Author: admin

Threat actors are exploiting a vulnerability found in CCTV cameras used in critical infrastructure to spread a Mirai malware variant

Chainalysis report reveals a likely increase in new internet scams this year as fraudsters adapt to increasing enforcement efforts

CISA and the FBI warned that Iranian APT group, Fox Kitten, has helped ransomware groups to attack US organizations since 2017

A virtual machine specialist was arrested after a foiled data extortion plot targeting his former employer

Ransomware attacks on US schools and colleges have surged, with 491 incidents since 2018, affecting over 8000 institutions

Enjoy exciting enhancements and top-requested features.

The “long lost lecture” by Adm. Grace Hopper has been published by the NSA. (Note that there are two parts.)

It’s a wonderful talk: funny, engaging, wise, prescient. Remember that talk was given in 1982, less than a year before the ARPANET switched to TCP/IP and the internet went operational. She was a remarkable person.

Listening to it, and thinking about the audience of NSA engineers, I wonder how much of what she’s talking about as the future of computing—miniaturization, parallelization—was being done in the present and in secret.

As the Gallagher brothers reunite for the first live Oasis shows in 16 years, scammers have queued up phony ticket schemes to cash in.

With that, we’re advising fans to take extra care as they dash to buy seats for these long-awaited shows.

McAfee has uncovered evidence of one apparent Oasis ticket scam. The following offers appeared on a third-party reseller site several days before the opening sale of official tickets on August 31st

Screenshot of apparent bogus offers for Oasis tickets. 

The seller clearly had no seats, as tickets simply weren’t available to the public nor pre-release at that time.

Official tickets for the 2025 tour go on sale on August 31st at 9am in the UK and 8am in Ireland, and only through official ticket agents. So if you’re after tickets, head directly to the official Oasis site at https://oasisinet.com.

Official tickets available at oasisnet.com

Concert organizers have made two additional things clear. First, each household has a four-ticket limit per show. Second, any ticket resales must go at face value plus a booking fee.

Of benefit to fans, purchases made through official ticket agents have policies and refunds that protect buyers in the event of cancellations. Additionally, fans who buy tickets with a credit card might also find themselves further protected by Section 75 of the Consumer Credit Act. Keeping these things in mind can help you from getting snared by a scam.

How do I get Oasis tickets (and avoid getting scammed)?

To get genuine Oasis tickets, head over to https://oasisinet.com for info and links to official ticket agents. Make it your first and only starting point.

In the coming days and in the coming months leading up to the shows, expect to see all manner of ticket scams. Yet given the way that concert organizers have structured the shows, you can quickly spot an Oasis ticket scam by looking out for the following:

Sales made through social media

Scammers can easily create phony social media profiles and ads. Likewise, they can easily use them to sell phony tickets. As always, stick with official ticketing platforms. They sell legitimate tickets and offer legitimate purchase protection.

Payment with a bank transfer

Related, scammers on social media and elsewhere online will require payment with bank transfers, gift cards, and even cryptocurrency — all payment methods that are tough to recoup in a scam. If you spot this, you’ve spotted a scam.

Ticket prices above face value — and tickets that are too good to be true

As pointed out, ticket resales will be at face value plus a booking fee. Any tickets of higher price, or lower for that matter, will be phonies.

Be on the lookout for Oasis merch scams too

Other scams we expect to see will revolve around Oasis merch – shirts, hats, phone cases, you name it. While we don’t have a view into what official merchandise sales will look like, scammers will certainly look to push their share of knockoff or non-existent merch online.

For fans looking for tour merch, you can shop safely with a few straightforward steps:

Stick with known, legitimate retailers online for your merch

This is a great one to start with. Directly typing in the correct address for reputable online stores and retailers is a prime way to avoid scammers online. Watch out for sites that spoof legit sites by copying their look and feel, which use addresses that often look like legitimate addresses — but aren’t. You’ll see phony sites such as these crop up in search results and in social media ads and posts.

Look for the lock icon in your browser when you shop

Secure websites begin their address with “https,” not just “http.” That extra “s” in stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website.

Use a secure payment method other than your debit card

Credit cards are a good way to go. In the UK, Section 75 of the Consumer Credit Act protects purchases made with a credit card that cost between £100 and £30,000. In the U.S., the Fair Credit Billing Act offers protection against fraudulent charges on credit cards by giving you the right to dispute charges over $50 for undelivered goods and services or otherwise billed incorrectly. Your credit card companies might have their own policies that improve upon these Acts as well.

Get online protection

Comprehensive online protection with McAfee+ will defend against the latest virus, malware, spyware, and ransomware attacks plus further protect your privacy and identity. In addition to this, it can also provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who might try to force their way into your accounts. And, specific to all the Oasis scams that will inevitably pop up, online protection can help prevent you from clicking links to known or suspected malicious sites. In addition, select plans of McAfee+ offer up to $2 million in identity theft coverage along with identity restoration support and lost wallet protection if needed. 

The post Wonderwall of Lies: How to Avoid Oasis Reunion Ticket Scams appeared first on McAfee Blog.

Your smart home hums right along. It sets your alarm, opens your garage door, pops up recipes on your refrigerator screen, turns up your lighting, and even spins selections as your in-house DJ. That’s to name just a few of the things it can do. Yet with all these connected conveniences, can smart homes get hacked?

