Login
Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoftβs most-dire βcriticalβ rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with little or no help from users.
Augustβs patch batch from Redmond includes an update for CVE-2025-53786, a vulnerability that allows an attacker to pivot from a compromised Microsoft Exchange Server directly into an organizationβs cloud environment, potentially gaining control over Exchange Online and other connected Microsoft Office 365 services. Microsoft first warned about this bug on Aug. 6, saying it affects Exchange Server 2016 and Exchange Server 2019, as well as its flagship Exchange Server Subscription Edition.
Ben McCarthy, lead cyber security engineer at Immersive, said a rough search reveals approximately 29,000 Exchange servers publicly facing on the internet that are vulnerable to this issue, with many of them likely to have even older vulnerabilities.
McCarthy said the fix for CVE-2025-53786 requires more than just installing a patch, such as following Microsoftβs manual instructions for creating a dedicated service to oversee and lock down the hybrid connection.
βIn effect, this vulnerability turns a significant on-premise Exchange breach into a full-blown, difficult-to-detect cloud compromise with effectively living off the land techniques which are always harder to detect for defensive teams,β McCarthy said.
CVE-2025-53779 is a weakness in the Windows Kerberos authentication system that allows an unauthenticated attacker to gain domain administrator privileges. Microsoft credits the discovery of the flaw to Akamai researcher Yuval Gordon, who dubbed it βBadSuccessorβ in a May 2025 blog post. The attack exploits a weakness in βdelegated Managed Service Accountβ or dMSA β a feature that was introduced in Windows Server 2025.
Some of the critical flaws addressed this month with the highest severity (between 9.0 and 9.9 CVSS scores) include a remote code execution bug in the Windows GDI+ component that handles graphics rendering (CVE-2025-53766) and CVE-2025-50165, another graphics rendering weakness. Another critical patch involves CVE-2025-53733, a vulnerability in Microsoft Word that can be exploited without user interaction and triggered through the Preview Pane.
One final critical bug tackled this month deserves attention: CVE-2025-53778, a bug in Windows NTLM, a core function of how Windows systems handle network authentication. According to Microsoft, the flaw could allow an attacker with low-level network access and basic user privileges to exploit NTLM and elevate to SYSTEM-level access β the highest level of privilege in Windows. Microsoft rates the exploitation of this bug as βmore likely,β although there is no evidence the vulnerability is being exploited at the moment.
Feel free to holler in the comments if you experience problems installing any of these updates. As ever, the SANS Internet Storm Center has its useful breakdown of the Microsoft patches indexed by severity and CVSS score, and AskWoody.com is keeping an eye out for Windows patches that may cause problems for enterprises and end users.
Windows 10 users out there likely have noticed by now that Microsoft really wants you to upgrade to Windows 11. The reason is that after the Patch Tuesday on October 14, 2025, Microsoft will stop shipping free security updates for Windows 10 computers. The trouble is, many PCs running Windows 10 do not meet the hardware specifications required to install Windows 11Β (or they do, but just barely).
If the experience with Windows XP is any indicator, many of these older computers will wind up in landfills or else will be left running in an unpatched state. But if your Windows 10 PC doesnβt have the hardware chops to run Windows 11 and youβd still like to get some use out of it safely, consider installing a newbie-friendly version of Linux, like Linux Mint.
Like most modern Linux versions, Mint will run on anything with a 64-bit CPU that has at least 2GB of memory, although 4GB is recommended. In other words, it will run on almost any computer produced in the last decade.
There are many versions of Linux available, but Linux Mint is likely to be the most intuitive interface for regular Windows users, and it is largely configurable without any fuss at the text-only command-line prompt. Mint and other flavors of Linux come with LibreOffice, which is an open source suite of tools that includes applications similar to Microsoft Office, and it can open, edit and save documents as Microsoft Office files.
If youβd prefer to give Linux a test drive before installing it on a Windows PC, you can always just download it to a removable USB drive. From there, reboot the computer (with the removable drive plugged in) and select the option at startup to run the operating system from the external USB drive. If you donβt see an option for that after restarting, try restarting again and hitting the F8 button, which should open a list of bootable drives. Hereβs a fairly thorough tutorial that walks through exactly how to do all this.
And if this is your first time trying out Linux, relax and have fun: The nice thing about a βliveβ version of Linux (as itβs called when the operating system is run from a removable drive such as a CD or a USB stick) is that none of your changes persist after a reboot. Even if you somehow manage to break something, a restart will return the system back to its original state.
Article tags
New online threats emerge every day, putting our personal information, money and devices at risk. In its 2024 Internet Crime Report, the Federal Bureau of Investigation reports that 859,532 complaints of suspected internet crimeβincluding ransomware, viruses and malware, data breaches, denials of service, and other forms of cyberattackβresulted in losses of over $16 billionβa 33% increase from 2023.
Thatβs why it is essential to stay ahead of these threats. One way to combat these is by conducting virus scans using proven software tools that constantly monitor and check your devices while safeguarding your sensitive information. In this article, weβll go through everything you need to know to run a scan effectively to keep your computers, phones and tablets in tip-top shape.
Whether you think you might have a virus on your computer or devices or just want to keep them running smoothly, itβs easy to do a virus scan.
Each antivirus program works a little differently, but in general the software will look for known malware with specific characteristics, as well as their variants that have a similar code base. Some antivirus software even checks for suspicious behavior. If the software comes across a dangerous program or piece of code, the antivirus software removes it. In some cases, a dangerous program can be replaced with a clean one from the manufacturer.
