Cisco Talos announced that a decryption key for the Babuk Tortilla ransomware variant is available for victims to download

Read More

This is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN:

The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility service to force a fallback to PIN or password authentication.

The malware captures any PINs and passwords the victim enters to unlock their device and can later use them to unlock the device at will to perform malicious activities hidden from view.

Read More

Clients of a pregnancy care clinic in Ontario have had their personal information exposed to hackers.

I’m sure I don’t need to tell anyone who has made use of the services of a midwife, that a lot can happen in nine months…

Read more in my article on the Hot for Security blog.

Read More

Executive summary

In the current cyber landscape, adversaries commonly employ phishing as the leading technique to compromise enterprise security. The susceptibility of human behavior makes individuals the weakest link in the security chain. Consequently, there is an urgent need for robust cybersecurity measures. Phishing, which capitalizes on exploiting human behavior and vulnerabilities, remains the adversary’s top choice. To counter this threat effectively, ongoing education and awareness initiatives are essential. Organizations must recognize and address the pivotal role of human vulnerability in cybersecurity.

During regular business hours, an alarm was generated due to a customer’s user that had interacted with a potentially malicious phishing link. This prompted a thorough investigation conducted by analysts that involved leveraging multiple Open-Source Intelligence (OSINT) tools such as VirusTotal and URLscan.io. Through a meticulous examination, analysts were able to unveil suspicious scripts within the phishing webpage’s Document Object Model (DOM) that pinpointed an attempt to exfiltrate user credentials. This detailed analysis emphasizes the importance of proactive cybersecurity measures and showcases the effectiveness of analysts leveraging OSINT tools along with their expertise to accurately assess threats within customer’s environments.

Investigation

The alarm

The Managed Detection and Response (MDR) Security Operations Center (SOC) initially received an alarm triggered by a potentially malicious URL that a user received in their inbox. Office 365’s threat intelligence feed flagged this URL as potentially malicious. The initial steps in addressing this alarm involve two key actions.

First, it is crucial to determine the scope of impact on the customer’s environment by assessing how many other users received the same URL. Second, a thorough validation process is essential to confirm whether the URL is indeed malicious. These initial steps lay the foundation for a comprehensive response to safeguard the security of the environment.

To determine how many users received the same URL, a comprehensive search within the customer’s environment revealed that no other users received the same URL. As a result, only one user is affected, suggesting that this is an isolated incident and does not appear to be part of a targeted attack on the customer’s environment. With this understanding, the focus can now shift to the second step: Validating the reputation of the URL.

By employing the OSINT tool VirusTotal and inputting the URL received by the user, we aim to assess its potential threat level. VirusTotal aggregates results from various security vendors to provide a comprehensive analysis. In the current evaluation, 13 out of 90 security vendors classify this URL as malicious. It’s important to note that while the number of vendors flagging the URL is a key factor, a conclusive determination of malicious intent typically considers a consensus among a significant portion of these vendors. A higher number of detections by diverse security platforms strengthens the confidence in labeling the URL as malicious.

With a potentially malicious URL identified, it is imperative to delve deeper to ascertain the underlying reasons for its malicious reputation. Analysts will utilize a tool such as URLscan.io for this purpose. URLscan.io serves as a sandbox, providing a risk-free environment for visiting websites. This tool is instrumental in conducting a thorough examination to uncover the nuances contributing to the URL’s malicious classification.

After entering our identified malicious URL into URLscan.io, we can examine the webpage intended for our customer’s user. Upon visiting this URL, a PDF file is prepared for user download. However, a mere screenshot of the webpage is insufficient to provide a definitive reputation. To obtain more insight, we must delve deeper into the webpage by examining its DOM.

The DOM comprises the essential components of a webpage, encompassing HTML, CSS, and JavaScript that define the structure, presentation, and behavior of the page. URLscan.io facilitates a convenient examination of the DOM. In reviewing the DOM, particular attention is given to identifying any malicious scripts that may be present. The focus is often on searching for the HTML tags, which denote script elements within a webpage.

