People who use devices like smart cameras and Wi-Fi-enabled baby monitors should strongly consider taking the following steps to protect their devices:

1. Update your devices. Manufacturers often advise consumers to update their software to the latest version and enable further security features. Updating your devices regularly increases the chances that you’ll receive security improvements soon after they become available.  

2. Do not connect to your smart cameras, baby monitors, and other devices through public Wi-Fi. Accessing these devices via a smartphone app from an unprotected network can compromise the security of your devices. Use a VPN or a secure cellular data connection instead. 

3. Use strong, unique passwords. Every device of yours should have one, along with a unique username to go along with it. In some cases, connected devices ship with default usernames and passwords, making them that much easier to hack. 

Further protect your connected cameras, baby monitors, and other devices 

With those immediate steps in place, this security advisory offers you a chance to take a fresh look at your network and device security overall. With these straightforward steps in place, you’ll be  more protected against such events in the future—not to mention more secure in general.  

1. Use two-factor authentication 

Our banks, many of the online shopping sites we use, and numerous other accounts use two-factor authentication to help validate that we’re who we say we are when logging in. In short, a username and password combo is an example of one-factor authentication. The second factor in the mix is something you, and only you, own or control, like your mobile phone. Thus, when you log in and get a prompt to enter a security code that’s sent to your mobile phone, you’re taking advantage of two-factor authentication. If your IoT device supports two-factor authentication as part of the login procedure, put it to use and get that extra layer of security. 

2. Secure your internet router 

Your router acts as the internet’s gateway into your home. From there, it works as a hub that connects all your devices—computers, tablets, and phones, along with your IoT devices as well. That means it’s vital to keep your router secure. A quick word about routers: you typically access them via a browser window and a specific address that’s usually printed somewhere on your router. Whether you’re renting your router through your internet provider or have purchased one, the internet provider’s “how to” guide or router documentation can step you through this process. 

The first thing to do is change the default password of your router if you haven’t done so already. Again, use a strong method of password creation. Also, change the name of your router. When you choose a new one, go with name that doesn’t give away your address or identity. Something unique and even fun like “Pizza Lovers” or “The Internet Warehouse” are options that mask your identity and are memorable for you too. While you’re making that change, you can also check that your router is using an encryption method, like WPA2, which helps secure communications to and from your router. If you’re unsure what to do, reach out to your internet provider or router manufacturer. 

3. Set up a guest network specifically for your IoT devices 

Just as you can offer your human guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from IoT devices. This way, if an IoT device is compromised, a hacker will still have difficulty accessing your other devices, like computers and smartphones, along with the data and info that you have stored on them. You may also want to consider investing in an advanced internet router that has built-in protection and can secure and monitor any device that connects to your network. 

4. Update! 

We mentioned this above, yet it’s so important that it calls for a second mention: make sure you have the latest software updates for your IoT devices. That will make sure you’re getting the latest functionality from your device, and updates often contain security upgrades. If there’s a setting that lets you receive automatic updates, enable it so that you always have the latest. 

5. Protect your phone 

You’ve probably seen that you can control a lot of your connected things with your smartphone. We’re using them to set the temperature, turn our lights on and off, and even see who’s at the front door. With that, it seems like we can add the label “universal remote control” to our smartphones—so protecting our phones has become yet more important. Whether you’re an Android or iOS device user, get security software installed on your phone so you can protect all the things it accesses and controls—in addition to you and the phone as well. 

And protect your other things too 

Using a strong suite of security software like McAfee+ Advanced, can help defend your entire family from the latest threats and malware, make it safer to browse, and look out for your privacy too. 

The post How to Protect Your Smart Cameras and Wi-Fi Baby Monitors appeared first on McAfee Blog.

Read More

DIGIHEALS will call for proposals for technologies originally designed for national security

Read More

If you’re a LinkedIn user, log in now and strengthen your security. Reports indicate that LinkedIn accounts are under attack.

First brought to light by Cyberint, LinkedIn users have taken to social media with word that their accounts have been frozen or outright hacked. In some cases, users received ransom notes for the return of their hacked accounts.

It appears that LinkedIn is weathering a wave of brute-force attacks. This type of attack works much like it sounds—hackers try to force their way into accounts by guessing passwords. With powerful hacking apps, they can guess millions of passwords in seconds.