Before doing a virus scan, it is useful to know the telltale signs of viral presence in your device. Is your device acting sluggish or having a hard time booting up? Have you noticed missing files or a lack of storage space? Have you noticed emails or messages sent from your account that you did not write? Perhaps youβve noticed changes to your browser homepage or settings? Maybe youβre seeing unexpected pop-up windows, or experiencing crashes and other program errors. These are just some signs that your device may have a virus, but donβt get too worried yet because many of these issues can be resolved with a virus scan.
Free virus scanner tools, both in web-based and downloadable formats, offer a convenient way to perform a one-time check for malware. They are most useful when you need a second opinion or are asking yourself, βdo I have a virus?β after noticing something suspect.
However, itβs critical to be cautious. For one, cybercriminals often create fake βfreeβ virus checker tools that are actually malware in disguise. If you opt for free scanning tools, it is best to lean on highly reputable cybersecurity brands. On your app store or browser, navigate to a proven online scanning tool with good reviews or a website whose URL starts with βhttpsβ to confirm you are in a secure location.
Secondly, free tools are frequently quite basic and perform only the minimum required service. If you choose to go this path, look for free trial versions that offer access to the full suite of premium features, including real-time protection, a firewall, and a VPN. This will give you a glimpse of a solutionβs comprehensive, multi-layered security capability before you commit to a subscription.
If safeguarding all your computers and mobile devices individually sounds overwhelming, you can opt for comprehensive security products that protect computers, smartphones and tablets from a central, cloud-based hub, making virus prevention a breeze. Many of these modern antivirus solutions are powered by both local and cloud-based technologies to reduce the strain on your computerβs resources.
This guide will walk you through the simple steps to safely scan your computer using reliable online tools, helping you detect potential threats, and protect your personal data.
When selecting the right antivirus software, look beyond a basic virus scan and consider these key features:
The process of checking for viruses depends on the device type and its operating system. Generally, however, the virus scanner will display a βScanβ button to start the process of checking your systemβs files and apps.
Here are more specific tips to help you scan your computers, phones and tablets:
If you use Windows 11, go into βSettingsβ and drill down to the βPrivacy & Security > Windows Security > Virus & Threat Protectionβ tab, which will indicate if there are actions needed. This hands-off function is Microsoftβs own basic antivirus solution called Windows Defender. Built directly into the operating system and enabled by default, this solution provides a baseline of protection at no extra cost for casual Windows users. However, Microsoft is the first to admit that it lags behind specialized paid products in detecting the very latest zero-day threats.
Mac computers donβt have a built-in antivirus program, so you will have to download security software to do a virus scan. As mentioned, free antivirus applications are available online, but we recommend investing in trusted software that is proven to protect you from cyberthreats.
If you decide to invest in more robust antivirus software, running a scan is usually straightforward and intuitive. For more detailed instructions, we suggest searching the softwareβs help menu or going online and following their step-by-step instructions.
Smartphones and tablets are powerful devices that you likely use for nearly every online operation in your daily life from banking, emailing, messaging, connecting, and storing personal information. This opens your mobile device to getting infected through malicious apps, especially those downloaded from unofficial stores, phishing links sent via text or email, or by connecting to compromised wi-fi networks.
Regular virus scans with a mobile security software are crucial for protecting your devices. Be aware, however, that Android and IOS operating systems merit distinct solutions.
Antivirus products for Android devices abound due to this systemβs open-source foundation. However, due to Appleβs strong security model, which includes app sandboxing, traditional viruses are rare on iPhones and iPads. However, these devices are not immune to all threats. You can still fall victim to phishing scams, insecure Wi-Fi networks, and malicious configuration profiles. Signs of a compromise can include unusual calendar events, frequent browser redirects, or unexpected pop-ups.
Apple devices, however, closed platform doesnβt easily accommodate third-party applications, especially unvetted ones. You will most likely find robust and verified antivirus scanning tools on Appleβs official app store.
Before you open any downloaded file or email attachment, itβs wise to check it for threats. To perform a targeted virus scan on a single file, simply right-click the file in Windows Explorer or macOS Finder and select the βScanβ option from the context menu to run the integrated virus checker on a suspicious item.
For an added layer of security, especially involving files from unknown sources, you can use a web-based file-checking service that scans for malware. These websites let you upload a file, which is then analyzed by multiple antivirus engines. Many security-conscious email clients also automatically scan incoming attachments, but a manual scan provides crucial, final-line defense before execution.
Once the scan is complete, the tool will display a report of any threats it found, including the name of the malware and the location of the infected file. If your antivirus software alerts you to a threat, donβt panicβit means the program is doing its job.
The first and most critical step is to follow the softwareβs instructions. It might direct you to quarantine the malicious file to isolate the file in a secure vault where it can no longer cause harm. You can then review the details of the threat provided by your virus scanner and choose to delete the file permanently, which is usually the safest option.
After the threat is handled, ensure your antivirus software and operating system are fully updated. Finally, run a new, full system virus scan to confirm that all traces of the infection have been eliminated. Regularly backing up your important data to an external drive or cloud service can also be a lifesaver in the event of a serious infection.
The most effective way to maintain your deviceβs security is to automate your defenses. A quality antivirus suite allows you to easily schedule a regular virus scan so youβre always protected without having to do it manually. A daily quick scan is a great habit for any user; itβs fast and checks the most vulnerable parts of your system. Most antivirus products regularly scan your computer or device in the background, so a manual scan is only needed if you notice something dubious, like crashes or excessive pop-ups. You can also set regular scans on your schedule, but a weekly full scan is ideal.