In the evaluation of the DOM associated with the potentially malicious URL, multiple tags are observed. Within these tags, it becomes apparent that upon the user’s interaction with the “download all” button, a prompt will request them to input their email and password.

This is the start of the script that defines the email and password variables.

Continuing through the script, more concerning code emerges. While the user is prompted to enter email and password information, it becomes apparent that the adversary has crafted code designed to falsely claim that the entered email and/or password is incorrect, even if it is not. This behavior aligns with typical phishing activities, where malicious actors attempt to induce users to enter their credentials multiple times. This tactic aims to exploit potential typos or errors in the entered information, ensuring that the adversary ultimately obtains the correct credentials from the victim.

After the user submits their credentials, the user’s email and password are transmitted to the website “hxxps://btmalta.cam/wefmail/email (1).php” via an AJAX POST request. In the context of web development, an AJAX (Asynchronous JavaScript and XML) POST is a technique that allows data to be sent to a server asynchronously without requiring a page refresh. Unfortunately, malicious actors exploit this functionality to surreptitiously transmit sensitive user information, as observed in this instance.

Conducting OSINT on the aforementioned site (“hxxps://btmalta.cam/wefmail/email (1).php”) reveals a malicious reputation, notably marked by its relatively recent creation, being only 80 days old from the registry date. The registration age of a domain is a useful factor in assessing its credibility. In this case, the combination of a newly registered domain and indications of malicious activity raises significant concerns. It strongly suggests that the adversary is likely utilizing this domain to collect the user-entered email and password deliberately.

Considering the aforementioned details, it becomes more evident that this is a credible phishing attempt targeting one of our customers’ users. The method of data transmission, the malicious reputation of the domain, and its recent registration collectively underscore the severity of the situation.

Customer interaction

After the findings were observed, an investigation was created for the customer to review. If the customer’s affected user entered any credential information, this means the user account should be considered compromised. Since this affected a user within the customers Office365 environment, it was recommended for the customer follow the guidelines set by Microsoft in an event of an email account compromise: Responding to a compromised email account

How to combat against phishing attempts

In the ongoing battle against phishing attempts, implementing effective strategies is paramount to fortifying cybersecurity defenses. Listed below are some of the many key practices and countermeasures to safeguard your organization from falling victim to malicious phishing activities.

Ensure that users go through regular security training to learn about the dangers of potential phishing attempts.
Employ processes that allow users to report potential phishing emails that they receive.
Ensure users are properly utilizing Multi-Factor Authentication (MFA)
Ensure strong password policies are in place to prevent any weak or insecure passwords from being used.
To check to see if your password or email has ever been involved in a data breach you can use the free tool https://haveibeenpwned.com/ to check.

Read More

A Nigerian national has been sentenced to a decade behind bars for his role in romance and BEC scam

Read More

Mortgage lender LoanDepot has revealed a ransomware breach resulting in stolen and encrypted data

Read More

New year, new tech. That’s what hits the floor at the CES show each January in Las Vegas. Whether it’s striking, strange, or just pretty cool, plenty of this year’s tech is connected — and that means it needs to get protected.  

Already we’ve seen a personal health scanner that works like a tricorder from Star Trek, smart belts that help people with limited vision get around safely, and smart locks that open your door with the palm of your hand. 

Coursing through all these connected devices are data and info — data and info about you. Your family. Your home. Your comings and goings. The kind of data and info that all kinds of people want to get their hands on. 

That’s where protection comes in. 

Any device connected to the internet must be protected. Even if it’s something as innocuous as a smart wall outlet. The reason is, your home network is only as strong as its weakest security link. And many smart devices don’t come with the best security out of the box. Hackers know this. By compromising a device like a smart wall outlet, a hacker can gain access to the rest of the network and the devices and data on it. 

But how do you protect a smart wall outlet, along with that smart coffeemaker, door lock, and refrigerator? We’ll run it down for you, plus advice for keeping the latest in medical, fitness, and mobile devices safe as well. 

How to protect your new tech

Broadly speaking, you can protect most of your tech with a handful of steps. Whether it’s a new Wi-Fi router, smartwatch, or even a connected fridge, they can all benefit from the following basics.  

