Login
McAfee Total Protection users can feel even more secure online knowing that AV-Comparatives has named it the best in 2024 for both real-world protection and overall speed.
The two awards – the 2024 Real-World Protection Gold Award and the Best Overall Speed Gold Award – underscore McAfee’s commitment to providing powerful security without compromising PC performance, a critical combination at a time when 59% of people globally report falling victim to an online scam or knowing someone who has, with 87% of these individuals losing money—an astounding average loss of $1,366 USD.
“We are honored to receive both the Best Real-World Protection and the Best PC Performance awards,” said McAfee Chief Technology Officer Steve Grobman. “AV-Comparatives is a renowned institute with a reputation for analysis and quality assurance that stands tall, and this recognition further reinforces our leadership in online protection. With our AI-powered threat protection, we remain committed to staying one step ahead of cybercriminals while having the lowest impact on PC performance, so that people can enjoy their online lives with confidence.”
Each year, AV-Comparatives rigorously tests leading consumer security products to evaluate their effectiveness in real-world scenarios as well as their impact on system performance. McAfee’s standout results reflect the strength of its:
Protect yourself and your family today with McAfee Total Protection, which includes the award-winning anti-malware technology, scam protection, identity monitoring, Secure VPN, password management, and safe browsing capabilities for all-in-one security.
Get started with a free trial of McAfee Total Protection here. McAfee’s award-winning technology is also available in McAfee+ Premium, McAfee+ Advanced, and McAfee+ Ultimate.
Read the full report on AV-Comparatives’ awards here.
The post AV-Comparatives Crowns McAfee as 2024’s Leader in Online Protection and Speed appeared first on McAfee Blog.
In a world where deepfake scams and misinformation are increasingly pervasive, McAfee is taking a bold step forward with major enhancements to its AI-powered deepfake detection technology. By partnering with AMD and harnessing the Neural Processing Unit (NPU) within the latest AMD Ryzen
AI 300 Series processors announced at CES, McAfee Deepfake Detector is designed to empower users to discern truth from fiction like never before.
As deepfake technology becomes more sophisticated, so too does the challenge of identifying manipulated content. Nearly two-thirds of people globally report rising concerns over deepfakes, emphasizing the need for tools that can accurately detect falsified content.
To address this growing issue, McAfee introduced its cutting-edge AI technology, now supercharged through its collaboration with AMD, McAfee Deepfake Detector can deliver detection in seconds to help consumers navigate videos increasingly riddled with misinformation.
Cybercriminals are leveraging AI to manipulate audio and video, creating hyper-realistic deepfakes that are difficult to identify with the naked eye. McAfee’s Deepfake Detector uses advanced Convolution Neural Network models—AI tools specifically trained to identify manipulated or AI-generated audio within videos.
This groundbreaking technology is aimed at not only enhancing online safety but also setting a new standard for AI-powered tools.
McAfee’s partnership with AMD takes deepfake detection to the next level. By leveraging the 50 TOPS of performance in the latest AMD Ryzen AI 300 Series processors, McAfee Deepfake Detector achieves lightning–fast detection of deepfakes. This collaboration announced at CES marks a significant leap forward in balancing AI performance with user privacy, giving consumers the best of both worlds: robust protection and peace of mind.
This newest generation of AMD mobile processors represents huge leaps forward not just in compute and graphics performance but also in AI capabilities and experiences, all powered by the world’s most advanced family of processors1. McAfee Deepfake Detector leverages AMD XDNA 2 architecture providing up to a 5X increase in NPU power vs. the previous generation2, confirming continued AMD leadership in innovation and performance in this new category of AI PC computing.
McAfee’s Deepfake Detector integrates effortlessly into the user’s workflow, ensuring that everyone—from professionals to casual users—can access next-level protection without technical hurdles.
As deepfake technology evolves, McAfee Deepfake Detector is a game-changer in the fight against misinformation and scams. By combining AI-powered detection with the cutting-edge AMD Ryzen AI 300 Series processors and NPU technology, McAfee delivers:
Stay one step ahead of deepfake threats. Whether you’re a professional, a consumer, or simply navigating the digital world, McAfee empowers you to discern truth from fiction—designed for a safer, more secure online experience.
1 Based on node size. As of January 2024, AMD Ryzen AI 300 Series processors are amongst the most advanced series of processors based on 4nm node size, whereas available competitive (non-AMD) x86 laptop processors are based on 7nm TSMC process.
2 Based on engineering specifications as of May 2024 comparing total TOPS capacity for Ryzen AI 300 Series processor’s NPU to Ryzen 7040 Series processor’s NPU.
The post McAfee Deepfake Detector: Fighting Misinformation with AMD AI-Powered Precision appeared first on McAfee Blog.
It’s been a big year for big data breaches. Billions of records on millions of people have been exposed at an estimated cost of nearly $10 trillion dollars to people and businesses alike worldwide.[i]
While we still have a few weeks in the year left to go, here’s a roundup of five of the most noteworthy breaches this year. And while you can’t prevent big data breaches from happening, you can still take several preventive steps to protect yourself from the fallout. We’ll cover them here too.
News of a major data breach that involved nearly three billion records came to light over the summer from a somewhat unusual source — a class-action complaint filed in Florida.
The complaint concerned National Public Data (NPD), a company that provides background checks. Per their website, “[NPD obtains] information from various public record databases, court records, state and national databases, and other repositories nationwide.”
The complaint alleged that NPD was hit by a data breach in or around April 2024. [ii] The complaint filed in the U.S. District Court further alleges:
Typically, companies self-report these breaches, thanks to regulations and legislation that require them to do so in a timely manner. That way, initial word of breaches reaches customers through emails, news reports, and sometimes through notifications to certain state attorney generals.
In this case, it appeared that no notices were immediately sent to potential victims.
As to how the primary plaintiff discovered the breach, he “received a notification from his identity theft protection service provider notifying him that his [personal info] was compromised as a direct result of the ‘nationalpublicdata.com’ breach …” (And you can certainly add online protection software to the list of ways you can find out about a data breach before a company notifies you.)
Further, in June, The Register reported that a hacker group by the name of USDoD claimed it hacked the records of 2.9 billion people and put them up for sale on the dark web.[iii] The price tag, U.S. $3.5 million. The group further claimed that the records include U.S., Canadian, and British citizens.
