If you’re like most people, you probably use your computer for most of your online activities. It’s amazing what the internet can do to make our lives easier. But if you’ve spent any time online, you know the internet also comes with some risks. 

Malware (or malicious software) is one risk of living a connected life. Whether it comes from infected websites, innocent-looking email attachments, or applications and tools you think you can trust, malware can expose your private information to cybercriminals who may use it for personal gain. 

If you suspect that malicious software has infected your device, it’s important to remove it quickly to protect yourself.  

Though dealing with malware can be scary, there are a few things you can do. This article will explain how malware can infect devices and how you can remove it from them. 

How devices become infected with malware

There are many types of malware, which do their work in different ways. They can include viruses, worms, Trojans, spyware, adware, ransomware, and more. 

Some common ways that Windows PCs, Macs, tablets, and smartphones can get infected include: 

Phishing and malspam emails: These are emails — often posing as trusted sources — that try to trick you into revealing sensitive information, such as your credit card number and passwords, to different services. 
Peer-to-peer sharing (P2P sharing) and torrents: P2P sharing and torrents often offer software, games, and media for illegal downloading. They can also contain downloads spiked with malicious software code. 
Spoofed websites of well-known brands and organizations: Cybercriminals might pose as websites of legitimate organizations to trick you into downloading malware. Click on a link, and the malware downloads to your hard drive. 
External storage devices, such as USB drives: USB drives and other external storage devices are a popular way to exchange files between computers. However, if you find or receive a USB drive from an unknown source, don’t plug it into your machine. 
Compromised software: Sometimes, malware can compromise the software you download. It’s a good idea to only download through trusted sources. 
Adware, including pop-up ads: Pop-up ads are a nuisance when you click on a webpage, but they can also be laced with malware that’s released when you click on them. 
Fake mobile apps: These often pose as popular apps, such as fitness tracking tools or cryptocurrency applications. Download them, and your mobile device can become compromised. It’s best only to download apps from trusted sources.  

How can malware affect you?

Malware can affect you in a variety of ways. For example, malware can allow hackers to steal your private information, uncover passwords, cause financial issues for you or your company, delete files, and render your device unusable.  

Malware can also move from your computer to other devices, so you may unwittingly infect friends, family, or co-workers. It can gobble up your computer’s memory, slow its operation to a snail’s pace, and more. 

For these reasons, it’s a good idea to find out how to remove malware and learn to protect yourself from it in the first place. 

Signs malware  is infecting your device

The Federal Trade Commission (FTC) Consumer Information points out some ways to know if malware has infected your device, including if it: 

Suddenly slows down, crashes, or displays repeated error messages 
Won’t shut down or restart 
Prevents you from removing software 
Starts serving up a lot of pop-up ads, inappropriate ads, or ads that interfere with page content 
Displays ads in places you wouldn’t usually see them, such as government websites 
Displays unexpected toolbars or icons in your web browser, such as Chrome or Safari  
Changes your default search engine or displays new tabs or websites you didn’t open 
Repeatedly changes your homepage 
Sends emails from your personal account that you didn’t write 
Runs out of battery life more quickly than normal 

Malware removal on your PC

How to remove malware from your devices

If you think your computer, smartphone or tablet has been infected by malware, the first step is to stop ​​shopping, banking, and doing other things online that involve usernames, passwords, or other sensitive information until you have the problem resolved. 

If you don’t have an antivirus program on your device, it’s a good idea to get one. McAfee’s antivirus software provides award-winning protection for your data and devices. It’s important to get antivirus software from a trusted name because some malware can even masquerade as security software. 

It’s also important to make sure that your operating system for your different devices and applications are up to date. Older programs and apps might not have the latest security features — cybercriminals are constantly devising new ways to get people’s information — and outdated software can have a harder time fighting off infection.  

Once your cybersecurity software is in place, you should: 

Scan your device for malware

If you have a PC with Windows 10 or 11, you already benefit from free virus threat protection with Microsoft Windows Defender. Windows Defender, or built-in Microsoft security, compares new files and programs against a database of known malware. It keeps an eye out for signs that an attack is underway, such as the encryption of key files.  

Defender can run in active, passive, and disabled mode. In active mode, it’s the primary antivirus app on the device. This means the program will scan files, remedy any threats, and show detected threats in your organization’s security reports and in the Windows Security app. 

Microsoft Defender will automatically turn off if you have another antivirus app installed and turned on. Microsoft Defender will turn back on automatically if you uninstall the other app. 