These days, it is essential to stay ahead of the wide variety of continuously evolving cyberthreats. Your first line of defense against these threats is to regularly conduct a virus scan. You can choose among the many free yet limited-time products or comprehensive, cloud-based solutions.
While many free versions legitimately perform their intended function, itβs critical to be cautious as these are more often baseline solutions while some are malware in disguise. They also lack the continuous, real-time protection necessary to block threats proactively.
A better option is to invest in verified, trustworthy, and all-in-one antivirus products like McAfee+ that, aside from its accurate virus scanning tool, also offers a firewall, a virtual private network, and identity protection. For complete peace of mind, upgrading to a paid solution like McAfee Total Protection is essential for proactively safeguarding your devices and data in real-time, 24/7.
The post How To Do A Virus Scan appeared first on McAfee Blog.
Online scams are evolving faster than ever, with cybercriminals using AI, deepfake technology, and social engineering to trick unsuspecting users.
In the past year, Americans have been targeted by an average of 14 scam messages per day, and deepfake scams have surged 1,740% in North America, according to McAfeeβs State of the Scamiverse report.Β
These scams go beyond simple phishing emailsβscammers now impersonate trusted companies, friends, and even loved ones, making it critical to recognize the warning signs before falling victim.
Hereβs how you can spot an online scam and protect yourself:Β
Β Β
Scams are scary, but you can prevent yourself from falling for one by knowing what to look for. Here are a few tell-tale signs that youβre dealing with a scammer. Β
If you get a message that youβve won a big sum of cash in a sweepstakes you donβt remember entering, itβs a scam. Scammers may tell you that all you need to do to claim your prize is send them a small fee or give them your banking information.Β Β
When you enter a real sweepstakes or lottery, itβs generally up to you to contact the organizer to claim your prize. Sweepstakes arenβt likely to chase you down to give you money.Β Β
Scammers will often ask you to pay them using gift cards, money orders, cryptocurrency (like Bitcoin), or through a particular money transfer service. Scammers need payments in forms that donβt give consumers protection.Β Β
Gift card payments, for example, are typically not reversible and hard to trace. Legitimate organizations will rarely, if ever, ask you to pay using a specific method, especially gift cards.Β Β
When you have to make online payments, itβs a good idea to use a secure service like PayPal. Secure payment systems can have features to keep you safe, like end-to-end encryption.Β Β
Scammers may try to make you panic by saying you owe money to a government agency and you need to pay them immediately to avoid being arrested. Or the criminal might try to tug at your heartstrings by pretending to be a family member in danger who needs money.Β Β
Criminals want you to pay them or give them your information quickly β before you have a chance to think about it. If someone tries to tell you to pay them immediately in a text message, phone call, or email, theyβre likely a scammer.Β Β
Many scammers pretend to be part of government organizations like the Internal Revenue Service (IRS). Theyβll claim you owe them money. Criminals can even use technology to make their phone numbers appear legitimate on your caller ID.Β Β
If someone claiming to be part of a government organization contacts you, go to that organizationβs official site and find an official support number or email. Contact them to verify the information in the initial message.Β Β
Scammers may also pretend to be businesses, like your utility company. Theyβll likely say something to scare you, like your gas will be turned off if you donβt pay them right away.Β
Most legitimate organizations will thoroughly proofread any copy or information they send to consumers. Professional emails are well-written, clear, and error-free. On the other hand, scam emails will likely be full of grammar, spelling, and punctuation errors.Β Β
It might surprise you to know that scammers write sloppy emails on purpose. The idea is that if the reader is attentive enough to spot the grammatical mistakes, they likely wonβt fall for the scam.Β Β
There are certain scams that criminals try repeatedly because theyβve worked on so many people. Here are a few of the most common scams you should watch out for.Β Β
A phishing scam can be a phone or email scam. The criminal sends a message in which they pretend to represent an organization you know. It directs you to a fraud website that collects your sensitive information, like your passwords, Social Security number (SSN), and bank account data. Once the scammer has your personal information, they can use it for personal gain.Β Β
Phishing emails may try anything to get you to click on their fake link. They might claim to be your bank and ask you to log into your account to verify some suspicious activity. Or they could pretend to be a sweepstakes and say you need to fill out a form to claim a large reward.Β Β
During the coronavirus pandemic, new phishing scams have emerged, with scammers claiming to be part of various charities and nonprofits. Sites like Charity Navigator can help you discern real groups from fake ones.Β Β
These scams also became much more prominent during the pandemic. Letβs say youβre preparing to fly to Paris with your family. A scammer sends you a message offering you an insurance policy on any travel plans you might be making. Theyβll claim the policy will compensate you if your travel plans fall through for any reason without any extra charges.Β Β
You think it might be a good idea to purchase this type of insurance. Right before leaving for your trip, you have to cancel your plans. You go to collect your insurance money only to realize the insurance company doesnβt exist.Β Β
Real travel insurance from a licensed business generally wonβt cover foreseeable events (like travel advisories, government turmoil, or pandemics) unless you buy a Cancel for Any Reason (CFAR) addendum for your policy.Β Β
Grandparent scams prey on your instinct to protect your family. The scammer will call or send an email pretending to be a family member in some sort of emergency who needs you to wire them money. The scammer may beg you to act right away and avoid sharing their situation with any other family members.Β
For example, the scammer might call and say theyβre your grandchild whoβs been arrested in Mexico and needs money to pay bail. Theyβll say theyβre in danger and need you to send funds now to save them.Β Β
If you get a call or an email from an alleged family member requesting money, take the time to make sure theyβre actually who they say they are. Never wire transfer money right away or over the phone. Ask them a question that only the family member would know and verify their story with the rest of your family.Β Β
You get an email from a prince. Theyβve recently inherited a huge fortune from a member of their royal family. Now, the prince needs to keep their money in an American bank account to keep it safe. If you let them store their money in your bank account, youβll be handsomely rewarded. You just need to send them a small fee to get the money.Β Β
