More stories

  • in

    The best home security system in Tampa

    Tampa hosts one of the most diverse cultural, architectural, and economic landscapes in Florida. Despite such prosperity, Tampa’s residents are not excluded from being victims. In this article, we prioritized the best home security systems Tampa has to offer. In our analysis, we involved monitoring services (professional and self-monitoring), pricing, ease of installation, equipment quality, as well as how customers rated their experience with a particular provider’s service.We know there is a myriad of options that appear to fog your lens to understand the best home security Tampa can provide you, so we’ve reduced the best national home security providers while providing insight on their services. Arranging home security providers according to their pros and cons, we hope to support you in fortifying your home and ensuring that uninvited guests will always be many steps behind.Here is a comparison of our top picks for the best home security system in Tampa:SimpliSafeAbodeArloRingBlue by ADTReviews.com Score4.44.2544.23.6Monitoring prices start at$0.50/day$0.20/day$2.99/mo. (1 camera)$10/mo.$19.99/mo.Contract lengthNoneNoneNoneNoneNoneCamerasIndoor/Outdoor/DoorbellIndoor/Outdoor/DoorbellIndoor/OutdoorIndoor/Outdoor/DoorbellIndoor/Outdoor/DoorbellSensorsDoor, window, motion detection, water damage monitoring, temperature sensorDoor, window, motion detectionDoor, window, motion detection, spotlight, floodlightDoor, window, motion detection, spotlight, floodlight, flood and freeze sensor, panic buttonDoor, window, motion detection, smoke and carbon monoxide sensorSmart home capabilityGoogle Assistant, Amazon Alexa, Apple WatchGoogle Assistant, Amazon Alexa, Apple WatchGoogle Assistant, Amazon Alexa, Apple WatchGoogle Assistant, Amazon AlexaGoogle Assistant, Amazon Alexa, Apple HomeKitControl panelA mobile app, key fobs, keypadsA mobile app, key fobs, keypadsMobile appMobile appA mobile app, keypad integrated on hubs*Information accurate as of March 2021

    Best overall home security system

    Shutterstock

    Reviews Score: 4.4 | J.D. Power: 889* | Contract requirement: No |Why we chose itSimpliSafe went the smart route and made a customizable system, enabling customers to contour their home security system around their floor plan. Furthermore, monitoring plans are only $0.50 a day ($15 a month), and SimpliSafe is the highest rated home security system by J.D. Power.Pros:Plan options for almost every homeBudget-friendly in the long runDIY is simple, yet professional install isn’t unreasonableCons:Customer service leaves room for improvementAdd-ons to plan may become too expensiveUpfront costEquipment availableEntry sensorMotion sensor105dB sirenSmart lockWireless, keypadKey fobPlans & pricingStandard Monitoring: $0.50/dayInteractive Monitoring: $0.83/day

    Best for smart home integration

    Abode

    Reviews Score: 4.25 | J.D. Power: N/A | Contract requirement: No |Why we chose itIf you like Alexa or Google to run your home while you sit in peace on the couch or in bed, Abode connects to popular smart home devices and arm your security system for you.Pros:Inexpensive compared to competitorsNo forced contractsGood monitoring for the priceCons:Fee for contract/early terminationRefunds could be betterWarranty is limited to a yearEquipment availableRecessed window and door sensorGlass break sensorMotion sensorsOutdoor cameraIndoor cameraSirenPlans & pricingStandard: $0.20/dayPro Plan: $0.66/day

    Best for high-quality cameras

    Shutterstock

    Reviews Score: 4 | J.D. Power: N/A | Contract requirement: No |Why we chose itArlo includes cameras that will even impress the tech-savvy with a product line that seems almost too state-of-the-art. Despite being a younger company, Arlo is earning a robust reputation as a national brand.Pros:4K-video historyContinuous footageCameras have more technical featuresCons:Cameras are expensiveIt doesn’t offer door and window sensors24/7 monitoring brings up pricingEquipment availableIndoor cameraOutdoor cameraSolar panel cameraSmarthub MountsChimePlans & pricingSmart: FreePremier: $2.99/mo. (1 camera) or $9.99/mo. (up to 5 cameras)Elite: $4.99/mo. (1 camera) or $14.99/mo. (up to 5 cameras)