Just how big was the Ticketmaster data breach? It appears that over a half-billion people might have had their personal info compromised.
Ticketmaster’s parent company, Live Nation Entertainment, first announced the breach in late May. The company said that it had identified “unauthorized activity” from April 2 to May 18, 2024.
Soon after, the noted hacking group ShinyHunters claimed responsibility for the breach.[iv] According to the hackers, their 1.3 terabyte haul of data includes 560 million people — along with a mix of their names, addresses, email addresses, phone numbers, order information, and partial payment card details. They allegedly posted that info for sale on the dark web in late May.[v]
Live Nation then began notifying potential victims by physical mail, stating:
“The personal information that may have been obtained by the third party may have included your name, basic contact information, and <extra>.”
Per a support document posted by Ticketmaster, the <extra> part varied by individual. Depending on what was compromised, that might have included “email, phone number, encrypted credit card information as well as some other personal information provided to [Ticketmaster].”[vi]
Also affecting millions of people in 2024, a breach at Infosys McCamish Systems (IMS), a company that provides solutions and services to insurance companies and financial institutions. Per an announcement from IMS[vii], the company,
“[D]etermined that unauthorized activity occurred between October 29, 2023, and November 2, 2023. Through the investigation, it was also determined that data was subject to unauthorized access and acquisition.”
There’s a good chance you haven’t heard of IMS before reading this article. Yet to put the attack in perspective, it affected people who hold accounts with companies like Bank of America, Oceanview Life and Annuity Company, Fidelity Investments Life Insurance, Newport Group, and Union Labor Life Insurance.
Also per IMS, the full run of personal info swept up in the attack included:
| · Social Security Numbers
· Dates of birth · Medical records · Biometric data · Email address and passwords · Usernames and passwords |
· Driver’s license and state ID numbers
· Financial account info · Payment card info · Passport numbers · Tribal ID numbers · US military ID numbers |
Notifications went out to potential victims in several ways and at several times. Bank of America sent notices to 50,000 people in February, alerting them that their info was compromised by an unidentified third party.[viii] Fidelity Investments Life Insurance notified 28,000 potential victims in March.[ix] In late June, IMS began contacting the six million potential victims overall — eight months after the date of the initial attack.[x]
The second breach involves (FBCS), a bonded collection agency based on the U.S. east coast. On February 26, 2024, the company noted unauthorized access to their systems, which covered a twelve-day period starting on February 14.[xi] In an April notice of a “data event,” FBCS stated that people might have had the following info compromised:
“[C]onsumer name, address, date of birth, Social Security number, driver’s license number, other state identification number, medical claims information, provider information, and clinical information (including diagnosis/conditions, medications, and other treatment information), and/or health insurance information.”
FBCS went on to say that the compromised info varied from person to person.
Initially, the scope of the breach appeared to approach two million victims.[xii] Several updated filings continued to increase that number. At last reporting, the figure had ballooned to more than four million people affected.[xiii]
In April, mobile carrier AT&T learned that hackers had stolen the call and text logs of nearly all its customers, estimated at nearly 100 million people. That further included customers who used Cricket, Boost Mobile, and Consumer Cellular, which are mobile virtual network operators (MVNOs) that use AT&T’s network.
The compromised data covered a period between May 1, 2022, and October 31, 2022, with a small number of records from January 2, 2023, also affected. According to AT&T, hackers gained access through a third-party cloud platform account.[xiv]
The stolen data revealed the phone numbers customers communicated with, along with the frequency and total duration of calls and texts for specific periods. In this way, the breach affected more than just customers of AT&T — it affected anyone who may have called or texted with an AT&T customer.
However, AT&T assured customers that the content of calls or texts, timestamps, Social Security numbers, dates of birth, or other personal details were not compromised.
Of concern, a determined hacker with access to the data could infer a lot from these logs, such as businesses and people customers regularly speak with. In turn, this could fuel phishing scams by giving them extra credibility if the scammer poses as the businesses and people involved.
These breaches show the risks and frustrations that we, as consumers, face in the wake of such attacks. It often takes months before we receive any kind of notification. And of course, that gap gives hackers plenty of time to do their damage. They might use stolen info to commit identity crimes, or they might sell it to others who’ll do the same. Sometimes, we’re in the dark about a data breach until we get hit with a case of identity theft ourselves.
Indeed, plenty of breaches go unreported or under-reported. Even so, word of an attack that affects you might take some time to reach you. With that, preventative measures offer the strongest protection from data breaches.
To fully cover yourself, we suggest the following:
Check your credit, consider a security freeze, and get ID theft protection.
With your personal info potentially on the dark web, strongly consider taking preventive measures now. Checking your credit and getting identity theft protection can help keep you safer in the aftermath of a breach. Further, a security freeze can help prevent identity theft if you spot any unusual activity. You can get all three in place with our McAfee+ Advanced or Ultimate plans. Features include:
Monitor your identity and transactions.
Breaches and leaks can lead to exposure, particularly on dark web marketplaces where personal info gets bought and sold. Our Identity Monitoring can help notify you quickly if that happens. It keeps tabs on everything from email addresses to IDs and phone numbers for signs of breaches. If spotted, it offers advice that can help secure your accounts before they’re used for identity theft.
Also in our McAfee+ plans, you’ll find several types of transaction monitoring that can spot unusual activity. These features track transactions on credit cards and bank accounts — along with retirement accounts, investments, and loans for questionable transactions. Finally, further features can help prevent a bank account takeover and keep others from taking out short-term payday loans in your name.
Keep an eye out for phishing attacks.
With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info — either by tricking you into providing it or by stealing it without your knowledge. So look out for phishing attacks, particularly after breaches.
If you are contacted by a company, make certain the communication is legitimate. Bad actors might pose as them to steal personal info. Don’t click or tap on links sent in emails, texts, or messages. Instead, go straight to the appropriate website or contact them by phone directly.
For even more security, you can use our Text Scam Detector. It scans links in texts and lets you know if it’s risky. And if you accidentally click or tap a bad link, it blocks the sketchy sites they can take you to.
