Read Time:3 Second
Vintage cyber-attack tactic revived to phish Microsoft 365 users
PRC Firm Allegedly Stole Motorola’s Secrets
Read Time:4 Second
Hytera Communications Corp accused of hiring Motorola employees to steal DMR technology
Amy Zegart on Spycraft in the Internet Age
Read Time:1 Minute, 11 Second
Amy Zegart has a new book: Spies, Lies, and Algorithms: The History and Future of American Intelligence. Wired has an excerpt:
In short, data volume and accessibility are revolutionizing sensemaking. The intelligence playing field is leveling — and not in a good way. Intelligence collectors are everywhere, and government spy agencies are drowning in data. This is a radical new world and intelligence agencies are struggling to adapt to it. While secrets once conferred a huge advantage, today open source information increasingly does. Intelligence used to be a race for insight where great powers were the only ones with the capabilities to access secrets. Now everyone is racing for insight and the internet gives them tools to do it. Secrets still matter, but whoever can harness all this data better and faster will win.
The third challenge posed by emerging technologies strikes at the heart of espionage: secrecy. Until now, American spy agencies didn’t have to interact much with outsiders, and they didn’t want to. The intelligence mission meant gathering secrets so we knew more about adversaries than they knew about us, and keeping how we gathered secrets a secret too.
[…]
In the digital age, however, secrecy is bringing greater risk because emerging technologies are blurring nearly all the old boundaries of geopolitics. Increasingly, national security requires intelligence agencies to engage the outside world, not stand apart from it.
I have not yet read the book.
Google Cloud adds agentless threat detection to virtual machine workloads
Read Time:35 Second
As more enterprise computing workloads are moving to the cloud, so are the attackers. Virtual servers have been targeted by cryptomining and ransomware groups over the past few years, and they typically don’t benefit from the same levels of protection as endpoints. Google has set to change that with VM-based threat detection for its cloud computing platform.
When it comes to cloud computing, efficiency and flexibility are very important. Servers are scaled based on the workloads they are expected to run. Any additional security scanning and monitoring that requires a software agent running inside the virtual machines would add overhead and consume CPU cycles and memory.
Critical Patches Issued for Microsoft Products, February 08, 2022
Read Time:24 Second
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
How We Can All Work Together For a Better Internet
Read Time:6 Minute, 28 Second
Let’s face it – we would not be the same people we are today if it wasn’t for the internet. The internet has opened our eyes to so much information that we are privileged to have right at our fingertips. However, it’s important to remember that with so many individuals with access to the web, it can quickly become a place where rumors are spread, cyberattacks are cast, and misinformation arises. At McAfee, we are committed to protecting both you and your family. Together, through education and online protection, we can work together to experience a better internet for everyone. On this Safer Internet Day, here are our top 5 recommendations:
For Parents
With a connected family, it’s important to pay attention to what your family members are connected to (IoT devices in the home, smartphones, tablets, etc.) and how they interact online. Maybe your son is an avid gamer, or your teenager is a social media mogul who enjoys tweeting and scrolling through TikTok. As a parent, you play a crucial role in setting an example for your children and loved ones. So, it’s important to teach them how to use the internet responsibly. Here are some tips for helping your family stay safe online:
Set up parental controls, if necessary. While your child’s device plays a key role in connecting them to the outside world, that same device can also expose them to cyberbullying, predators, risky behavior, and self-image struggles. If your child has started to ignore their homework and other family responsibilities, they are oversharing online, or they won’t give you their device without a fight, it may be time to consider setting up parental controls.
Make sure your child has a healthy relationship with social media. Any activity in excess can cause harm – social media included. If your child’s screen time is climbing due to excessive social media scrolling, help them to establish new habits like setting a device curfew and educating them on the effects of too much screen time.
Teach your family about best practices for securing their online accounts. Using strong passwords and multi-factor authentication can make your family’s internet experience better, providing protection against common online threats.
For College Students
In a time when students are reliant on connectivity to be successful in their education, it’s important that they connect to the internet safely. Ensuring a safe connection can prevent any security hiccups from standing in the way of you and your degree. If you are a college student, follow these tips to help you stay safe in a hybrid or distance learning environment:
Use a VPN when connecting to your university’s Wi-Fi network. Avoid hackers infiltrating your connection by using a VPN, which allows you to send and receive data while encrypting, or scrambling, your information so others can’t read it. VPNs also prevent hackers from gaining access to other devices connected to your Wi-Fi.