    Best for security sensors

    Ring

    Reviews Score: 4.2 | J.D. Power: 882* | Contract requirement: No |Why we chose itRing’s sensors could catch almost any event in your home, from flood to freezes and carbon monoxide leaks. It’s not just security from break-ins, but from disasters as well.Pros:Installation requires less than 20 minutesAffordable compared to other smart home packagesSimple pricing for subscription supportCons:It doesn’t have a quality appearance compared to competitorsGoogle support can be problematicWiFi connectivity can be poorEquipment availableIndoor cameraOutdoor cameraWindow sensorDoor sensorMotion detectorPanic buttonPlans & pricingBasic: $30/yearPlus: $100/year

    Best for professional monitoring

    Shutterstock

    Reviews Score: 3.6 | J.D. Power: 880* | Contract requirement: Yes | Why we chose itAlthough professional monitoring costs are higher than competitors at $19.99 a month, Blue by ADT monitoring alerts authorities, sends alerts to your phone, and has cellular backup for camera footage.Pros:High-quality monitoring servicesBrand recognition deters crimeContract offers longevityCons:Costly up-front expensesCancelation feesMust have contractEquipment availableHubIndoor cameraOutdoor cameraDoor sensorsWindow sensorsMotion sensorPlans & pricingDIY monitoring: FreeProfessional Monitoring: $19.99/mo.

    Home security in Tampa: What you need to know Tampa, Florida, crime statistics In Tampa, the largest rates of crime fall under four major categories. The largest category is aggravated assault, polling nearly 2100 incidents in 2020. The second-largest is car burglary, reaching almost 1250 crimes during 2020. The third-largest is burglary, almost reaching 1000 incidents during 2020. The fourth-largest category is car theft, capping at nearly 600 incidents in 2020. Burglary and car burglary often occur in residential areas where criminals furtively take advantage of the night’s lower visibility.In 2002, crime rates in Tampa reached 35 380 crimes in total.In 2020, 325 robberies occurred.In 2019, burglaries reached a total of 1022 crimes.Research your neighborhoodHistoric Kenwood is the loudest bell that rings in the mind when talking about Tampa. The St. Petersburg Police Department protects an area that hosts homes dating back to the 1920s, the architecturally rich homes in Historic Kenwood. The St. Petersburg Police Department also protects the city’s single-family homes, townhomes, and luxury highrises. West Tampa boasts a diverse melting pot of cultures, huddled among business districts and employment centers. The residential neighborhood there is protected by the City of Tampa Police Department. Hyde Park has emerged as the trendy, go-to city for those seeking a metropolitan community. Considered the affluent centerpiece of Tampa, the neighborhood of Hyde Park is protected by the Tampa Police Department, as well.To research your Tampa neighborhood, you can use this crime map for more information.Register your home security system in Tampa