Update your passwords and use two-factor authentication.
Changing your password is a strong preventive measure. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager helps you keep on top of it all, while also storing your passwords securely.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts helps your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone.
[i] https://www.statista.com/forecasts/1280009/cost-cybercrime-worldwide
[ii]https://www.bloomberglaw.com/public/desktop/document/HofmannvJericoPicturesIncDocketNo024cv61383SDFlaAug012024CourtDoc?doc_id=X6S27DVM6H69DSQO6MTRAQRIVBS
[iii] https://www.theregister.com/2024/06/03/usdod_data_dump/
[iv] https://www.pcmag.com/news/ticketmaster-confirms-user-email-addresses-phone-numbers-stolen-in-hack
[v] https://www.sec.gov/Archives/edgar/data/1335258/000133525824000081/lyv-20240520.htm
[vi] https://help.ticketmaster.com/hc/en-us/articles/26110487861137-Ticketmaster-Data-Security-Incident
[vii] https://www.infosysbpm.com/mccamish/about/notice-of-cybersecurity-incident.html
[viii] https://www.bankinfosecurity.com/bank-america-responds-to-breach-a-4487
[ix] https://www.securityweek.com/fidelity-investments-notifying-28000-people-of-data-breach/
[x] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/b152fd39-9f84-4ca5-a149-d20b94ed8ef6.html
[xi] https://www.fbcs-inc.com/cyber-incident/
[xii] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/5fe1ede5-aafd-4da2-b1a4-0057a6cdadc6.shtml
[xiii] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/7e6ff931-a035-480f-a977-e11a8af7f768.html
[xiv] https://about.att.com/story/2024/addressing-illegal-download.html
The post 2024 Data Breaches Wrapped appeared first on McAfee Blog.
Deepfakes of Prince William and the UK Prime Minister are pushing investment scams on Facebook and Instagram.
Uncovered by Fenimore Harper Communications, a media research organization, the deepfakes take the form of ads that lead to a phony cryptocurrency platform.[i] According to Fenimore Harper, the equivalent of $27,000 U.S. dollars has been spent on these ads and they have reached more than 890,000 people.
In all, scammers fueled the ads with 14 different currencies as diverse as Columbian Pesos, Thai Bahm, Uruguayan Peso, Bangladeshi Taka, and United Arab Emirates Dirham.
In one of the ads, a fake Prime Minister Sir Keir Starmer announces a “national invest platform,” and “to make money on this official platform, all you need is a phone or computer.” Another ad claims that 45 individuals have been specially selected to earn “life-changing money” through a mysterious project.
Another ad features a fake Prince William saying, “I am pleased to announce that I, Prince William, and the entire royal family fully support Prime Minister Keir Starmer’s initiative and his new platform.”
Fenimore Harper says that some of the ads are still running. The organization said that it identified these ads using Meta’s own AI model, Llama 3.1 70B.
Fenimore Harper’s report then found that some of the ads directed people to a bogus cryptocurrency platform called “Immediate Edge.”
Once on the site, people were asked to provide basic contact info, followed by encouragement to make investments.
Fenimore Cooper found several negative reviews for the platform on Trustpilot, “mostly from victims complaining they lost their money or were hounded by scammers over the phone.”
Many of the links to the bogus platform appear to be dead now, even as some ads still appear to circulate.
As reported by The Independent, a spokesperson for Meta said, “Our systems detected and removed the vast majority of these adverts before this report was published. As part of our ads review process—which can include both automated and human reviews — we have several layers of analysis and detection, both before and after an ad goes live. It is against our policies to run ads that improperly use images of public or political figures for deceptive purposes, and we remove these ads when detected.”[ii]
A fake ad featuring Prime Minister Sir Keir Starmer in Fenimore Harper’s report shows that the deepfakes are low-grade. In their example, the scammers use previously aired footage of the Prime Minister dubbed over with AI voice-cloned audio. As in the case of many cheaper deepfakes, the lip-synching matches poorly.
With that, this scam echoes the Taylor Swift cookware deepfake scam we reported on earlier this year. It also used poorly dubbed AI voice-cloned audio atop clips of previously aired footage.
However, despite the low-quality deepfake, this scam sets itself apart with the way the scammers manipulated Google search results. Given that many people use search to research potential investments, the scammers made sure to give themselves favorable reviews.
According to Fenimore Harper, the scammers used SEO-hacking techniques so that the scammers could “place their own copy in Google’s ‘featured snippets’ … [making the] top result a glowing endorsement for the scam.”
Fenimore Harper says that the scammers further duped Google’s AI overview feature, which summarizes search results. In their example, people must scroll through several results that contain disinformation before they get to a credible source for reviews.
In all, it appears the scammers put extra thought and care into their scam. They did more than bank on a deepfake and a bogus site to lure in victims. They anticipated the next move for many victims, which was to hop on a search engine and see if the opportunity was legit.
Scammers have increasingly turned to AI deepfakes of celebrities and other public figures to push their scams. What’s new here is that we have a prime minister and a member of the royal family falling victim to a deepfake as part of the scam.
However, you can steer clear of online investment scams like these, whether they use AI deepfakes or not. Consider the following as apparent “opportunities” crop up online:
Go with a pro.
Working with an accredited financial adviser is always a sound step with any investment you choose to make, as is only investing funds you can afford to lose if the investment falls through.
Watch out for new, untried platforms.
Steer clear of investments that ask you to contribute money directly from one of your own accounts rather than via a reliable, verified platform.
Seek trusted research sources.
As we saw above, the top results in a search might not be the most credible source of info. When researching financial opportunities, look for established, trustworthy sources of review. Consult several sources as well.
Be wary of celebrity and pop culture tie-ins.
Regard any investment based on a pop culture reference like movies, memes, and shows with a highly critical eye. The same goes for public figures. It might very well be a scam built around buzz rather than a legitimate investment, such as it was with the Squid Game cryptocurrency scam we saw in 2021 and the more recent AI deepfake scams featuring a fake Elon Musk promoting bogus investments.
Use online protection software.
AI-powered online protection like you’ll find in our McAfee+ plans sniffs out links to suspicious sites that promote scams and contain malware. Scams like these take you to shady corners of the internet, and our protection will warn you before you tap or click — and block those sites if you tap or click by mistake.