The short answer is, unfortunately, yes. Yet you have plenty of ways you can prevent it from happening.

Why do hackers target smart homes?

Smart homes and the Internet of Things (IoT) devices that populate them often offer prime targets for hackers. The reason? Many IoT smart home devices have poor security features in place. And because a home network is only as strong as its weakest point, smart home devices offer a ready means of entry. With that access to the network, a hacker has access to all the other devices on it…computers, tablets, smartphones, baby monitors, and alarm systems. Everything.

Recent research sheds light on what’s at stake. Cybersecurity teams at the Florida Institute of Technology found that companion apps for several big brand smart devices had security flaws. Of the 20 apps linked to connected doorbells, locks, security systems, televisions, and cameras they studied, 16 had “critical cryptographic flaws” that might allow attackers to intercept and modify their traffic. These flaws might lead to the theft of login credentials and spying, the compromise of the connected device, or the compromise of other devices and data on the network.[i]

Over the years, our research teams at McAfee Labs have uncovered similar security vulnerabilities in other IoT devices like smart coffee makers and smart wall plugs.

Let’s imagine a smart lightbulb with poor security measures. As part of your home network, a motivated hacker might target it, compromise it, and gain access to the other devices on your network. In that way, a lightbulb might lead to your laptop — and all the files and data on it.

In all, hackers have many reasons why they might break into your smart home.

How you can protect your smart home devices

You can take several steps to make your current smart home safer. Some of them involve protecting your devices, while others focus on protecting your home network.

1. Update your devices. Some manufacturers keep devices current better than others, yet always check for updates. They often include security fixes and other measures to keep hackers out.
2. Use strong, unique passwords. Every device of yours should have one, along with a unique username. In some cases, connected devices ship with default usernames and passwords, making them that much easier to hack.[ii]
3. Use multi-factor authentication. Our banks, medical providers, and numerous other services use multi-factor authentication to keep hackers from hijacking accounts. If your smart home device supports two-factor authentication as part of the login procedure, put it to use and get that extra layer of security.
4. Secure your internet router. Your router acts as the internet’s gateway into your home. From there, it works as a hub that connects all your devices — computers, tablets, and phones, plus your IoT devices as well. That means it’s vital to keep your router secure. The first thing to do is change the default password of your router if you haven’t done so already. Again, use a strong method of password creation. Also, change the name of your router. When you choose a new one, go with a name that doesn’t give away your address or identity. Something unique and even fun like “Pizza Lovers” or “The Internet Warehouse” are options that mask your identity and are memorable for you too.
5. Keep your router current. Routers need updates too. Many internet service providers (ISPs) automatically push firmware updates to the routers they rent or sell to their customers. Check with yours to see. Likewise, router hardware becomes outdated over time. If you rent a router from your ISP, periodically check to see if they have new equipment available. If you own your router, check to see if it uses the latest security protocols. Currently, Wi-Fi Protected Access II (WPA2) is a strong and common form. Wi-Fi Protected Access II (WPA3) is newer, stronger, and is gaining traction in the marketplace.
6. Set up a guest network specifically for your smart devices. Just as you can offer your human guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from smart devices. This way, if a smart device is compromised, a hacker will still have difficulty accessing your other devices because they’re on a different network.
7. In the U.S., look for the Cyber Trust Mark. In 2024, the Federal Communications Commission (FCC) adopted the rules and framework for a new cybersecurity certification program.[iii] The program is voluntary, yet many noteworthy brands have shown support for this new Cyber Trust Mark. The mark will show that the smart device in question uses cybersecurity best practices, which makes it less vulnerable to threats. In a way, you can liken it to the Energy Star certification for appliances — a certification that can help you make a smarter purchasing decision when it comes to outfitting your smart home.
8. Protect your phone. You’ve probably seen that you can control a lot of your connected things with your smartphone. We use them to set the temperature, turn our lights on and off, and even see who’s at the front door. With that, it seems like we can add the label “universal remote control” to our smartphones — so protecting our phones has become yet more important. Whether you’re an Android or iOS device user, get security software installed on your phone so you can protect all the things it accesses and controls — in addition to you and the phone as well.

And protect yourself too

Aside from protecting your devices, there’s protecting yourself. Comprehensive online protection software will protect your privacy and identity as well. Depending on your location and the plan you select, ours includes up to $2 million in identity theft coverage, plus features that clean up old and risky online accounts. Further features remove your personal info from the sketchiest of online data brokers and help you monitor all your transactions in one place — including retirement and investment accounts. It’s comprehensive protection for a reason.

Want more on setting up your smart home?

Check out our Smart Home Security Guide. It offers further details on device protection and privacy advice for smart devices and smart speakers too. It’s free, and part of the McAfee Safety Series that covers topics ranging from online shopping and cyberbullying to identity protection and ransomware prevention.

[i] https://news.fit.edu/academics-research/apps-for-popular-smart-home-devices-contain-security-flaws-new-research-finds/

[ii] https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/

[iii] https://docs.fcc.gov/public/attachments/DOC-401201A1.pdf

 

The post Is Your Smart Home Vulnerable to a Hack Attack? appeared first on McAfee Blog.

LummaC2, a C-based MaaS tool first identified in 2022, has resurfaced to exfiltrate credentials and personal data