In passive mode, Microsoft Defender isn’t used as the primary antivirus app on the device. It’ll scan files and report any threats but it won’t remedy those threats. Finally, Microsoft Windows can’t detect or address threats if it is disabled or uninstalled. 

You can run quick and advanced scans in Windows Security. If you’re worried that a specific file or folder has been compromised, you can also run a manual scan by: 

Right-clicking the file or folder in File Explorer 
Selecting Scan with Microsoft Defender 

You’ll see the scan results and options for dealing with any potential threats. 

Microsoft Defender is also available to protect Android smartphones from viruses and malware. It can also help against phishing and phishing and scans your Android device automatically to track and identify potentially unwanted, and dangerous, applications on your device. 

Apple users, as well, have built-in antivirus software to help detect and fight off malware. Malware is commonly distributed across macOS systems by being embedded in a harmless-looking app.  

Luckily, settings in Security & Privacy preferences allow you to designate the sources of software installed on your Mac. Just follow these steps: 

Choose the Apple menu.  
Select “System Preferences.” 
Click “Security & Privacy.”  
Click “General.” 
If the lock at the bottom left is locked, click it to unlock the preferences pane. 
Select the software sources from which you’ll allow software to be installed, including the Mac App Store and identified developers who are registered with Apple. 

Apple iPads and iPhones have strong built-in security and privacy protections, so it is up to the user on whether or not they want to install antivirus for additional malware protections. Apple boasts a “walled-garden” approach–meaning that their operating system is closed to outside apps and games not affiliated with their official app store unless you jailbreak the device.

Remember that while cybersecurity features built into devices are a great starting point, they’re not always comprehensive. That’s where antivirus software, like McAfee Total Protection, can help. It offers continuous protection against malware, viruses, phishing, ransomware, and other online threats. It also automatically updates so you don’t need to worry about manual upgrades.  

The security software also includes alerts before you connect to risky websites and offers one-click fixes to help you stay safe online. 

Quarantine or remove any viruses

Antivirus software like McAfee works to block malware from infecting your computer, smartphone, or tablet. If malware somehow does get through, it can act as a powerful malware scanner by searching every file on your device for infections.  

It can troubleshoot, look for vulnerabilities, and compile a list of infected software that can be quarantined (or isolated) to prevent it from doing harm and deleted at the end of the virus scan using removal tools.  

McAfee’s anti-malware software updates its virus database by using an automatic web crawler that scans the internet, identifies online threats like malicious software, and figures out how to delete them. 

McAfee antivirus uses this data to automatically update your device’s protective set-upl, providing strong protection so nothing harmful gets in.  

Besides desktop computers, McAfee provides mobile security for both Android and Apple devices. For example, when you use your iPhone or Android phone on a public Wi-Fi system,  McAfee’s Wi-Fi privacy protection (VPN) in effect turns the public network into a private one, where you can surf safely. Of course, its antivirus app regularly scans for threats and malware while actively blocking them in real time, keeping your mobile devices protected. 

McAfee keeps your device secure

McAfee offers a variety of plans tailored to fit your needs and budget so your computer and other devices — including Android smartphones, Apple iPhones, and various tablets — are protected from malware and other online threats. 

McAfee is a leader in consumer security, and our antivirus software is used on more than 6 million devices. It’s easy to install and use, provides 24/7 real-time threat protection, and comes with a Virus Pledge — a money-back guarantee that it’ll remove all viruses from your protected devices. 

You can get antivirus software as part of McAfee’s Total Protection services. This includes all-in-one protection for your personal info and privacy, with identity restoration assistance and up to $1 million of identity theft coverage for data breaches. You also have access to identity monitoring, safe browsing, and a secure VPN.​ 

With McAfee, you can turn apprehension about malware into the peace of mind that comes from proper protection. 

The post How to Quickly Remove Malware in 2022 appeared first on McAfee Blog.

Read More

Axis Security, a security service provider focused on zero trust, has launched Atmos, a cloud-native alternative to data center based, legacy network architectures and security service edge (SSE) platforms.

Short for Atmosphere, Atmos will seek to “harmonize the modern workplace connectivity” by syncing authentication, authorization, and connectivity across a company’s workforce, ecosystem partners, and hybrid cloud infrastructure with its new SSE architecture, according to the company.

“With the Atmos platform, Axis is evolving to deliver a full SSE service, beyond just Axis ZTNA (now included within the Atmos platform),” says Dor Knafo, CEO and co-founder of Axis Security. “Customers now have the ability to leverage an assortment of new capabilities including a new web gateway service, CASB and Digital Experience from Axis.”