[i] https://www.fenimoreharper.com/research/starmer-disinformation-meta-deepfakes
[ii] https://www.independent.co.uk/news/uk/home-news/starmer-prince-william-ai-deepfake-crypto-scam-b2595554.html
The post Deepfakes of Prince William Lure Social Media Users into an Investment Scam appeared first on McAfee Blog.
News of a major data breach that could affect nearly three billion records comes to light from a somewhat unusual source — a class-action complaint filed in Florida.
Even as details come to light, we advise people to act as if this is indeed a large and significant breach.
First, the details. The filed complaint concerns National Public Data (NPD), a company that provides background checks. Per their website, “[NPD obtains] information from various public record databases, court records, state and national databases, and other repositories nationwide.”
The complaint alleges that NPD was hit by a data breach in or around April 2024. [i] The complaint filed in the U.S. District Court further alleges:
Typically, companies self-report these breaches, thanks to regulations and legislation that require them to report them in a timely manner. That way, initial word of breaches reaches customers through emails, news reports, and sometimes through notifications to certain state attorney generals.
In this case, it appears that no notices were sent to potential victims. Further, we were unable to find any filings with state attorney generals.
As to how the primary plaintiff discovered the breach, he “received a notification from his identity theft protection service provider notifying him that his [personal info] was compromised as a direct result of the ‘nationalpublicdata.com’ breach …” (And you can certainly add online protection software to the list of ways you can find out about a data breach before a company notifies you.)
Further, in June, The Register reported that a hacker group by the name of USDoD claimed it hacked the records of nearly 3 billion people and put them up for sale on the dark web.[ii] The price tag, U.S. $3.5 million. The group further claimed that the records include U.S., Canadian, and British citizens.
From an online protection standpoint, this alleged breach could contain highly sensitive info that, if true, would put three billion people at risk of identity theft. The mere possibility of breached Social Security numbers alone makes it something worth acting on.
This breach shows the risks and frustrations that we, as consumers, face in the wake of such attacks. It often takes months before we receive any kind of notification. And of course, that gap gives hackers plenty of time to do their damage. They might use stolen info to commit identity crimes, or they might sell it to others who’ll do the same. Either way, we’re often in the dark until we get hit with a case of identity theft ourselves.
Indeed, word of an attack that affects you might take some time to reach you. With that, a mix of measures offer the strongest protection from data breaches.
To fully cover yourself, we suggest the following:
Check your credit, consider a security freeze, and get ID theft protection.
With your personal info potentially on the dark web, strongly consider taking preventive measures now. Checking your credit and getting identity theft protection can help keep you safer in the aftermath of a breach. Further, a security freeze can help prevent identity theft if you spot any unusual activity. You can get all three in place with our McAfee+ Advanced or Ultimate plans. Features include:
Monitor your identity and transactions.
Breaches and leaks can lead to exposure, particularly on dark web marketplaces where personal info gets bought and sold. Our Identity Monitoring can help notify you quickly if that happens. It keeps tabs on everything from email addresses to IDs and phone numbers for signs of breaches. If spotted, it offers advice that can help secure your accounts before they’re used for identity theft.
Also in our McAfee+ plans, you’ll find several types of transaction monitoring that can spot unusual activity. These features track transactions on credit cards and bank accounts — along with retirement accounts, investments, and loans for questionable transactions. Finally, further features can help prevent a bank account takeover and keep others from taking out short-term payday loans in your name.
Keep an eye out for phishing attacks.
With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info — either by tricking you into providing it or by stealing it without your knowledge. So look out for phishing attacks, particularly after breaches.
If you are contacted by a company, make certain the communication is legitimate. Bad actors might pose as them to steal personal info. Don’t click or tap on links sent in emails, texts, or messages. Instead, go straight to the appropriate website or contact them by phone directly.
For even more security, you can use our new Text Scam Detector. It puts a stop to scams before you click by detecting any suspicious links and sending you an alert. And if you accidentally tap a bad link, it blocks the sketchy sites they can take you to.
Update your passwords and use two-factor authentication.
Changing your password is a strong preventative measure. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager helps you keep on top of it all, while also storing your passwords securely.
While a strong and unique password is a good first line of defense, enabling two-factor authentication acrohttps://www.mcafee.com/blogs/consumer/strong-password-ideas-to-keep-your-information-safe/?hilite=%27password%27ss your accounts helps your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone.
Remove your personal info from data broker sites.
According to the filed complaint, National Public Data “scrapes” personal info from non-public sources. Further, the home page of the website mentions that it gathers info “from various public record databases, court records, state and national databases, and other repositories nationwide.” While we can’t confirm this ourselves, we can cautiously call out that these sources might include data broker sites.
While any damage here has already been done, we recommend removing your personal info from these data broker sites. This can prevent further exposure in the event of future breaches elsewhere. Our Personal Data Cleanup can do this work for you. It scans data broker sites and shows you which ones sell your personal info. From there, it shows how you can remove your data. And our McAfee+ Advanced and Ultimate plans come with full-service Personal Data Cleanup, which sends requests to remove your data automatically.
[i] https://www.bloomberglaw.com/public/desktop/document/HofmannvJericoPicturesIncDocketNo024cv61383SDFlaAug012024CourtDoc?doc_id=X6S27DVM6H69DSQO6MTRAQRIVBS
[ii] https://www.theregister.com/2024/06/03/usdod_data_dump/
The post Data Breach Exposes 3 Billion Personal Information Records appeared first on McAfee Blog.
Recently, a significant global outage resulted in thousands of Windows computers being brought offline. The source of the outage was linked to a faulty CrowdStrike security update.McAfee has observed opportunistic scammers exploiting the current outage, which has disrupted essential systems across industries including banking, airlines, emergency services, and more, as well as consumers trying to access their Windows devices. Given the global impact of this outage, consumers are urged to remain highly vigilant to protect their personal information and ensure their data remains secure.
The outage has severely impacted numerous high-profile services:
Banking: Major Australian banks faced disruptions, affecting transactions and customer access.
Airlines: Carriers such as Ryanair, along with Delta, United, and American Airlines reported significant operational delays. The Federal Aviation Administration (FAA) also noted disruptions in airline operations.