There are several versions of this scam, but the prince iteration is a pretty common one. If you get these types of emails, donβt respond or give out your financial information.Β Β
Your online experience is rudely interrupted when a pop-up appears telling you thereβs a huge virus on your computer. You need to βact fastβ and contact the support phone number on the screen. If you donβt, all of your important data will be erased.Β Β
When you call the number, a fake tech support worker asks you for remote access to your device to βfixβ the problem. If you give the scammer access to your device, they may steal your personal and financial information or install malware. Worse yet, theyβll probably charge you for it.Β Β
These scams can be pretty elaborate. A scam pop-up may even appear to be from a reputable software company. If you see this type of pop-up, donβt respond to it. Instead, try restarting or turning off your device. If the device doesnβt start back up, search for the support number for the device manufacturer and contact them directly.Β Β
Scammers will often pose as popular e-commerce companies by creating fake websites. The fake webpages might offer huge deals on social media. Theyβll also likely have a URL close to the real businessβs URL but slightly different.Β
Sometimes, a criminal is skilled enough to hack the website of a large online retailer. When a scammer infiltrates a retailerβs website, they can redirect where the links on that site lead. This is called formjacking.Β Β
For example, you might go to an e-commerce store to buy a jacket. You find the jacket and put it in your online shopping cart. You click βcheck out,β and youβre taken to a form that collects your credit card information. What you donβt know is that the checkout form is fake. Your credit card number is going directly to the scammers.Β Β
Whenever youβre redirected from a website to make a payment or enter in information, always check the URL. If the form is legitimate, it will have the same URL as the site you were on. A fake form will have a URL thatβs close to but not exactly the same as the original site.Β
These scams are similar to tech support scams. However, instead of urging you to speak directly with a fake tech support person, their goal is to get you to download a fake antivirus software product (scareware).Β Β
Youβll see a pop-up that says your computer has a virus, malware, or some other problem. The only way to get rid of the problem is to install the security software the pop-up links to. You think youβre downloading antivirus software that will save your computer.Β Β
What youβre actually downloading is malicious software. There are several types of malware. The program might be ransomware that locks up your information until you pay the scammers or spyware that tracks your online activity.Β Β
To avoid this scam, never download antivirus software from a pop-up. Youβll be much better off visiting the website of a reputable company, like McAfee, to download antivirus software.Β Β
Dealing with credit card debt can be extremely stressful. Scammers know this and try to capitalize off it. Theyβll send emails posing as credit experts and tell you they can help you fix your credit or relieve some of your debt. They might even claim they can hide harmful details on your credit report.Β
All you have to do is pay a small fee. Of course, after you pay the fee, the βcredit expertβ disappears without helping you out with your credit at all. Generally, legitimate debt settlement firms wonβt charge you upfront. If a credit relief company charges you a fee upfront, thatβs a red flag.Β Β
Before you enter into an agreement with any credit service, check out their reputation. Do an online search on the company to see what you can find. If thereβs nothing about the credit repair company online, itβs probably fake.Β Β
Admitting that youβve fallen for an online scam can be embarrassing. But reporting a scammer can help stop them from taking advantage of anyone else. If youβve been the victim of an online scam, try contacting your local police department and filing a report with the Federal Trade Commission (FTC).Β Β
Several other law enforcement organizations handle different types of fraud. Here are a few examples of institutions that can help you report scams.Β Β
Fraudsters shouldnβt stop you from enjoying your time online. Just by learning to spot an online scam, you can greatly strengthen your immunity to cybercrimes.Β Β
For an even greater internet experience, youβll want the right tools to protect yourself online. McAfee+Β can help you confidently surf the web by providing all-in-one protection for your personal info and privacy. This includes identity protection β which comes with 24/7 monitoring of your email addresses and bank accounts β and antivirus software to help safeguard your internet connection.Β Β
Get the peace of mind that comes with McAfee having your back.Β
The post How to Recognize an Online Scammer appeared first on McAfee Blog.
Itβs the month of top seeds, big upsets, and Cinderella runs by the underdogs. With March Madness basketball cranking up, a fair share of online betting will be sure to followβalong with online betting scams.Β
Since a U.S. Supreme Court ruling in 2018, individual states can determine their own laws for sports betting. Soon after, states leaped at the opportunity to legalize it in some form or other. Today, nearly 40 states and the District of Columbia have βlive and legalβ sports betting, meaning that people can bet on single-game sports through a retail or online sportsbook or a combination of the two in their state.Β
And it has made billions of dollars for the government.
If youβre a sports fan, this news has probably been hard to miss. Or at least the outcome of it all has been hard to miss. Commercials and signage in and around games promote several major online betting platforms. Ads have naturally made their way online too, complete with all kinds of promo offers to encourage people to get in on the action. However, thatβs also opened the door for scammers whoβre looking to take advantage of people looking to make a bet online, according to the Better Business Bureau (BBB). Often through shady or outright phony betting sites.Β
Letβs take a look at the online sports betting landscape, some of the scams that are cropping up, and some things you can do to make a safer bet this March or any time.Β Β
Among the 30 states that have βlive and legalβ sports betting, 19 offer online betting, a number that will likely grow given various state legislation thatβs either been introduced or will be introduced soon.Β
If youβre curious about whatβs available in your state, this interactive map shows the status of sports betting on a state-by-state level. Further, clicking on an individual state on the map will give you yet more specifics, such as the names of retail sportsbooks and online betting services that are legal in the state. For anyone looking to place a bet, this is a good place to start. Itβs also helpful for people who are looking to get into online sports betting for the first time, as thisΒ is the sort of homework that the BBB advises people to do before placing a sports bet online. In their words, you can considerΒ these sportsbooks to be βwhite-labeledβ by your stateβs gaming commission.