To read this article in full, please click here

Read More

Microsoft’s April 2022 Patch Tuesday Addresses 117 CVEs (CVE-2022-24521)

Microsoft addresses 117 CVEs in its April 2022 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild and reported to Microsoft by the National Security Agency.

9Critical
108Important
0Moderate
0Low

Microsoft patched 117 CVEs in its April 2022 Patch Tuesday release, with 9 rated as critical and 108 rated as important.

This month’s update includes patches for:

.NET Framework
Active Directory Domain Services
Azure SDK
Azure Site Recovery
LDAP – Lightweight Directory Access Protocol
Microsoft Bluetooth Driver
Microsoft Dynamics
Microsoft Edge (Chromium-based)
Microsoft Graphics Component
Microsoft Local Security Authority Server (lsasrv)
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft Windows ALPC
Microsoft Windows Codecs Library
Microsoft Windows Media Foundation
Power BI
Role: DNS Server
Role: Windows Hyper-V
Skype for Business
Visual Studio
Visual Studio Code
Windows Ancillary Function Driver for WinSock
Windows App Store
Windows AppX Package Manager
Windows Cluster Client Failover
Windows Cluster Shared Volume (CSV)
Windows Common Log File System Driver
Windows Defender
Windows DWM Core Library
Windows Endpoint Configuration Manager
Windows Fax Compose Form
Windows Feedback Hub
Windows File Explorer
Windows File Server
Windows Installer
Windows iSCSI Target Service
Windows Kerberos
Windows Kernel
Windows Local Security Authority Subsystem Service
Windows Media
Windows Network File System
Windows PowerShell
Windows Print Spooler Components
Windows RDP
Windows Remote Procedure Call Runtime
Windows schannel
Windows SMB
Windows Telephony Server
Windows Upgrade Assistant
Windows User Profile Service
Windows Win32K
Windows Work Folder Service
YARP reverse proxy

Elevation of privilege (EoP) vulnerabilities accounted for 39.3% of the vulnerabilities patched this month, followed by remote code execution (RCE) vulnerabilities at 39.3%.

Upcoming end of support

In the coming weeks, versions of the.NET Framework and Windows 10 will stop receiving updates and support. On April 26, .NET Framework 4.5.2, 4.6, or 4.6.1 will reach end of support due to their use of the less secure Secure Hash Algorithm 1 (SHA-1). On May 10, Windows 10 version 20H2 will reach end of servicing. Users are urged to update to more recent versions to ensure they continue receiving important security updates.

Tenable Solutions

Users can create scans that focus specifically on our Patch Tuesday plugins. From a new advanced scan, in the plugins tab, set an advanced filter for Plugin Name contains April 2022.

With that filter set, click the plugin families to the left and enable each plugin that appears on the right side. Note: If your families on the left say Enabled, then all the plugins in that family are set. Disable the whole family before selecting the individual plugins for this scan. Here’s an example from Tenable.io:

A list of all the plugins released for Tenable’s April 2022 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

Get more information

Microsoft’s April 2022 Security Updates
Tenable plugins for Microsoft April 2022 Patch Tuesday Security Updates

Join Tenable’s Security Response Team on the Tenable Community.

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.

Get a free 30-day trial of Tenable.io Vulnerability Management.

Read More

In a move to put in place a key piece for its portfolio of cybersecurity companies, private equity firm Thoma Bravo has finalized plans to acquire IAM (identity access management) security vendor SailPoint in a go-private deal worth $6.9 billion.

When completed, the deal, announced Monday, will be the latest in a string of security focused technology acquisitions for the private equity firm, which last year purchased payment security provider Bottomline Technologies for $2.6 billion in December and cybersecurity and compliance vendor Proofpoint for $12.3 billion in August, among other transactions, some of which date back to 2016.

To read this article in full, please click here

Read More

The U.S. Department of Justice (DOJ) said today it seized the website and user database for RaidForums, an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world’s largest data breaches since 2015. The DOJ also charged the alleged administrator of RaidForums — 21-year-old Diogo Santos Coelho, of Portugal — with six criminal counts, including conspiracy, access device fraud and aggravated identity theft.

The “raid” in RaidForums is a nod to the community’s humble beginnings in 2015, when it was primarily an online venue for organizing and supporting various forms of electronic harassment. According to the DOJ, that early activity included ‘raiding‘ — posting or sending an overwhelming volume of contact to a victim’s online communications medium — and ‘swatting,’ the practice of making false reports to public safety agencies of situations that would necessitate a significant, and immediate armed law enforcement response.”