Broadcasting: TV broadcasters in Australia and the UK broadcaster Sky News experienced interruptions in their services.
Emergency Services: In Alaska, several 911 emergency call centers reported difficulties, potentially affecting response times to emergencies.
Travel: Airports are among the transportation hubs experiencing delays, affecting thousands of flights and countless travelers.
The outage has been far-reaching, affecting everything from the London Stock Exchange to everyday consumers facing the dreaded blue screen on their Windows devices. With Microsoft systems constituting about 70% of desktop operating systems worldwide, the effects of this outage are extensive, influencing many millions of people across the globe.
Amidst this chaos, opportunistic scammers are capitalizing on the situation. McAfee has already seen scams, where fraudsters are exploiting the current vulnerabilities to deceive consumers. These scams range from phishing attacks related to flight rescheduling, to cybercrooks posing as banks to steal login information, and even retailers requesting alternate payment methods.
Given the current scenario, it is crucial for consumers to remain vigilant and protect their personal information. Here are some essential tips to keep in mind:
The recent global outage affecting Windows systems has had a profound impact across multiple sectors, disrupting essential services and exposing vulnerabilities that opportunistic scammers are keen to exploit. As the digital landscape becomes increasingly interconnected, the importance of maintaining rigorous cybersecurity measures cannot be overstated. Consumers and organizations alike must stay vigilant, enhance their security protocols, and remain proactive in safeguarding their personal and operational data against such threats. This incident serves as a stark reminder of the cascading effects that a single point of failure can have in our globally networked environment.
The post CrowdStrike Outage Provides Opportunities for Scammers appeared first on McAfee Blog.
Citing national security concerns, the U.S. Department of Commerce has issued a ban on the sale of all Kaspersky online protection software in the U.S. This ban takes effect immediately.
Of major importance to current customers of Kaspersky online protection, the ban also extends to security updates that keep its protection current. Soon, Kaspersky users will find themselves unprotected from the latest threats.
Current Kaspersky users have until September 29, 2024 to switch to new online protection software. On that date, updates will cease. In fact, the Department of Commerce shared this message with Kaspersky customers:
“I would encourage you, in as strong as possible terms, to immediately stop using that [Kaspersky] software and switch to an alternative in order to protect yourself and your data and your family.”
As providers of online protection ourselves, we believe every person has the right to be protected online. Of course, we (and many industry experts!) believe McAfee online protection to be second to none, but we encourage every single person to take proactive steps in securing their digital lives, whether with McAfee or a different provider. There is simply too much at stake to take your chances. The nature of life online today means we are living in a time of rising cases of online identity theft, data breaches, scam texts, and data mining.
If you’re a current Kaspersky US customer, we hope you’ll strongly consider McAfee as you look for a safe and secure replacement. For a limited time, you can get a $10 discount to switch to McAfee using code MCAFEEKASUS10 at checkout.
With that, we put together a quick Q&A for current Kaspersky users who need to switch their online protection software quickly. And as you’ll see, the Department of Commerce urges you to switch immediately.
Yes. The Department of Commerce has issued what’s called a “Final Determination.” In the document, the government asserts that:
“The Department finds that Kaspersky’s provision of cybersecurity and anti-virus software to U.S. persons, including through third-party entities that integrate Kaspersky cybersecurity or anti-virus software into commercial hardware or software, poses undue and unacceptable risks to U.S. national security and to the security and safety of U.S. persons.”
(i) This news follows the 2017 ban on using Kaspersky software on government devices. (ii) That ban alleged that Russian hackers used the software to steal classified materials from a device that had Kaspersky software installed. (iii) Kaspersky has denied such allegations.
Yes. In addition to barring new sales or agreements with U.S. persons from July 20, the ban also applies to software updates. Like all online protection software, updates keep people safe from the latest threats. Without updates, the software leaves people more and more vulnerable over time. The update piece of the ban takes hold on September 29. With that, current users have roughly three months to get new online protection that will keep them protected online.
The answer depends on your device. The links to the following support pages can walk you through the process:
Today, you need more than anti-virus to keep you safe against the sophisticated threats of today’s digital age. You need comprehensive online protection. By “comprehensive” we mean software that protects your devices, identity, and privacy. Comprehensive online protection software from McAfee covers all three — because hackers, scammers, and thieves target all three.
“Comprehensive” also means that your software continues to grow and evolve just as the internet does. It proactively rolls out new features as new threats appear, such as:
Text Scam Detector that helps protect you against the latest scams via text, email, QR codes, and on social media. Also, should you accidentally click, web protection blocks sketchy links that crop up in searches and sites.
Social Privacy Manager that helps you adjust more than 100 privacy settings across your social media accounts in only a few clicks. It also protects privacy on TikTok, making ours the first privacy service to protect people on that platform. For families, that means we now cover the top two platforms that teens use, TikTok and YouTube.
AI-powered protection that doesn’t slow you down. For more than a decade, our award-winning protection has used AI to block the latest threats — and today it provides 3x faster scans with 75% fewer processes running on the PC. Independent tests from labs like AV-Comparatives have consistently awarded McAfee with the highest marks for both protection and for performance.
What should I do about the Kaspersky ban?
As the Department of Commerce urges, switch now.
Yet, make a considered choice. Comprehensive online protection software that looks out for your devices, identity, and privacy is a must — something you are likely aware of already as a Kaspersky user.
We hope this rundown of the Kaspersky news helps as you seek new protection. And we also hope you’ll give us a close look. Our decades-long track record of award-winning protection and the highest marks from independent labs speaks to how strongly we feel about protecting you and everyone online. Kaspersky US customers can get a discount to switch to McAfee for a limited time, using code MCAFEEKASUS10 at checkout.
The post The Kaspersky Software Ban—What You Need to Know to Stay Safe Online appeared first on McAfee Blog.
AT&T announced a cybersecurity breach on July 12th that exposed call records and text data for a significant portion of its customer base. This includes customers on mobile virtual network operators (MVNOs) that use AT&T’s network, like Cricket, Boost Mobile, and Consumer Cellular.
