XxD3tJ7RA81mZffKFiycASMiDsUdqjLFD1 

space[-]launch[.]net 
BCH 
qr45csehwfm5uu9xu4mqpptsvde46t8ztqkzjlww68 

space[-]launch[.]net 
USDC 
0x398a9BF5fe5fc6CaBB4a8Be8B428138BC7356EC1 

 

 

 

The post Crypto Scam: SpaceX Tokens for Sale appeared first on McAfee Blog.

Read More

The data breach is suspected to be linked to the Clop MOVEit hack

Read More

The Guardian is reporting about microchips in wheels of Parmesan cheese as an anti-forgery measure.

Read More

Cybersecurity as a competitive advantage

The economy is on the minds of business leaders. C-suites recognize survival depends upon the ability to safeguard systems and information. They must redesign for resilience, mitigate risk, strategically deploy assets and investments, and assign accountability. Do more with Less is the ongoing mantra across industries in technology and cyberspace.

As senior leaders revisit their growth strategies, it’s an excellent time to assess where they are on the cyber-risk spectrum and how significant the complexity costs have become. Although these will vary across business units, industries, and geographies, now for cyber, there is a new delivery model with the pay-as-you-go and use what you need from a cyber talent pool availability with the tools and platform that enable simplification.

Enter the Cybersecurity as a Service consumption model

CSaaS, or Cybersecurity-as-a-service, is a subscription-based approach to cybersecurity that offers organizations cybersecurity protection on demand. It is a pay-as-you-go model with a third-party vendor, where services can vary and be tailored to the organization’s needs. These services can include threat monitoring, compliance with industry standards, employee training, and penetration testing, which simulates an attack on the network.

One of the main advantages of CSaaS is that it takes the burden off the business to maintain a cybersecurity team, which can be challenging to hire today. It also allows organizations to scale as their business grows without needing to keep recruiting and hiring cybersecurity professionals.

Not all CSaaS vendors are created equal

When choosing a CSaaS vendor, several factors must be considered to ensure that you select the right one for your business. These factors include:

Technical expertise and depth of services: Look for a vendor offering a comprehensive range of cybersecurity services beyond penetration testing.
The reputation of the CSaaS: Check if the vendor has experience in your industry and if they have customers like your business. Also, ensure that they are financially stable.
Size of the CSaaS: Make sure that the vendor can scale with your business needs as you grow.
Terms and conditions of the relationship: Read the small print to understand all the details in various scenarios. Understand their policies and procedures.
Cost and fee structure: Ensure that the vendor’s pricing model is transparent and that there are no hidden costs.
Tools and technology: Make sure the vendor’s technology is solid, and they use the latest tools to provide cybersecurity services.
Support: Check if the vendor can support your business 24×7, mainly if you operate in multiple time zones.
Regulatory compliance: Ensure the vendor can meet the regulatory compliance you need in your industry.
Considering these factors, you can choose a CSaaS vendor that meets your business needs and provides cybersecurity protection to keep your business safe from cyber threats.

Assess your unique cybersecurity needs

Different industries are at varying stages of maturity with digital transformation, and within each sector, some organizations have progressed much quicker than others. Therefore, it is vital to assess your organization’s specific cybersecurity requirements as it continues along the digital transformation path. That means it has never been more critical to work with a provider that suits your particular needs but can also cover a wide range of use cases.  

For more information on the Cybersecurity-as-a-Service, check out the latest eBook written by an analyst from Enterprise Strategy Group showcasing the importance behind these subscription-based solutions and how working with a security provider like AT&T to help organizations achieve their security objectives and enable to innovate faster.

Read More

Emails use social engineering to con victims

Read More

UK council identified attack on Monday

Read More