But over the years as trading in hacked databases became big business, RaidForums emerged as the go-to place for English-speaking hackers to peddle their wares. Perhaps the most bustling marketplace within RaidForums was its “Leaks Market,” which described itself as a place to buy, sell, and trade hacked databases and leaks.

The government alleges Coelho and his forum administrator identity “Omnipotent” profited from the illicit activity on the platform by charging “escalating prices for membership tiers that offered greater access and features, including a top-tier ‘God’ membership status.”

“RaidForums also sold ‘credits’ that provided members access to privileged areas of the website and enabled members to ‘unlock’ and download stolen financial information, means of identification, and data from compromised databases, among other items,” the DOJ said in a written statement. “Members could also earn credits through other means, such as by posting instructions on how to commit certain illegal acts.”

Prosecutors say Coelho also personally sold stolen data on the platform, and that Omnipotent directly facilitated illicit transactions by operating a fee-based “Official Middleman” service, a kind of escrow or insurance service that denizens of RaidForums were encouraged to use when transacting with other criminals.

Investigators described multiple instances wherein undercover federal agents or confidential informants used Omnipotent’s escrow service to purchase huge tranches of data from one of Coelho’s alternate user  identities — meaning Coelho not only sold data he’d personally hacked but also further profited by insisting the transactions were handled through his own middleman service.

Not all of those undercover buys went as planned. One incident described in an affidavit by prosecutors (PDF) appears related to the sale of tens of millions of consumer records stolen last year from T-Mobile, although the government refers to the victim only as a major telecommunications company and wireless network operator in the United States.

On Aug. 11, 2021, an individual using the moniker “SubVirt” posted on RaidForums an offer to sell Social Security numbers, dates of birth and other records on more than 120 million people in the United States (SubVirt would later edit the sales thread to say 30 million records). Just days later, T-Mobile would acknowledge a data breach affecting 40 million current, former or prospective customers who applied for credit with the company.

The government says the victim firm hired a third-party to purchase the database and prevent it from being sold to cybercriminals. That third-party ultimately paid approximately $200,000 worth of bitcoin to the seller, with the agreement that the data would be destroyed after sale. “However, it appears the co-conspirators continued to attempt to sell the databases after the third-party’s purchase,” the affidavit alleges.

The FBI’s seizure of RaidForums was first reported by KrebsOnSecurity on Mar. 23, after a federal investigator confirmed rumors that the FBI had been secretly operating the RaidForums website for weeks.

Coelho landed on the radar of U.S. authorities in June 2018, when he tried to enter the United States at the Hartsfield-Jackson International Airport in Atlanta. The government obtained a warrant to search the electronic devices Coelho had in his luggage and found text messages, files and emails showing he was the RaidForums administrator Omnipotent.

“In an attempt to retrieve his items, Coelho called the lead FBI case agent on or around August 2, 2018, and used the email address unrivalled@pm.me to email the agent,” the government’s affidavit states. Investigators found this same address was used to register rf.ws and raid.lol, which Omnipotent announced on the forum would serve as alternative domain names for RaidForums in case the site’s primary domain was seized.

The DOJ said Coelho was arrested in the United Kingdom on January 31, at the United States’ request, and remains in custody pending the resolution of his extradition hearing. A statement from the U.K.’s National Crime Agency (NCA) said the RaidForum’s takedown was the result of “Operation Tourniquet,” which was carried out by the NCA in cooperation with the United Staes, Europol and four other countries, and resulted in “a number of linked arrests.”

A copy of the indictment against Coelho is available here (PDF).

Read More

Daniel Motta reportedly stole elderly client’s Trezor hardware wallet and its password while providing security help

Read More

John Oliver has an excellent segment on data brokers and surveillance capitalism.

Read More

RaidForums has been shut down and its infrastructure seized in a joint law enforcement operation coordinated by Europol

Read More

Organizations are adopting IoT solutions to automate repetitive and time-consuming tasks in their facilities and hospitals are no different. While robots and other devices can free and improve the efficiency of valuable human resources, they can also introduce risks that organizations have never previously had to deal with.

This is highlighted today by the disclosure of five serious vulnerabilities in Aethon TUG, a line of mobile autonomous robots designed to haul food, medication, lab specimens and other supplies across facilities. TUGs, which have been deployed in hospitals around the world, use sensors and cameras to navigate hallways and can interact with elevators and automatic doors through Wi-Fi.

To read this article in full, please click here

Read More

Trust in organizations hits rock bottom but many don’t care

Read More