The compromised data covers a period between May 1, 2022, and October 31, 2022, with a small number of records from January 2, 2023, also affected. According to AT&T, hackers gained access through a third-party cloud platform account, similar to breaches at Ticketmaster and Santander Bank.
The stolen data reveals the phone numbers customers communicated with, along with the frequency and total duration of calls/texts for specific periods. However, AT&T assures customers that the content of calls or texts, timestamps, Social Security numbers, dates of birth, or other personal details were not compromised.
AT&T claims the data isn’t publicly available and has secured the access point used by the hackers. They’re collaborating with law enforcement to apprehend those involved, with one arrest already reported. AT&T will notify affected customers and offer resources to protect their information.
This incident follows a previous leak earlier this year that exposed data of over 70 million AT&T customers, details of that leak can be found below.
AT&T, one of the largest telecom giants, recently acknowledged a significant data leak that has affected millions of its customers. The leaked dataset, which includes personal information such as names, addresses, phone numbers, and Social Security numbers, has raised concerns about privacy and security. In this blog post, we will provide an overview of the situation, explain the steps AT&T is taking to address the issue, and offer guidance on how you can protect yourself.
The Data Leak: AT&T has confirmed that the leaked dataset contains information from over 7.6 million current customers and 65 million former customers. The compromised data may include full names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, AT&T account numbers, and passcodes. The company has reset the security passcodes of affected active customers.
AT&T’s Response: AT&T is actively reaching out to affected customers via email or letter to inform them about the data that was included in the leak and the measures being taken to address the situation. The company has also initiated a thorough investigation, working with external cybersecurity experts to analyze the incident. So far, there is no evidence of authorized access to AT&T’s systems resulting in data exfiltration.
Protecting Yourself: If you are an AT&T customer, it is crucial to take steps to protect yourself from potential fraud or identity theft. AT&T recommends setting up free fraud alerts with credit bureaus Equifax, Experian, and TransUnion. These alerts can help notify you of any suspicious activity related to your personal information. Additionally, consider implementing the following measures:
McAfee+ automatically monitors your personal data, including your:
✓ Social Security Number / Government ID
✓ Driver’s license number
✓ Passport number
✓ Tax ID
✓ Date of birth
✓ Credit card numbers
✓ Bank account numbers
✓ Usernames
✓ Insurance ID cards
✓ Email addresses
✓ Phone numbers
AT&T’s data leak is a concerning incident that highlights the importance of safeguarding personal information in the digital age. By staying informed, taking proactive measures to protect yourself, and remaining vigilant against potential threats, you can minimize the risk of falling victim to fraud or identity theft. Remember, your privacy and security are paramount, and it’s crucial to stay one step ahead of cybercriminals.
The post UPDATED: AT&T Data Leak: What You Need to Know and How to Protect Yourself appeared first on McAfee Blog.
Over the past year and a half, workers everywhere have gotten used to working from home. They have adopted an entirely new work from home mindset and diverted their weekly commuting hours to other productive and more enjoyable pursuits. As parts of the world return to a “new normal,” another change is on the way: a gradual return to the office.
The hybrid working model is met with mixed reviews from employees and business security teams alike. For some employees, a clearer separation between work and home is a welcome change. CTV News reports 66% of Canadian respondents to an International Workplace Group poll say they are looking forward to splitting their working hours between the office and home.
For business security teams who are just catching their breath after the monumental shift to a remote workforce, they are now gearing up for the new online safety challenges posed by the hybrid work model. According to a VMware Canada Threat Report, 86% of security professionals agree that cyberattacks aimed at their organizations have become more sophisticated since the onset of the pandemic. Additionally, 91% of global respondents cite employees working from home as the cause of cyberattacks. Challenges of the hybrid workforce include the constant back-and-forth of company-issued devices, the lack of control over home office setups, and mixing personal and company devices with company and personal business respectively. For example, if you pay your bills or shop online using your work device, it opens several new avenues for a hacker to walk right onto the corporate network. When your guard is down even a little bit when you are off the clock, you could fall victim to e-skimmers, fake login pages, or phishing scams.
No matter how advanced your company’s threat detection system, hackers know where vulnerabilities lie and are on the hunt to exploit them. Check out these tips to ensure you are not the weak link in your organization.
A virtual private network (VPN) is a service that scrambles online browsing data, making it impossible for nefarious characters to decipher your activity. This is an excellent way to deter hackers from tracking your movements and picking up sensitive pieces of information.
VPNs are essential if you are working in a public area, sharing a wireless network with strangers, or using a Wi-Fi connection that is not password protected. Public Wi-Fi networks are notoriously easy pickings for hackers seeking entry into unsuspecting users’ devices. On the days where you are not in the office, make sure your wireless connection is secure.
While a VPN is an excellent tool, security measures and your accounts are vulnerable without a strong and private password or passphrase to protect them. The gigantic Colonial Pipeline hack is being blamed on a hacker gaining entry through an unused VPN that was not secured with multifactor authentication. Multifactor authentication is an online safety measure where more than one method of identity verification is needed to access the valuable information that lies within password-protected accounts.
Consider using a password manager to organize all your passwords and logins. Password managers remember each pairing so you don’t have to, plus most managers are secured with multifactor authentication. A password manager makes it easier to add variety to your passwords and prevents you from ever having to write them down.
Professionals who travel between their home and an office are likely transporting their devices back and forth, increasing the number of opportunities for devices to be forgotten at either location or in transit. As convenient as it may be, never use your personal device for official business. Even if you pride yourself on sound online safety habits, your company device likely has more defenses ingrained in its hardware than your personal devices.
With your personal devices, you should carefully vet everything you download. With your work-issued devices, this vetting process is even more important as company information is at stake. The Information and Privacy Commissioner of Ontario states that employees should never download applications to their work devices without permission from the IT team. Apps and programs often have security vulnerabilities that could open a gateway for hackers.
Zero Trust is a security philosophy that is exactly what it sounds like: trust no one. Businesses are employing Zero Trust models to greatly limit who has access to sensitive data sources. Adopt your own personal Zero Trust philosophy concerning your passwords, logins, and device access. This means never sharing passwords or log in details, especially over email, instant messenger, or over a video conference. Hackers commonly eavesdrop on all three mediums. Also, even your most trusted coworker could mishandle your passwords and login details, such as writing them down and leaving them in a public place.