Β
However, the BBB stresses that people should be aware that the terms and conditions associated with online sports betting will vary from service to service, as will the promotions that they offer. The BBB accordingly advises people to closely read these terms, conditions and offers. For one, βGambling companies can restrict a userβs activity,β meaning that they can freeze accounts and the funds associated with them based on their terms and conditions. Also, the BBB cautions people about those promo offers that are often heavily advertised, β[L]ike any sales pitch, these can be deceptive. Be sure to read the fine print carefully.βΒ
Where do scammers enter the mix? The BBB points to the rise of consumer complaints around bogus betting sites:Β
βYou place a bet, and, at first, everything seems normal. But as soon as you try to cash out your winnings, you find you canβt withdraw a cent. Scammers will make up various excuses. For example, they may claim technical issues or insist on additional identity verification. In other cases, they may require you to deposit even more money before you can withdraw your winnings. Whatever you do, youβll never be able to get your money off the site. And any personal information you shared is now in the hands of scam artists.βΒ
If thereβs a good reason you should stick to the βwhite labeledβ sites that are approved by your stateβs gaming commission, this is it. Take a pass on any online ads that promote betting sites, particularly if they roll out big and almost too-good-to-be-true offers. These may lead you to shady or bogus sites. Instead, visit the ones that are approved in your state by typing in their address directly into your browser.Β
In addition to what we mentioned above, there are several other things you can do to make your betting safer.Β
In addition to choosing a state-approved option, check out the organizationβs BBB listing at BBB.org. Here you can get a snapshot of customer ratings, complaints registered against the organization, and the organizationβs response to the complaints, along with its BBB rating, if it has one. Doing a little reading here can be enlightening, giving you a sense of what issues arise and how the organization has historically addressed them. For example, you may see a common complaint and how itβs commonly resolved. You may also see where the organization has simply chosen not to respond, all of which can shape your decision whether to bet with them or not.Β
Credit cards are a good way to go. One reason why is the Fair Credit Billing Act, which offers protection against fraudulent charges on credit cards by giving you the right to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Your credit card companies may have their own policies that improve upon the Fair Credit Billing Act as well. Debit cards donβt get the same protection under the Act.Β
Comprehensive online protection software will defend you against the latest virus, malware, spyware, and ransomware attacks plus further protect your privacy and identity. In addition to this, it can also provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who may try to force their way into your accounts. And, specific to betting sites, online protection can help prevent you from clicking links to known or suspected malicious sites.Β
With online betting cropping up in more and more states for more and more people, awareness of how it works and how scammers have set up their presence within it becomes increasingly important. Research is key, such as knowing who the state-approved sportsbooks and services are, what types of betting are allowed, and where. By sticking to these white-label offerings and reading the fine print in terms, conditions, and promo offers, people can make online betting safer and more enjoyable.Β
Editorβs Note:Β If gambling is a problem for you or someone you know, you can seek assistance from a qualified service or professional. Several states have their own helplines, and nationally you can reach out to resources like http://www.gamblersanonymous.org/ or https://www.ncpgambling.org/help-treatment/.Β
The post How to Protect Yourself from March Madness Scams appeared first on McAfee Blog.
At 49, Branden Spikes isnβt just one of the oldest technologists who has been involved in Elon Muskβs Department of Government Efficiency (DOGE). As the current director of information technology at X/Twitter and an early hire at PayPal, Zip2, Tesla and SpaceX, Spikes is also among Muskβs most loyal employees. Hereβs a closer look at this trusted Musk lieutenant, whose Russian ex-wife was once married to Elonβs cousin.
The profile of Branden Spikes on X.
When President Trump took office again in January, he put the worldβs richest man β Elon Musk β in charge of the U.S. Digital Service, and renamed the organization as DOGE. The group is reportedly staffed by at least 50 technologists, many of whom have ties to Muskβs companies.
DOGE has been enabling the presidentβs ongoing mass layoffs and firings of federal workers, largely by seizing control over computer systems and government data for a multitude of federal agencies, including the Social Security Administration, the Department of Homeland Security, the Office of Personnel Management, and the Treasury Department.
It is difficult to find another person connected to DOGE who has stronger ties to Musk than Branden Spikes. A native of California, Spikes initially teamed up with Musk in 1997 as a lead systems engineer for the software company Zip2, the first major venture for Musk. In 1999, Spikes was hired as director of IT at PayPal, and in 2002 he became just the fourth person hired at SpaceX.
In 2012, Spikes launched Spikes Security, a software product that sought to create a compartmentalized or βsandboxedβ web browser that could insulate the user from malware attacks. A review of spikes.com in the Wayback Machine shows that as far back as 1998, Musk could be seen joining Spikes for team matches in the online games Quake and Quake II. In 2016, Spikes Security was merged with another security suite called Aurionpro, with the combined company renamed Cyberinc.
A snapshot of spikes.com from 1998 shows Elon Muskβs profile in Spikeβs clan for the games Quake and Quake II.