Choose an encrypted online conferencing tool. Does the video conferencing tool you’re considering use end-to-end encryption? This ensures that only meeting participants can decrypt secure meeting content. Additionally, be sure to read the privacy policies listed by the video conferencing programs to find the one that is the most secure and fits your needs.
For Working Professionals
Regardless of your industry, you are likely to rely on the internet to do your job. Restaurant workers use online POS systems, bank tellers require access to their customers’ online accounts – the list goes on. With so much of your day spent online, it’s important to keep internet safety best practices top of mind so you can continue to work free from potential cyber interruptions. No matter what career path you are on, following these tips can help you stay safe online and continue to do your job with confidence:
Be on the lookout for phishing scams targeting employees and their companies. Hackers will oftentimes target employees with phishing campaigns to access sensitive corporate data. If you receive an email, text, or phone call prompting you to take immediate action and log in to an account, make a payment, confirm personal information, or click on a suspicious link, it’s likely a phishing scam. Send a screenshot of the suspicious message (never forward!) to your company’s IT team to confirm, and then delete the message.
Separate personal and business devices. Set boundaries between your personal and work life, including the technology you use for both. Avoid sharing your company’s devices with family members who are not aware of the best security practices, especially children. Also, keep personal accounts separate from company accounts to prevent sharing information through personal channels.
Adhere to company policies and standards. Ensure you understand your company’s policies and confidentiality agreements when it comes to sharing files, storing documents, and other online communications. Use company-approved cloud applications that follow strict security standards to avoid inadvertently exposing sensitive company information through unsecured means. This measure can also apply when using video conferencing software. Limit the amount of sensitive information shared via video conferencing platforms and through messaging features just in case uninvited hackers are eavesdropping.
For Entertainment Seekers
If you can dream it, you can stream it. With so much media at your fingertips, it’s important to remember that cybercriminals tend to focus their threats on trending consumer behaviors. For example, cybercriminals will tend to focus their scams on popular TV shows or movies in the hopes that an unsuspecting user will click on their malicious download. Because streaming has become so popular in recent years, consumers should prioritize the safety of their online streaming platforms like Spotify, Netflix, Hulu, etc. Here are some ways to stay protected while streaming:
Watch what you click. Be cautious and only access entertainment content directly from a reliable source. The safest thing to do is to subscribe to a streaming site that offers the content or download the movie from credible websites, instead of downloading a “free” version from a website that could contain malware.
Refrain from using illegal streaming sites. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do your device a favor and stream the show from a reputable source.
For Mobile Moguls
As technology has become more advanced, we’ve become accustomed to the many benefits that come with taking our devices with us everywhere we go. For example, we can deposit checks from home with our mobile banking apps and can use vehicle location services on our phones to remind us where we parked. Here’s how you can stay protected while on-the-go:
Use a mobile security solution. Protect your pocket-sized digital life with a reliable solution like McAfee Mobile Security. It actively shields you from malicious links or websites, unauthorized third-party activities, and even phishing scams. Additionally, it allows you to connect safely with a VPN and regularly scans your device for unwanted threats.
“There’s no doubt the internet has brought so many benefits to our daily life,” says Alex Merton-McCann, McAfee’s Cyber Safety Ambassador. “I honestly can’t imagine life without it! But in order for us all to continue benefiting from its many pluses, we all have a responsibility to make it a safe and enjoyable place. So, let’s #playitfaironline and commit to being respectful and kind towards each other online to ensure life online is safe and enjoyable for us all!”
Check out #SaferInternetDay and #SID2022 hashtags on social media to be a part of the conversation.
The post How We Can All Work Together For a Better Internet appeared first on McAfee Blog.
Private browsing vs VPN – Which one is more private?
Read Time:3 Minute, 42 Second
As people turn to the Internet for news and answers to tough questions, it only makes sense that it would come to know you better than your closest friends and family. When we go online for answers to personal questions, we’re sharing our deepest secrets with search engines. While some people are happy to share that level of personal information with strangers, some turn to private browsing, or incognito mode, to help protect their personal data.
The thing is, incognito mode doesn’t work the way people think it does. When you open an incognito window, you’re told that “You’ve gone incognito.” The explanation underneath says that your browsing history, website visits, cookies, and information you put in forms, won’t be saved. This is where the confusion starts.