A key aspect of the Zero Trust model is only granting employees access to platforms that are vital to their job. Sharing your logins with coworkers who may not be authorized for using that platform undermines all the hard work the IT team does to keep tabs on data access.
Every time you turn on the nightly news, another ransomware attack has hit another organization, each one bigger than the last. This heightened prevalence is a reflection on the wiliness of hackers, but also the number of security holes every company must plug.
There are several vulnerable points of entry in every company, and some of those vulnerabilities are heightened by the hybrid work model. Always heed the advice of your company’s IT team, and make sure to do your part to keep your devices and work information secure.
The post Hybrid Workplace Vulnerabilities: 4 Ways to Promote Online Safety appeared first on McAfee Blog.
As the use of mobile devices continues to skyrocket worldwide, a new danger is silently emerging against consumers. This menace, known as malicious software or malware, presents itself in various ways, affecting users in areas such as privacy, identity, and financial theft. This article delves into the deep end of how the proliferation of mobile devices is impacting consumer security.
Undeniably, mobile technology has become an invaluable part of our everyday life. Everywhere you look, you will see individuals caught up in their smartphones or tablets – browsing the internet, shopping, chatting, or even working. However, this increased dependence has not come without its pitfalls. As people tend to shy away from securing their mobile devices properly, they unknowingly expose themselves to fraudsters and hackers.
Mobile technology has become the new frontier for fraudsters and hackers. The ease and convenience that these devices offer have made consumers lower their guard, putting their personal information and security at risk. A worrying trend shows that a significant percentage of smartphone users do not bother to use a simple safeguard like a four-digit password. This lack of basic security, combined with the habit of saving login information on the device, creates an easy avenue for crime.
Statistically, mobile phones have become the prime target for theft, with cities like New York and Washington, D.C., recording high percentages of robberies involving mobile phones. This soaring rate of mobile theft offers a terrifying insight into the severity of the current situation and the challenges that lie ahead in the domain of consumer security.
→ Dig Deeper: So, Your Phone Got Stolen. Here’s What to Do.
Many factors converge to make these handheld marvels increasingly susceptible to breaches. From the expansive array of mobile apps to the subtleties of social engineering, let’s highlight key vulnerabilities and the need for heightened awareness.
Accessing another person’s mobile device has become incredibly easy. With the tech advancements we have today, a hacker can remotely control almost any mobile device. Malicious software can be designed as a harmless picture or audio clip. Unwary users who click on these links or open these attachments get malware installed on their devices without their permission.
On mobile devices, malware operates differently than early PC malware. It does not require your consent, and once installed, you lose control over your device. In essence, your device is figuratively in the hands of the fraudsters. This easy access to your device, coupled with the fact that most users do not secure their devices, has led to a surge in fraud and identity theft cases globally.
The sheer number of mobile applications available on app stores makes it difficult for users to determine which ones are safe. Malicious apps can often make their way onto app stores, and users might inadvertently download and install them, granting access to their device and personal data.
Hackers have become adept at using social engineering tactics to manipulate users into divulging sensitive information or clicking on malicious links. They might impersonate trusted entities or use psychological tricks to deceive users.
Many mobile device users are not sufficiently aware of the security risks associated with their devices. They might not realize the importance of regularly updating their operating systems and apps or employing strong passwords and other security measures.
Users who do not update their mobile operating systems are more susceptible to security vulnerabilities that hackers can exploit. Regular updates often include patches for known vulnerabilities.
→ Dig Deeper: Why Software Updates Are So Important
While many users rely on PINs or simple patterns to unlock their devices, using stronger authentication methods like long, complex passcodes or two-factor authentication can significantly enhance device security.
McAfee Pro Tip: You might be familiar with the phrases “two-factor” or “biometric” authentication. Furthermore, multi-factor authentication is gaining traction in professional settings. Amidst this sea of terminology, distinguishing between the various authentication methods can become quite a challenge. Know the difference between two-factor authentication and multi-factor authentication.
Modern criminals are well aware that your mobile device is an indispensable part of your life. This is because, in a single device, you store some of your most private conversations, confidential information, personal photos, and financial details. For many people, their smartphone is their life – from being a communication tool to a vault for their sensitive data.
These little gadgets have become the key to our personal and financial lives. As they are always on and always with us, they continually create, store, and connect us to valuable and often confidential information. This information has immense value to fraudsters and identity thieves. They realize that just like on your PC, software can track and record your online activities, chats, instant messages, emails, keystrokes, and program usage. It can also capture sensitive details such as bank account numbers, passwords, security questions and answers, GPS locations, and more.
The world of cyber threats as we know it is evolving, thanks to mobile technology. Traditional forms of cybercrime, which primarily targeted PCs are becoming increasingly sophisticated, due to the wealth of information available on mobile devices. The speed and dynamism of the mobile landscape have necessitated the development of new tactics and tools to navigate this challenging and ever-changing terrain.
Disguises and deceptions are commonplace in the mobile cybercrime arena. Things are rarely what they appear to be, with hackers and fraudsters continually developing novel and inventive ways of accessing confidential information. Therefore, the rules of the game have changed, and it is no longer sufficient to solely protect your PC with antivirus software. To ensure user security, a comprehensive approach that encompasses all devices is now paramount.
→ Dig Deeper: 4 Mobile Malware Threats You Can’t Even See
As mobile devices become an essential part of our lives, it is crucial to prioritize their security. With most devices connected to financial accounts, and storing a goldmine of personal, professional, and confidential data, it becomes a pressing necessity to invest in a comprehensive security solution. It should not be limited to an antivirus but should also extend to protecting your identity and personal data on all your devices.
A robust solution like McAfee+ service is recommended. This service not only includes antivirus protection but also safeguards the identity and data of the user and their families on ALL devices. Not only does it provide you with an antivirus shield, but it also ensures your peace of mind by offering identity and privacy protection. Investing in such a service will provide a much-needed barrier against the rising tide of mobile device-related fraud and identity theft.
As the usage of mobile devices continues to rise exponentially, so too does the threat to consumer security. The ease and convenience that these devices offer have inadvertently made them prime targets for fraudsters and hackers. As a result, there is an alarming increase in fraud, identity theft, and privacy loss.