    When preparing your home for its new security system, don’t forget that you are required to register your home security system with the City of Tampa. Remember to do this once your system is set up but not too long after your home security’s installation has occurred. Below is a list of steps to help get your home’s security system in compliance with the City of Tampa’s ordinances:1. Open your browser and visit the City of Tampa’s False Alarm Program page.2. Once you have arrived, download and complete the Alarm User Registration Form under the heading “What can you do to reduce false alarms?”3. Upon completion, print the form and mail it to the address listed here: City of TampaAttn:  A/R & Billing – Police False Alarms306 E. Jackson St., 050A7ETampa, FL  33602How to choose your Tampa home security systemInterior/exterior cameras: It’s worth noting that any home security system’s exterior devices should be rated for Tampa’s climate. Tampa is hot and humid almost year-round, bringing in rain and showers almost weekly. Is the camera that you want to install capable of tolerating Tampa’s harsh relative humidity? Instead of prioritizing the aesthetic of a device, make sure that your home security implementations exposed to Tampa’s climate will operate and not fail.Control panel: Usually, control panels and interfaces are pretty straightforward. For users with poor dexterity, or poor vision, consider using an interface with the least interpretation possible. Getting lost in the settings can be nice for someone who can harness and appreciate fine-tuning, although most would like a relatively autonomous system that is ready from the start. We recommend acquiring a limited interface control panel or devoting time to learn how to use the control panel effectively, especially if you have to enter a sequence of commands, or characters, to deactivate a false alarm. Compatibility: Almost all smart hubs offered in home security systems support Android, Google, and iOS operating systems. An operating system can be unsupported by a security system, although the circumstance is incredibly rare, excluding a demographic entirely. Regardless, make sure your phone is supported by researching the provider that interests you and even calling them for more insight.Storage: For those living in areas where foot traffic is frequent or wildlife is a natural part of the area, your motion-activated camera may be triggered unnecessarily and perhaps even too often. This can rack up video data, filling up your storage capacity. If you prefer to remain in your current data plan and video storage limits, our first suggestion is to orient the camera so that its field of view is limited to the points of entry of your house. This will prevent any motion that is not related to your home from being captured. Alternatively, you may consider increasing your storage capacity. For the sake of overall security, this is the preferred route. Sure, it may cost more, although keeping a view of your home and its surroundings can help increase accountability if a crime occurs and is recorded. Increased storage space means you won’t have to worry about data management and superfluous data monitoring.Window/door sensors: Tampa is hot, humid, and beautiful. The area’s beauty won’t affect your window or door sensors much, although the climate certainly will if any device’s specifications aren’t prepared for it. All devices, especially sensors, should be waterproof and capable of operating a little over 103 degrees Fahrenheit. Local vs. national companies Pros of local security companyKnowledgeable of the local areaQuicker emergency dispatchingNegotiable termsCons of local security companyLimited warrantiesReputation could be terribleSub company for larger corpPros of national security companyThe strong name behind the companyStable among competitionMore space for warrantiesCons of national security companyOvercharge for packagesDelay in installation or serviceMay not know the area wellTampa home security systems FAQ 

    What’s the most cost-effective home security system?

    The most cost-effective home security system is SimpliSafe. Despite Blue by ADT offering a tremendous package that is actually cheaper when the benefits are compared to competitors, Simplisafe has the best overall cost-to-effectiveness ratio when one wants to get the job done without a hefty upfront cost, all while providing the benefits that are often sought after.

    How much is ADT a month?

    Including its basic package for the devices, ADT’s Secure Package costs about $55.99 per month. Without its package, monitoring alone costs $45.99 per month. However, Blue by ADT only costs $14.99 a month for professional monitoring

    What’s the best and least expensive home security system?

    Abode is the best home security system for the least amount of money. Its upfront cost is only $20 more than its competitors; Abode skips the unnecessary all-in-one packaging while giving you a base security system with monitoring capabilities.

    Methodology We evaluated home security companies based on equipment cost, monthly costs, contract options, installation and customer satisfaction to determine Reviews.com scores and create our best home security reviews. To compare home security companies with other providers across the board, we calculate each Reviews.com score based on the following:Monthly Price: The lower the cost of a home security company’s monthly contract, the higher the score. Inversely, the higher the cost of the monthly contract, the lower the score in this metric. Equipment Cost: Affordability is important with home security, so we awarded higher scores to home security companies with lower equipment prices.Contracts: Reviews.com reviewed the flexibility in contracts of the home security companies. The more flexibility, like having no contracts to bind customers for long periods, the higher the score. Customer Satisfaction: With J.D. Power’s 2020 Home Security Satisfaction Study, we assigned a score to each company based on the rating it received.Installation: Like with contracts, we award higher scores to companies with flexible installation options, like DIY or professional options. More