Use strong, unique passwords. 

When it’s time to set up a new account or device, go with a strong, unique password. Strong means a mix of at least 12 characters, if not more. That includes a mix of numbers, symbols, and both letter cases, upper and lower. Unique means you don’t repeat it across accounts. That way, if one password gets compromised, the rest will remain secure.  

Why strong and unique? Given today’s computing power, a hacker’s password generator can create millions of passwords in seconds. Weak passwords have no chance against them. It’s a simple matter of statistics. 

Consider a password that uses eight numbers, uppercase and lowercase letters, and symbols. Sounds pretty strong, right? Unfortunately, a brute-force attack might crack that password in as fast as one second. One second …  

Password Length 

(Using numbers, uppercase 

and lowercase letters, and symbols) 

Time to Crack 

8 
One Second 

12 
Eight Months 

16 
16 Million Years 

 

However, increase that password length to twelve numbers, uppercase and lowercase letters, and symbols — it’d that eight months to crack that password. Bump it up to 16, and it would take 16 million years. The longer it is, the more complex it is. And thus tougher to crack. It’s the difference between one second and 16 million years. And if a hacker’s brute-force attack on one password takes too long, it’ll simply move onto the next one. 

A password manager can help create strong, unique passwords for you. Also found in comprehensive online protection software, a password manager can create and securely store strong and unique passwords for your mom and dad, giving them one less thing they need to remember and worry about. 

Use multi-factor authentication

Online banks, shops, and other services commonly offer multi-factor authentication to help protect your accounts — with the typical combination of your username, password, and a security code sent to another device you own (often a mobile phone).  

If your device or account supports multi-factor authentication, consider using it there too. It throws a big barrier in the way of hackers who try and force their way into your device with a password/username combination.  

Keep everything updated

Update your apps and devices regularly. In addition to fixing the odd bug or adding the occasional new feature, app and device updates often address security gaps. Out-of-date apps and devices might have flaws that hackers can exploit, so regular updating is a must from a security standpoint. If you can set your apps and devices to receive automatic updates, even better. 

Keep in mind that this very much applies to smart home devices as well. 

Secure your internet router

Another device that needs good password protection is your internet router. Make sure you use a strong and unique password there as well to help prevent hackers from breaking into your home network.  

Also consider changing the name of your home network so that it doesn’t personally identify you. Fun alternatives to using your name or address include everything from movie lines like “May the Wi-Fi be with you” to old sitcom references like “Central Perk.” Also check that your router is using an encryption method, like WPA2 or the newer WPA3, which will keep your signal secure.  

Protect (your) everything 

Comprehensive online protection software can secure your phones, tablets, and computers. Moreover, it can protect your privacy, identity, and spot scam texts, messages, and links — just to name a few of the many things it can do.  

Moreover, these devices often connect to other devices on your home network. In a way, they act as a remote control for smart home devices like thermostats, alarms, and door locks. Protecting phones, tablets, and computers thus protect those other devices by extension. 

How to protect your smart home devices 

The smarts behind a smart home come from you. At least when it comes to keeping it more private and secure. The thing with smart home devices is this, they’re connected. And anything that gets connected gets protected. That can look a little different for these devices than it does for your computers and phones, yet there are steps you can take. 

Reset the factory password

Many smart home and internet of things (IOT) devices come with preset usernames and passwords from the factory. So much so, that you can easily find lists of stock usernames and passwords for these devices posted online where hackers can get a hold of them. 

In the past, we’ve seen all kinds of attacks occur when these credentials don’t get changed. Among them are stories of hacked baby monitors where attackers take control of the camera and speakers. So just as you do for your other devices and accounts, create a fresh username and pair it with a strong, unique password as outlined above. 

Upgrade to a newer internet router 

Likewise, older routers might have outdated security measures, which might make them more prone to attacks. If you’re renting yours from your internet provider, contact them for an upgrade. If you’re using your own, visit a reputable news or review site such as Consumer Reports for a list of the best routers that combine speed, capacity, and security. 