What the incognito explanation doesn’t tell you is that your browsing information isn’t blocked or hidden from advertisers while in incognito mode. So even though your browsing information “won’t be saved” on your device or available after you close the window, that doesn’t stop the internet from seeing everything you’ve been up to while in that session. Incognito mode That’s why more and more people use virtual private networks, or VPN, to protect their browsing history from prying eyes. If you’re new to VPN, this might be the perfect time to learn about what they are, how they work and why you might choose a VPN over private browsing.
What do virtual private networks do?
VPN protects your devices by wrapping your internet connection in a secure tunnel that only you can access. This stops people —like those nosey advertisers—from seeing what sites you visit. With a secure connection to the Internet, every search request, every website you browse, is hidden from sight. It’s important to point out that VPN don’t make you anonymous; they make it so only you can see what you’re doing online. You can learn more about VPN in this blog post I wrote late last year.
What does incognito mode do?
Incognito modes work by opening an isolated browser window. It stays separate from the rest of your browser tabs or windows, as if it’s on another device. Using incognito mode deletes cookies—the things advertisers use to follow you around the internet—and browsing history, but that’s about it.
If you check your browser’s cookies while in incognito mode, you’ll see that you’re still picking up cookies as you browse, just like you would with a normal browsing window. While it’s great that incognito mode deletes those cookies when you close the window, that doesn’t help you while you browse. Advertisers are still able to see what sites you’re browsing and target you with ads accordingly.
What’s the difference between VPN and private browsing?
VPN:
Encrypt your internet connection
Help hide your browsing from snoops
Help hide your search requests
Help protect your personal information
Can protect multiple devices
Block some types of online tracking
Private browsing:
Deletes personal data when you stop browsing
Only active in one browser window
Hides Internet activity from other users on shared devices
Why use private browsing over VPN?
We wouldn’t recommend using incognito mode instead of a VPN, ever. Incognito mode has its place in your online security toolkit, but it’s not a replacement for other types of protection. If you share a device with other people, like family members or at a library, then you might want to use incognito mode to make sure your partner doesn’t accidentally find out how much you spent on that new TV in the den.
If you’re concerned with advertisers tracking you and watching what you do online, then you should consider using a VPN to protect your privacy.
Way’s to get VPN protection
If you’re already a McAfee Total Protection subscriber, you have access to unlimited VPN usage. Protect your personal information, like your banking information and credit cards, from prying eyes with McAfee Total Protection’s Secure VPN. If you haven’t already signed up, now’s the perfect time. McAfee Total Protection provides security for all your devices, giving you peace of mind while you shop, bank and browse online.
The post Private browsing vs VPN – Which one is more private? appeared first on McAfee Blog.
New Research Reveals Large Salary Rises for Cybersecurity Workers
Read Time:4 Second
The salary guide provided the median salaries across 10 major job roles in cybersecurity
A US hacker blasted North Korea off the internet following missile tests
Read Time:12 Second
Last month, as North Korea’s supreme leader Kim Jong-un oversaw a series of sabre-rattling hypersonic missile tests, cyber attacks disrupted the country’s internet infrastructure. But who was responsible?
Read more in my article on the Hot for Security blog.
Unraveling the climate change and Cybersecurity connection
Read Time:5 Minute, 14 Second
This blog was written by an independent guest blogger.
Cybersecurity and climate change. These two issues seem, at least on the surface, like they couldn’t be farther apart. One conjures Matrix-like, futuristic visions of tech bros and shadowy figures hunched over laptops. The other, third-world dystopias, famine, and mass extinction.
However, a deeper dive into these important global concerns shows that they are more intrinsically connected than you think. In fact, some experts believe that climate change is the biggest security threat mankind has ever faced. That includes cybersecurity, and these are issues that affect everyone on the planet to varying extents.
How exactly does climate change impact cybersecurity, what are the economic impacts of these issues, and what can we do to mitigate the problem?
In the words of Zach Stein, co-founder of Carbon Collective, a first of its kind investment advisory firm that focuses on solving climate change through targeted investments and divestments: “We can’t take these all-or-nothing views. The world is nuanced. It means we need to give room for people and companies to improve.”