Spikesβs LinkedIn profile says he was appointed head of IT at X in February 2025. And although his name shows up on none of the lists of DOGE employees circulated by various media outlets, multiple sources told KrebsOnSecurity that Spikes was working with DOGE and operates within Muskβs inner circle of trust.
In a conversation with KrebsOnSecurity, Spikes said he is dedicated to his country and to saving it from what he sees as certain ruin.
βMyself, I was raised by a southern conservative family in California and I strongly believe in America and her future,β Spikes said. βThis is why I volunteered for two months in DC recently to help DOGE save us from certain bankruptcy.β
Spikes told KrebsOnSecurity that he recently decided to head back home and focus on his job as director of IT at X.
βI loved it, but ultimately I did not want to leave my hometown and family back in California,β Spikes said of his tenure at DOGE. βAfter a couple of months it became clear that to continue helping I would need to move to DC and commit a lot more time, so I politely bowed out.β
Prior to founding Spikes Security, Branden Spikes was married to a native Russian woman named Natalia whom heβd met at a destination wedding in South America in 2003.
Branden and Nataliaβs names are both on the registration records for the domain name orangetearoom[.]com. This domain, which DomainTools.com says was originally registered by Branden in 2009, is the home of a tax-exempt charity in Los Angeles called the California Russian Association.
Here is a photo from a 2011 event organized by the California Russian Association, showing Branden and Natalia at one of its βWhite Nightsβ charity fundraisers:
Branden and Natalia Spikes, on left, in 2011. The man on the far right is Ivan Y. Podvalov, a board member of the Kremlin-aligned Congress of Russian Americans (CRA). The man in the center is Feodor Yakimoff, director of operations at the Transib Global Sourcing Group, and chairman of the Russian Imperial Charity Balls, which works in concert with the Russian Heritage Foundation.
In 2011, the Spikes couple got divorced, and Natalia changed her last name to Haldeman. That is not her maiden name, which appears to be βLibina.β Rather, Natalia acquired the surname Haldeman in 1998, when she married Elon Muskβs cousin.
Reeve Haldeman is the son of Scott Haldeman, who is the brother of Elon Muskβs mother, Maye Musk. Divorce records show Reeve and Natalia officially terminated their marriage in 2007. Reeve Haldeman did not respond to a request for comment.
A review of other domain names connected to Natalia Haldemanβs email address show she has registered more than a dozen domains over the years that are tied to the California Russian Association, and an apparently related entity called the Russian Heritage Foundation, Inc.:
russianamericans.org
russianamericanstoday.com
russianamericanstoday.org
russiancalifornia.org
russianheritagefoundation.com
russianheritagefoundation.org
russianwhitenights.com
russianwhitenights.org
theforafoundation.org
thegoldentearoom.com
therussianheritagefoundation.org
tsarinahome.com
Ms. Haldeman did not respond to requests for comment. Her name and contact information appears in the registration records for these domains dating back to 2010, and a document published by ProPublica show that by 2016 Natalia Haldeman was appointed CEO of the California Russian Foundation.
The domain name that bears both Brandenβs and Nataliaβs names β orangetearoom.com β features photos of Ms. Haldeman at fundraising events for the Russian foundation through 2014. Additional photos of her and many of the same people can be seen through 2023 at another domain she registered in 2010 β russianheritagefoundation.com.
A photo from Natalia Haldemanβs Facebook page shows her mother (left) pictured with Maye Musk, Elon Muskβs mother, in 2022.
The photo of Branden and Natalia above is from one such event in 2011 (tied to russianwhitenights.org, another Haldeman domain). The person on the right in that image β Ivan Y. Podvalov β appears in many fundraising event photos published by the foundation over the past decade. Podvalov is a board member of the Congress of Russian Americans (CRA), a nonprofit group that is known for vehemently opposing U.S. financial and legal sanctions against Russia.
Writing for The Insider in 2022, journalist Diana Fishman described how the CRA has engaged in outright political lobbying, noting that the organization in June 2014 sent a letter to President Obama and the secretary of the United Nations, calling for an end to the βlarge-scale US intervention in Ukraine and the campaign to isolate Russia.β
βThe US military contingents must be withdrawn immediately from the Eastern European region, and NATOβs enlargement efforts and provocative actions against Russia must cease,β the message read.
The Insider said the CRA director sent another two letters, this time to President Donald Trump, in 2017 and 2018.
βOne was a request not to sign a law expanding sanctions against Russia,β Fishman wrote. βThe other regretted the expulsion of 60 Russian diplomats from the United States and urged not to jump to conclusions on Moscowβs involvement in the poisoning of Sergei Skripal.β
The nonprofit tracking website CauseIQ.com reports that The Russian Heritage Foundation, Inc. is now known as Constellation of Humanity.
The Russian Heritage Foundation and the California Russian Association both promote the interests of the Russian Orthodox Church. This page indexed by Archive.org from russiancalifornia.org shows The California Russian Foundation organized a community effort to establish an Orthodox church in Orange County, Calif.
A press release from the Russian Orthodox Church Outside of Russia (ROCOR) shows that in 2021 the Russian Heritage Foundation donated money to organize a conference for the Russian Orthodox Church in Serbia.
A review of the βPartnersβ listed on the Spikesβ jointly registered domain β orangetearoom.com β shows the organization worked with a marketing company called Russian American Media. Reporting by KrebsOnSecurity last year showed that Russian American Media also partners with the problematic people-search service Radaris, which was formed by two native Russian brothers in Massachusetts who have built a fleet of consumer data brokers and Russian affiliate programs.