Set up a guest network specifically for your IoT devices 

Just as you can offer your guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from IoT devices. This way, if an IoT device is compromised, a hacker will still have difficulty accessing your other devices on your primary network, the one where you connect your computers and smartphones.  

One more note — research the manufacturer 

One of the strongest security measures you can take is research. Before purchasing, look up the manufacturer. Have they had security issues with their devices in the past? Are their devices well-reviewed? How about their privacy policy? What are they doing with your data?  

It can get a little tricky tracking down that kind of info, yet you have a couple of great places to start. One is Consumer Reports and their thorough reviews of devices and tech. Another resource is Mozilla Foundation’s “Privacy Not Included” site, which reviews connected products like smart home and IoT devices for safety and security. 

How to protect your telemedicine visits 

For a quick check-in, a prescription consultation, or just a conversation with a healthcare pro, telemedicine has firmly established itself as a viable option for many types of care. Of course, the info discussed and shared in such a visit can be sensitive.   

Use a VPN 

A VPN, or virtual private network, offers a strong layer of additional protection when you’re transmitting health data or having a private conversation about your health with a professional. A VPN creates an encrypted tunnel to keep you and your activity anonymous. In effect, your data is scrambled and hidden to anyone outside your VPN tunnel, thus making your private info difficult to collect. Check with the care provider to see if their telemedicine solution uses a VPN. If not, you can always get a VPN as part of your online protection software. 

Check in with your provider 

If you’re considering a virtual doctor visit, now’s a great chance to check in with your care provider before your appointment. This way, you can get comfortable with what your visit will look like, find out what special apps (if any) are used, and how your care provider will protect your privacy. Also, you can decide which device you’ll use and where you’ll use it so that you feel at ease during your virtual visit. 

A reputable care provider will likely put all this pre-appointment info together for you on their website or “frequently asked questions” (FAQ) page, which will include helpful links and numbers to call if you need help or have questions. For an example of what that might look like, check out the telemedicine page that Virginia Mason/Franciscan Health designed for its patients. 

Pick a private place 

We’ve talked plenty about digital security, yet there’s the old-fashioned issue of physical eavesdropping to think about too. When it’s time for your actual appointment, pick a place in your home where you can ensure yourself some privacy. (Of course, don’t go online for your virtual appointment in a public place.) Look for a space where you can’t be overheard by neighbors and passers-by — preferably someplace like your bedroom where you can be comfortable as well.  

How to protect your fitness and wearable devices

By design, many wearables are big on data collection. Coursing through them are all kinds of data, about your vital signs, sleep patterns, not to mention your whereabouts — like when and where you like to run on your hill training days. Keeping these devices secure means keeping some of your most personal info secure as well. 

As always, research the manufacturer 

Very similar to what we mentioned about smart home and IoT devices, check the manufacturer’s track record. Read reviews. Hit up trusted sources. In all, find out how private and secure your device is. The same resources listed above can help you make an informed purchase. 

When it comes to privacy, not all privacy policies are equal. The same goes for their privacy policies. Reading the privacy policy will tell you what kind of data the device collects. Further, it will show if and how it’s shared with the manufacturer and if they sell or share it with others. Likewise, you can factor what you find into your purchasing decision. 

Adjust the privacy settings 

This will vary from device to device as well, yet one more way you can lock down your privacy is in the device settings. Look for options around location tracking, social media sharing, and what types of data are shared online in addition to the device. Overall, consider what kind of fitness data it gathers and where it goes. If you’re not comfortable with that data ending up in the hands of a stranger, make it private. 

When upgrading to a new device, wipe your old one. 

Along the same lines, that old wearable of yours might be chock full of data. Before passing it along, selling it, or recycling it, wipe it. Remove all the old data by restoring it to factory settings (your manufacturer can show you how).  

Also, delete any old online account associated with it if you have no more use for it. See to it that any data with that account gets deleted as well, which leaves you with one less account that could wind up the target of a data breach. A service like our own McAfee Online Account Cleanup can help, which you can find in our McAfee+ plans. 

How to protect your mobile devices 

Certainly, if there’s one device that works like the remote control for our lives, it’s our smartphone. Smartphones and mobile devices like them need protection too — in their own right, and because they connect to so much more. 