However, as ominous as the threat landscape may seem, it can be navigated with adequate caution and security measures. Users must recognize the importance of securing their mobile devices and take necessary precautions. Investing in comprehensive security solutions that protect not just the device but also the privacy and identity of the users is a step in the right direction. As we further embrace mobile technology, we must also adapt and upgrade our security practices to ensure that these conveniences do not become our vulnerabilities.
The evolution of mobile technology has indeed changed the game in the realm of cyber threats. Still, with the right tools and practices, users can enjoy the benefits of their devices while maintaining their security and privacy.
The post Proliferation of Mobile Devices: The Impact on Consumer Security appeared first on McAfee Blog.
In October, a hacker claimed to have hijacked profile information of “millions” of users from the popular genetic testing site 23andMe.com. Now the company has put a figure to that – some 6.9 million people. Roughly half of 23andMe’s user base.
What’s at risk? Some of the most personal info possible. Per the company’s statement to Techcrunch, this included “the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports and self-reported location” for roughly 5.5 million people who opted into the “DNA Relatives” feature, which automatically shares some information with other users automatically.
→ Worried about potential ID theft? Get identity protection with McAfee+ today
Another 1.4 million users had their “Family Tree information accessed.” This further includes display names, relationship labels, birth year, self-reported location and whether the user decided to share their information.
Just as we reported initially in October, the source of the breach appears to revolve around compromised passwords in an attack method known as “credential stuffing.” In plain terms, hackers “stuff” the credentials from one account into another to gain access. It’s a prime example of the perils that can follow when people reuse passwords. A stolen password from one account can get “stuffed” into another and give the hacker access.
Complicating the attack, and widening its scope immensely, is the DNA Relatives feature mentioned above. Because of the way it shares information between users, one compromised account can divulge the personal and genetic information of many more users – even if their account and password were not compromised in the attack. In this way, a relative handful of compromised accounts affected some 6.9 users.
Per the company’s statement on its blog, “If we learn that a customer’s data has been accessed without their authorization, we will notify them directly with more information.” Moreover, the company said,
“Our investigation continues and we have engaged the assistance of third-party forensic experts. We are also working with federal law enforcement officials.
We are reaching out to our customers to provide an update on the investigation and to encourage them to take additional actions to keep their account and password secure. Out of caution, we are requiring that all customers reset their passwords and are encouraging the use of multi-factor authentication (MFA).”
Further, in November the company required its users to use MFA to further secure their accounts, which had only been optional until that point.
As unsettling as this news may come, 23andMe customers can take the following steps.
In light of the attack on 23andMe and the sensitive data it exposed, several class action lawsuits have been filed against the company. In a filing with the U.S. Securities and Exchange Commission (SEC), 23andMe stated, “multiple class action claims have been filed against the Company in federal and state court in California and state court in Illinois, as well as in British Columbia and Ontario, Canada, which the Company is defending.”
As reported by Engadget, 23andMe sent users an email in early December notifying them of a change in the company’s terms of service – specific to its Dispute Resolution and Arbitration terms. By default, users now waive their rights to bringing forward class and collective action against the company to the fullest extent allowed by applicable law:
However, concerned users of 23andMe can opt out of these terms, thus allowing them to pursue class and collective action if they see fit. Users need to send written notice of their decision to opt-out by emailing 23andMe at arbitrationoptout@23andme.com. As of this writing the terms as posted are as follows:
Once again, users can refer to Section 5 of 23andMe’s terms of service for full details and to monitor any changes the company makes to those terms.
Far and beyond 23andMe users, everyone who goes online should take note of this attack. Which is pretty much all of us. It makes one of the strongest cases for strong, unique passwords—and for limiting the info you share online. In this case, even a secure password was no help in protecting the personal info of millions of people.
If you’re a 23andMe user, you can opt out of DNA Relatives by selecting the Manage Preferences option within DNA Relatives or from your Account Settings page. Granted, this will remove your ability to gain deeper genetic insights from other users, yet it will offer additional protection if a similar attack occurs.
For all of us, sharing and storing personal info is a fact of life online. The more you share and store online, the more risk you take on. And you have some control over that.
Consider what you’re sharing, who you’re sharing it with, what they do with that info, who they share it with, and in what form and circumstances. Yes, that’s a lot to consider. Complicating that yet more, many of the sites, services, and apps we use don’t make it easy to answer those questions. Terms of service and data policies rarely make for light and understandable reading.
Luckily, you can turn to trustworthy resources to get answers. The Common Sense Privacy Program evaluates privacy policies with K-12 students in mind. The Mozilla Foundation’s Privacy Not Included website scores apps and connected devices for privacy, including apps, smart home devices, and cars.
In an otherwise murky landscape, the privacy question is this: is the reward worth the risk? If you share that info, are you okay with someone unwanted accessing it? Particularly if the privacy risks are tough to spot.
Put simply, less sharing means more privacy. Put careful thought into when and where you share. And with whom.
On that note, it might be time for a cleanup.
We’ve logged into all kinds of things over the years. Many of which we don’t log into anymore. And others we’ve completely forgotten about. Across these forums, sites, and stores, you’ll find your personal info to some degree or other. If one of those sites gets compromised, your personal info stored there might get compromised too. That gives you a solid reason to delete those old accounts.
A tool like our Online Account Cleanup can help remove your info from online accounts. You’ll find it in our online protection software, along with our Personal Data Cleanup—which helps remove your personal info from risky data broker sites. It shows you where your personal info was found, and what data the sites have. Depending on your plan, it can help clean it up.
With 6.9 million people affected by the 23andMe attack, it reinforces a big lesson: strong, unique passwords are an absolute must. And the stakes for online privacy have never been higher.
Today we entrust the internet with so much, which increasingly includes our heath and wellness info, not to mention genetic info with services like 23andMe. Taking the steps outlined here can help protect yourself from invasions of privacy and the loss of personal info. And as we’ve seen, protect others too. Consider them whether you’re a 23andMe customer or not.
The post User Data from 23andMe Leaked Online – What Users Should Do, and the Rest of Us Too appeared first on McAfee Blog.
FreshRSS