Where climate change-related security threats originate
Climate change poses a national security threat that extends far beyond our borders. We now experience 100-year weather events annually, Diminished biodiversity adversely affects the food chain and resource availability, as do droughts and extreme flooding. These problems lead to social anxiety and unrest, contribute to mass migration and displacement, and make us all more vulnerable.
Between pandemics and work/school closings due to inclement weather, more people are working and learning from home. However, many business owners and school administrators don’t prioritize even the most basic cyber security best practices for home-bound students and workers. This increases the attack surface and puts more business owners, government agencies, and individuals at risk for cybercrime.
Crime is also increased by economic stress.
Desperation leads to desperate acts. During such times, you’ll see an increase in scams, identity theft, and hacking exploits. You also have politically or socially motivated hacks by persons on both sides of the climate change argument, either in an effort to make a statement, prove a point, or benefit financially from instability.
The environmental and financial impact of cyber crime
The increased use of computing resources due to a surge in remote work, blockchain mining, and supercomputing also contributes to climate change. People who no longer trust financial institutions due to prominent hacks and leaks are shopping and trading online or putting their money in cryptocurrencies.
This poses its own set of climate-related and cybersecurity threats.
In 2019 alone, Bitcoin mining consumed more energy than the entire country of Switzerland. Data centers accounted for two percent of the world’s total power consumption that same year, and that was before the use of such centers really exploded. Internet usage accounts for another 10 percent of global energy consumption.
Infrastructure investment, resource mining, and fossil fuel production contribute to negative economic, supply chain, and environmental impacts. These and related industries have long been favorite targets of cyber criminals. The 2021 ransomware attack on the Colonial Pipeline cost the company $4.4 billion to end, and resulted in untold damage to the company’s finances and reputation, This was merely one out of hundreds of such attacks on energy producers and related organizations,
The economic impact of energy sector security hits companies, workers and their families, and consumers who have to pay in loss of service or income and increased prices.
Veering away from dependence on fossil fuels toward more sustainable energy sources is a start.
Here are a few more solutions.
Combating the twin threats of climate change and cybercrime
At their annual meeting in Davos, a consortium of world business and economic leaders compiled the 2022 Global Threat Report. Among their findings was the fact that it will take a unified, global effort to head off long-term climate catastrophe. This includes a more aggressive approach toward mitigation and greater investment in sustainable energy.
However, it will take more than energy conservation or performing the occasional risk assessment to combat these issues. Some concrete measures that can reduce vulnerabilities toward cybercrime and climate change include:
• Exploring new technologies. Crypto-mining platforms have committed to exploring methods that use fewer resources during the cryptomining and NFT minting process. This includes use of Hyperledger Fabric to centralize block creation, initiating blockchain smart contracts for easier validation, and developing more efficient cooling methods for data centers and supercomputers.
• Educating stakeholders. This includes not only teaching users basic security practices but also educating them on how to spot and avoid scams, such as identifying misinformation about climate-related emergencies. From the design and security side, baking cyber security into app and platform design, reducing the risk matrix, and proactive cyber security practices are methods to reduce the cost and risk.
Business leaders and IT professionals should include climate change in their risk assessment protocols and procedures. For example, having a backup plan in the case of a weather or cybercrime event that limits business disruption and prevents accidents like spills or leaks. Incentivizing companies to invest in smarter, sustainable technologies and reducing environmental risk will also make a huge impact.
• Increasing cybersecurity investment. Businesses in the tech, financial, and energy sectors should prioritize cybersecurity spending, invest in more efficient production technologies, and upgrade or replace vital infrastructure. It’s also incumbent upon government intelligence agencies and policy makers to set up dedicated departments, platforms, and unified protocols to assess, prevent, and combat climate change and cyber security threats.
• Deploying technologies to prevent climate-related disasters. This is in addition to hardening critical infrastructure and prioritizing proactive cyber security and risk identification. For a start, asset management, resource allocation, and equipment maintenance can be automated using AI-based technologies.
Final thoughts
Instability, food insecurity, and widespread environmental damage contribute to the kind of despair and hopelessness that leads to mass unrest and criminal behavior. Desperate conditions lead to desperate acts. They also increase the number, methods, opportunities of people willing to take advantage of social disruption and decline.
Proactive cybersecurity won’t reverse the effects of climate change. However, it will help reduce the financial and economic impact of global warming on businesses, individuals, and society at large.