Avoid third-party app stores 

Google Play and Apple’s App Store have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites might very well not, and they might intentionally host malicious apps as part of a front. Further, Google and Apple are quick to remove malicious apps from their stores when discovered, making shopping there safer still.  

Review apps carefully

Check out the developer — have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps might have only a handful of (phony) five-star reviews. Lastly, look for typos and poor grammar in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it.  

Yet better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or from app store editors themselves. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download.  

Keep an eye on app permissions

Another way hackers weasel their way into your device is by getting permissions to access things like your location, contacts, and photos — and they’ll use malicious apps to do it. If an app asks for way more than you bargained for, like a simple puzzle game that asks for access to your camera or microphone, it might be a scam. Delete the app.  

Lock your phone — and keep an eye on it too

Some bad actors will try to install spyware on phones themselves. However, this requires access, time, and effort to pull off. Locking your phone and always keeping it close can help prevent bad actors from infecting your phone this way. 

Another step you can take is to familiarize yourself with the remote locking and wiping features of your mobile device. Many manufacturers offer this feature on mobile devices. Strongly consider using it in the event of loss or theft. 

 

 

The post New Year, New Tech at CES — The Latest Protection for the Latest Tech appeared first on McAfee Blog.

Read More

We’ve seen how AI can create — and how it can transform our lives. What gets talked about less is how AI protects us too. 

Certainly, it’s tough to miss how generative AI has turned sci-fi dreams of the past into today’s reality. From AI apps that help ease loneliness thanks to their human-like conversations, to technology that can predict and manage health risks, to browsers that whip up pieces of art with a prompt, it’s changing the way we go about our day and the way we live our lives.  

However, we find ourselves only in generative AI’s earliest days. Countless more applications await over the near and distant horizon alike. 

Yet that’s the important thing to remember with AI. It’s an application. A tool. And like any other tool, it’s neutral. Whether it helps or harms comes down to the person using it.  

Thus, on the flip side of AI, we’ve seen all manner of shady and damaging applications. Hackers use AI to code new forms of malware at record rates. Scammers spin up convincing-looking phishing attacks and sites that harvest personal info, also at record rates. And we’ve further seen bad actors use so-called “deepfake” technologies to clone the voices and likenesses of public figures, whether for profit or to spread disinformation. 

So, amid the excitement about AI, there runs a thread of uncertainty. Recently, we found that 52% of Americans are more concerned than excited about AI in daily life. Only 10% of people said they’re more excited than concerned. Meanwhile, 36% feel a mix of excitement and concern. 

Uncertainty prevails, for sure. Yet something often gets overlooked in the conversation about AI: it can offer powerful protections against all manner of threats. Moreover, AI offers particularly potent protections against AI threats.  

In this way, AI is your ally. At McAfee, we’ve used it to protect you for nearly a decade now. In fact, AI applications have been around for some time, long before they made headlines like they do now. And we continue to evolve AI technologies to help keep you safe. In the age of AI, McAfee is your ally. Our aim is to give you certainty and safety in rapidly changing times. 

Know what’s real and what’s safe with McAfee’s AI. 

Ultimately, here’s what’s at stake today: people want to know what they can trust, and AI has made that tricky. What’s real? What’s fake? It’s getting tougher and tougher to tell. 

The future of AI and online safety lies in pairing progress with protection. Here at McAfee, we see this as our role. We’re evolving AI in ways that give people the power to protect their privacy, identity, and devices even better than before. Now, that protection extends yet further. It also gives them the power to know what they can trust whenever they go online.  

The time couldn’t be more right for that. Uncertainty about AI prevails. In all, more than half of Americans we talked to said they’re concerned that the arrival of AI has made online scams more accurate and believable.  

Our threat detection figures put their concerns into focus:  

We thwart 1.5 million in-field AI detections of threats (malicious sites and files) every week. That’s 8,928 malicious every hour and 149 every minute. 
Our AI model has already identified and categorized half a billion malicious sites, a number that grows with each day. 
McAfee Labs detects and protects against more than a million phishing attempts every day, including more sophisticated and believable variants generated with AI tools. 