When asked about his ex-wifeβs history, Spikes said she has a good heart and bears no ill-will toward anyone.
βI attended several of Nataliaβs social events over the years we were together and can assure you that sheβs got the best intentions with those,β Spikes told KrebsOnSecurity. βThereβs no funny business going on. It is just a way for those friendly immigrants to find resources amongst each other to help get settled in and chase the American dream. I mean, theyβre not unlike the immigrants from other countries who come to America and try to find each other and help each other find others who speak the language and share in the building of their businesses here in America.β
Spikes said his own family roots go back deeply into American history, sharing that his 6th great grandfather was Alexander Hamilton on his momβs side, and Jessie James on his dadβs side.
βMy family roots are about as American as you can get,β he said. βIβve also been entrusted with building and safeguarding Elonβs companies since 1999 and have a keen eye (as you do) for bad actors, so have enough perspective to tell you that Natalia has no bad blood and that she loves America.β
Of course, this perspective comes from someone who has the utmost regard for the interests of the βspecial government employeeβ Mr. Musk, who has been bragging about tossing entire federal agencies into the βwood chipper,β and who recently wielded an actual chainsaw on stage while referring to it as the βchainsaw for bureaucracy.β
βElonβs intentions are good and you can trust him,β Spikes assured.
A special note of thanks for research assistance goes to Jacqueline Sweet, an independent investigative journalist whose work has been published in The Guardian, Rolling Stone, POLITICO and The Intercept.
Article tags
Cybercriminals will always try to cash in on a good thing, and football is no exception. Online scammers are ramping up for the big game with all types of schemes designed to rip you off and steal your personal infoβbut you have several ways you can beat them at their game. Β
Like shopping holidays, tax season, and even back-to-school time, scammers take advantage of annual events that get people searching for deals and information online. You can include big games and tournaments in that list too.Β
Specific to this big game, you can count on several types of scams to rear their heads this time of yearβticket scams, merchandise scams, betting scams, and phony sweepstakes as well. Theyβre all in the mix, and theyβre all avoidable. Here, weβll break them down.Β
As of two weeks out, tickets for the big game on the official ticketing website were going for $6,000 or so, and that was for the so-called βcheap seats.β Premium seats in the lower bowl 50-yard line, sold by verified resellers, were listed at $20,000 a pop or higher.Β Β
While the game tickets are now 100% mobile, that hasnβt prevented scammers from trying to pass off phony tickets as the real deal. Theyβll hawk those counterfeits in plenty of places online, sometimes in sites like your friendly neighborhood Craigslist. Β
So if youβre in the market for tickets, there are certainly a few things to look out for:Β
If you plan on enjoying the game closer to home, you may be in the market for some merchβa hat, a jersey, a tee, or maybe some new mugs for entertaining when you host the game at your place. With all the hype around the game, out will come scammers who set up bogus online stores. Theyβll advertise items for sale but wonβt deliverβleaving you a few dollars lighter and the scammers with your payment information, which they can use on their own for identity fraud.Β
You can shop safely with a few straightforward steps:Β
This is a great one to start with. Directly typing in the correct address for reputable online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you donβt know much about, the U.S. Better Business Bureau (BBB) asks shoppers to do their research and make sure that retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search simply by typing in their name.Β
If you feel like doing extra sleuthing, look up the address of the website and see when it was launched. A visit to the Internet Corporation for Assigned Names and Numbers (ICANN) at ICANN.org gives you the option to search a web address and see when it was launched, along with other information about who registered it. While a recently launched site is not an indicator of a scam site alone, sites with limited track records may give you pause if you want to shop thereβparticularly if thereβs a chance it was just propped up by a scammer.Β Β
Look for the lock icon in your browser when you shop.Β
Secure websites begin their address with βhttps,β not just βhttp.β That extra βsβ in stands for βsecure,β which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you donβt see that itβs secure, itβs best to avoid making purchases on that website.Β
Credit cards are a good way to go. One reason why is the Fair Credit Billing Act, which offers protection against fraudulent charges on credit cards by giving you the right to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Your credit card companies may have their own policies that improve upon the Fair Credit Billing Act as well. Debit cards donβt get the same protection under the Act.Β Β
Comprehensive online protection software will defend against the latest virus, malware, spyware, and ransomware attacks plus further protect your privacy and identity. In addition to this, it can also provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who may try to force their way into your accounts. And, specific to the scams floating around this time of year, online protection can help prevent you from clicking links to known or suspected malicious sites.Β
Itβs hard to watch sports these days without odds and stat lines popping up onto the screen, along with a fair share of ads that promote online betting. If youβre thinking about making things interesting with some betting, keep a few things in mind:Β
As it is every year, youβll see kinds of sweepstakes and giveaways leading up to the game, plenty of them legitimate. Yet as they do, scammers will try and blend in by rolling out their own bogus promotions. Their aim: to part you from your cash or even your personal information.Β
A quick way to sniff out these scams is to take a close look at the promotion. For example, if it asks you to provide your bank information to send you your prize money, count on it being a scam. Likewise, if the promotion asks you to pay to claim a prize in some form or other, itβs also likely someoneβs trying to scam you.Β Β
In all, steer clear of promotions that ask something for something in return, particularly if itβs your money or personal information.Β
As it is of late, all kinds of scams will try to glom onto the big game this year. And some of the best advice for avoiding them is not to give in to the hype. Scammers prey on scarcity, a sense of urgency, and keyed-up emotions in general. Their hope is that these things may make you less critical and more likely to overlook things that would otherwise seem sketchy or too good to be true. Staying focused as you shop, place a wager, or otherwise look to round out your enjoyment of the big game is some of your absolute best defense against scammers right now, and any time.Β
The post Super Scams β Beat the Online Scammers Who Want to Sack Your Big Game appeared first on McAfee Blog.