As a result, one of two things is happening:

LinkedIn users receive an official, legitimate email from LinkedIn alerting them that their account has been locked due to unusual activity. This measure likely kicked in because of a brute force attack or because the attack occurred on an account using two-factor authentication. In this case, the account wasn’t compromised. However, these users then must reactivate their accounts per instructions provided by LinkedIn.
Users try to log in and find that their password has been changed. Effectively, their account has been hacked. Reports show that some of these accounts get deleted. In other cases, the hacker changes the account’s email to an address using the “rambler.ru” domain, which makes the account unrecoverable by the user.

Given the scope, scale, and consistent use of the rambler.ru domain, this has all the signs of an organized attack. As of this writing, no group has claimed credit.

How quickly can someone hack my password with a brute force attack?

If any event underscores the need for strong, unique passwords, this is it.

Given today’s computing power, the password generators hackers use for brute force attacks can create millions of passwords in seconds. Weak passwords have no chance against them. It’s a simple matter of statistics.

Consider a password that uses eight numbers, uppercase and lowercase letters, and symbols. Sounds pretty strong, right? Unfortunately, a brute force attack might crack that password in as fast as one second.

Password Length

(Using numbers, uppercase and lowercase letters, and symbols)

Time to Crack the Password

8
One Second

12
Eight Months

16
16 Million Years

However, increase that password length to twelve numbers, uppercase and lowercase letters, and symbols—it’d that eight months to crack that password. Bump it up to 16, and it would take 16 million years. The longer it is, the more complex it is. And thus tougher to crack. It’s the difference between one second and 16 million years. And if a hacker’s brute force attack on one password takes too long, it’ll simply move onto the next one.

How to protect yourself from the LinkedIn attacks.

Log into your LinkedIn account now and verify that it’s indeed secure. Then, take the following steps:

Enable two-factor authentication. You’ll find this in your security settings. Using two-factor authentication makes hacking your account far, far more difficult than hacking it with password protection alone.
Set a new password. Make it strong and unique, using numbers, uppercase letters, lowercase letters, and symbols. As illustrated above, the longer the better—14 or even up to 16 characters.
Confirm your contact email. LinkedIn will alert users of unusual activity. Ensure that the contact information in your account profile uses an email address that you regularly check.

How to create your own strong, unique password. One that you can still remember.

Fourteen characters? Even up to 16 characters? How do you create that without just mashing on your keyboard? (Not recommended.) A layered password can do the work. It’s a way of creating a phrase and turning it into a strong, unique password that you can still remember.

Pick a phrase that is memorable for you: Don’t use easily discovered information, like your birthdate or pet’s name. Try something linked with an interest or hobby. If you’re an avid runner, you might choose a phrase like, “Running 26.2 Rocks!”
Replace letters with numbers and symbols: Remove the spaces. Then, you can put symbols and numbers in the place of some of the letters. Runn1ng26.2R0ck$!
Include a mix of letter cases: Finally, you want lower and uppercase letters that aren’t in a clear pattern. Algorithms know how to look for common patterns like camelCase or PascalCase. Runn1NG26.2R0cK$!

Now, you have a 17-character password that challenges hackers and that’s still something you can remember.

Or, have a password manager handle the strong, unique passwords for you.

Granted, creating strong, unique passwords for dozens and dozens of accounts can take a bit of time. (To put it mildly.) It can take yet more time if you manage them, such as if change them regularly (which can help protect you from data breaches and brute force attacks like this one at LinkedIn). Here, a password manager can help.

A password manager can create, memorize, and store strong, unique passwords. It’ll use the random numbers, letters, and characters we mentioned earlier. The passwords won’t be memorable, but the manager does the memorizing for you. You can also use it to update passwords regularly. In a time of data breaches, this offers you extra protection. Taken together, every account you have gets powerful password protection when you hand the job over to a password manager.

Log in now and secure your LinkedIn account.

This wave of attacks reminds us just how powerful, or weak, our passwords can be. A strong, unique password in conjunction with two-factor authentication stands as your best defense as LinkedIn weathers these attacks. Strengthen your security.

Strengthen your other accounts as well. Hackers target websites and platforms of all sizes, and not every attack makes the headlines. Strong security measures for each of your accounts will protect you best if you end up as a hacker’s target.

The post How to Safeguard Your LinkedIn Account and Strengthen Your Security appeared first on McAfee Blog.

Read More

NCC Group researchers observed 502 ransomware attacks in July 2023, with a large proportion made up of Clop’s continued exploitation of MOVEit

Read More