With that, we ask ourselves, what can AI do for you? How can it keep you safe? Three principles provide the answer:  

AI should build trust — You can safely navigate places known and unknown in peace and with confidence. 
AI should uncover the truth — You know who and what’s real and what’s safe out there — like having your own personal lie detector in your back pocket.  
AI should make things clear — You understand and have control over the data and info you give up in exchange for access to conveniences and services like social media. 

These principles drive our thinking in significant ways as we pair progress with protection in the age of AI. They stand as our commitment to keeping you safe and certain online, through our existing technologies and entirely new technologies alike. 

McAfee’s AI protections are already keeping you safe. 

As we’ve used AI as a core component of our protection for years now, it’s done plenty for you over that time. Our AI has sniffed out viruses, malicious websites, and sketchy content online. It’s helped steer you clear of malicious websites too.  

So, the AI you have in your McAfee antivirus, it works like this: 

It detects threats by referencing models of existing threats. This combats pre-existing threats and entirely new (zero-day) threats alike. Our AI can spot varieties of different threats by comparing them to features it’s seen before. For example, it’s like AI learning to identify different varieties of fruit. An apple is still an apple whether it’s a Fuji or Granny Smith. In that way, a virus is still a virus if it’s “Virus A” or the newly discovered “Virus Z.”  
It further detects suspicious events and behaviors. AI provides a particularly powerful tool against zero-day threats. It analyzes the activities of applications for patterns consistent with malicious behavior. With that, it can spot and prevent a previously unknown file or process from doing harm. In its way, AI says, “I’ve seen this sketchy behavior before. I’m going to flag it.” 
It automatically classifies threats and adds them to its body of knowledge. AI-driven threat protection gets stronger over time. Because it learns. Something we call “threat intelligence.” The more threats it encounters, the more rapidly and readily it can determine if files want to do you no good. The body of threat intelligence improves immensely as a result. 

 Now we’ve made improvements to our AI-driven protection — and unveiled all-new features that take full advantage of AI, such as McAfee Next-gen Threat Protection and McAfee Scam Protection. 

McAfee Next-gen Threat Protection — AI keeps you safer from new and existing threats.  

McAfee’s AI-powered security just got faster and stronger. Our Next-gen Threat Protection takes up less disk space, reduces its background processes by 75%, and scans 3x faster than before. This makes your time online safer without slowing down your browsing, shopping, streaming, and gaming.  

Results from AV-TEST’s product review in October 2023 saw it block 100% of entirely new malware attacks in real-world testing. It likewise scored 100% against malware discovered in the previous four weeks. In all, it received the highest marks for protection, performance, and usability — earning it the AV-TEST Top Product certification. 

Moreover, AI continually gets smarter because every evaluation provides more data for it to learn and improve its accuracy. McAfee conducts over 4 billion threat scans a day, and that number is quickly growing. We continue to innovate with leading-edge AI technology to provide the most advanced and powerful protection available. 

McAfee Scam Protection — AI lets you know if it’s legit or if it’s a scam.  

The AI-powered scam protection in McAfee+ is like having that lie detector test we mentioned earlier. Advanced AI-powered technology helps prevent you from opening scam texts and blocks risky sites if you accidentally click on a scam link in texts, QR codes, emails, social media posts, and more. This AI-driven scam protection delivers real-time mobile alerts when a scam text is detected and is the only app on the market that sends alerts on both iOS and Android. 

McAfee is your ally in the age of AI. 

Advances in threat protection and scam protection mark just the start of where we’re taking our long-standing use of AI next. Sure, AI has made life easier for hackers and scammers. In some ways. In yet more important ways, it’s making their lives far more difficult. Downright tough in fact, particularly as we use it here at McAfee to detect their scam messages and texts, beat their AI-generated malware, and warn you of their malicious websites. And that’s just for starters. We have more to come. 

You can expect to see other fraud-busting and info-validating uses of AI across our online protection software in the months to come. That’s what’s in store as we stand as you ally in the age of AI. 

The post Staying Safe in the Age of AI appeared first on McAfee Blog.

Read More