Data Privacy Week is here, and thereβs no better time to shine a spotlight on one of the biggest players in the personal information economy: data brokers. These entities collect, buy, and sell hundredsβsometimes thousandsβof data points on individuals like you. But how do they manage to gather so much information, and for what purpose? From your browsing habits and purchase history to your location data and even more intimate details, these digital middlemen piece together surprisingly comprehensive profiles. The real question is: where are they getting it all, and why is your personal data so valuable to them? Letβs unravel the mystery behind the data broker industry.
Data brokers aggregate user info from various sources on the internet. They collect, collate, package, and sometimes even analyze this data to create a holistic and coherent version of you online. This data then gets put up for sale to nearly anyone whoβll buy it. That can include marketers, private investigators, tech companies, and sometimes law enforcement as well. Theyβll also sell to spammers and scammers. (Those bad actors need to get your contact info from somewhere β data brokers are one way to get that and more.)
And that list of potential buyers goes on, which includes but isnβt limited to:
These companies andΒ social mediaΒ platforms use your data to better understand target demographics and the content with which they interact. While the practice isnβt unethical in and of itself (personalizing user experiences and creating more convenient UIs are usually cited as the primary reasons for it), it does make your data vulnerable to malicious attacks targeted toward big-tech servers.
Most of your online activities are related. Devices like your phone, laptop, tablets, and even fitness watches are linked to each other. Moreover, you might use one email ID for various accounts and subscriptions. This online interconnectedness makes it easier forΒ data brokersΒ to create a cohesive user profile.
Mobile phoneΒ appsΒ are the most common way forΒ data brokerageΒ firms to collect your data. You might have countlessΒ appsΒ for various purposes, such as financial transactions, health and fitness, orΒ social media.
A number of theseΒ appsΒ usually fall under the umbrella of the same or subsidiary family ofΒ apps, all of which work toward collecting and supplying data to big tech platforms. Programs like Googleβs AdSense make it easier for developers to monetize theirΒ appsΒ in exchange for the user information they collect.
Data brokers also collect data points like your home address, full name, phone number, and date of birth. They have automated scraping tools to quickly collect relevant information from public records (think sales of real estate, marriages, divorces, voter registration, and so on).
Lastly,Β data brokersΒ can gather data from other third parties that track your cookies or even placeΒ trackersΒ or cookies on your browsers. Cookies are small data files that track your online activities when visiting different websites. They track yourΒ IP addressΒ and browsing history, which third parties can exploit. Cookies are also the reason you see personalized ads and products.
Data brokersΒ collate your private information into one package and sell it to βpeople searchβ websites. As mentioned above, practically anyone can access these websites and purchase extensiveΒ consumer data, for groups of people and individuals alike.
Next, marketing and sales firms are some ofΒ data brokersβ biggest clients. These companies purchase massive data sets fromΒ data brokersΒ to research yourΒ data profile. They have advanced algorithms to segregate users into various consumer groups and target you specifically. Their predictive algorithms can suggest personalized ads and products to generate higher lead generation and conversation percentages for their clients.
We tend to accept the terms and conditions that variousΒ appsΒ ask us to accept without thinking twice or reading the fine print. You probably cannot proceed without letting theΒ appΒ track certain data or giving your personal information. To a certain extent, we trade some of our privacy for convenience. This becomes public information, andΒ appsΒ andΒ data brokers collect, track, and use our data however they please while still complying with the law.
There is no comprehensive privacy law in the U.S. on a federal level. This allowsΒ data brokersΒ to collect personal information and condense it into marketing insights. While not all methods of gathering private data are legal, it is difficult to track the activities ofΒ data brokersΒ online (especially on the dark web). As technology advances, there are also easier ways to harvest and exploit data.
As of March 2024, 15 states in the U.S. have data privacy laws in place. That includes California, Virginia, Connecticut, Colorado, Utah, Iowa, Indiana, Tennessee, Oregon, Montana, Texas, Delaware, Florida, New Jersey, and New Hampshire.[i] The laws vary by state, yet generally, they grant rights to individuals around the collection, use, and disclosure of their personal data by businesses.
However, these laws make exceptions for certain types of data and certain types of collectors. In short, these laws arenβt absolute.
SomeΒ data brokersΒ let youΒ remove your information from their websites. There are also extensive guides available online that list the method by which you can opt-out of some of the biggest data brokering firms. For example,Β a guide by Griffin Boyce, the systems administrator at Harvard Universityβs Berkman Klein Center for Internet and Society, provides detailed information on how to opt-out of a long list ofΒ data broker companies.
Yet the list of data brokers is long. Cleaning up your personal data online can quickly eat up your time, as it requires you to reach out to multiple data brokers and opt-out.
Rather than removing yourself one by one from the host of data broker sites out there, you have a solid option: our Personal Data Cleanup.
Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites. And if you want to save time on manually removing that info, you have options. Our McAfee+ Advanced and Ultimate plans come with full-service Personal Data Cleanup, which sends requests to remove your data automatically.
If the thought of your personal info getting bought and sold in such a public way bothers you, our Personal Data Cleanup can put you back in charge of it.
[i] https://pro.bloomberglaw.com/insights/privacy/state-privacy-legislation-tracker/
Β
The post How Data Brokers Sell Your Identity appeared first on McAfee Blog.
FreshRSS