  • in

    The best home security system in Dallas

    To find the best home security companies Dallas has to offer, we reviewed each of the following brands based on affordability, monitoring capabilities, equipment availability, and integration capabilities with smart devices. While none of these Dallas alarm companies is perfect, each of them offers an intuitive experience, whether that be a professional or DIY install. Our favorites of the bunch we reviewed — SimpliSafe, Ring, Abode, Arlo, Blue by ADT, and Cove — offered high-tech equipment, round-the-clock monitoring services, and easy DIY options. In a word, these home security systems Dallas provides made us feel safe.Here is a comparison of our top picks for the best home security system in Dallas:SimpliSafeRingAbodeArloBlue by ADTCoveReviews.com Score4.44.24.2543.63.5Prices start at$184.99$199.99$199.99$129.99$179.99$122Contract lengthNo contractsNo contractsNo contractsNo contracts36 monthsNo contractsCamerasIndoor/DoorbellIndoor/Outdoor/DoorbellIndoor/Outdoor.DoorbellIndoor/OutdoorIndoor/Outdoor/DoorbellIndoorSensorsEntry sensor, motion sensor, glass break sensor, panic button, smoke detector, water sensor, temperature sensorDoor,window,motion detection, spotlight,floodlight,flood and freeze sensor,panic buttonDoor, window, motion detection, door sensor, window sensorDoor,window,motion detection,spotlight,floodlightDoor, window, motion detection, smoke and carbon monoxide sensorDoor/window sensor, motion detector, panic button, glass-break detector, smoke/heat/freeze detector, flood sensor, carbon monoxide detectorSmart home features105dB siren, smart lock, pro-set-up help, smart home support through third party systemsSmart home integration with Z-Wave supportSmart home integration through the custom engine (CUE), third party smart software supportSmart home support through their proprietary hub selectionSmart home integration with Z-Wave hubKey remoteControl panelWireless, keypad, key fob, base station, mobile app, key fobMobile appThe mobile app, key fob, keypadMobile appThe mobile app, keypad is integrated on the hubThe mobile app, touchscreen alarm panel*Information accurate as of May 2021

    Best for flexibility

    Shutterstock

    Reviews Score: 4.4 | J.D. Power: 889 | Contract requirement: No | Why we chose itIf you want to keep your home and loved ones safe but aren’t a fan of home security prices, SimpliSafe is a strong as well as flexible option. SimpliSafe offers 24/7 professional monitoring services and gives customers wanting to save money the option to monitor their security system themselves.Pros:Easy, DIY installation optionDIY monitoring optionNo required contractsCons:No outdoor camera optionsExpensive video storage feesLimited integration optionsEquipment availableMotion sensor105dB sirenSmart lockWireless, keypadKey fobEntry sensorPlans & pricing:Foundation: $229Essentials: $259Hearth: $374Knox: $449Haven: $489

    Best for ease of use

    Ring

    Reviews Score: 4.2 | J.D. Power: 882 | Contract requirement:No | Why we chose itRing’s straightforward DIY approach makes the home security company a top contender for those looking to protect their homes. While not perfect, Ring’s affordable pricing and lack of contracts make it an attractive option.Pros:Quick, easy installation processAffordable packagesSimple pricing for subscription supportCons:Poorer performance compared to competitorsGoogle support can be problematicThe basic plan offers no professional monitoring servicesEquipment available:Outdoor cameraWindow sensorDoor sensorMotion detectorPanic buttonIndoor cameraPlans & pricingBasic: $30/yearPlus: $100/year

    Best for budget

    Abode

    Reviews Score: 4.25 | J.D. Power: N/A | Contract requirement: No |Why we chose itAbode security plans are a great option if you don’t want to break the bank on a home security system but still want the peace of mind it offers. Unfortunately, its limited integration capabilities with smart devices can be a big frustration.Pros:Inexpensive costsNo security contractsOffers DIY and professional monitoringCons:Early termination fees applyRefund options are lackingWarranty is limited to a yearEquipment availableGlass break sensorMotion sensorsOutdoor cameraIndoor cameraSirenRecessed window and door sensorPlans & pricingStandard: $6/mo.Pro Plan: $19.80/mo.

    Best for technical features

    Shutterstock

    Reviews Score: 4 | J.D. Power: N/A | Contract requirement: No |Why we chose itUninterested in monitoring your home security system yourself but don’t want to pay an arm and a leg? Arlo’s professional monitoring systems are some of the cheapest plans on the market and come with some impressive camera equipment.Pros:Offers 4K-video footage capabilitiesGood BBB ratingsInexpensive plansCons:Costs extra for 24/7 monitoringIt doesn’t provide products like doors and windows sensorsExpensive camera equipmentEquipment availableIndoor cameraOutdoor cameraSolar panel cameraSmarthubMountsChimePlans & pricingSmart: freePremier: $2.99/mo.Elite: $4.99/mo.

    Best for most rounded features

    Shutterstock

    Reviews Score: 3.6 | J.D. Power: 880 | Contract requirement: Yes | Why we chose itAs one of the longest-running security system companies, ADT has a long, trusted history with a solid variety of plan options for home security. Despite being one of the few security system companies requiring a contract, Blue by ADT offers extensive hardware options.Pros:Quality professional monitoringQuick installations and repairsMoney-back guarantee for first six monthsCons:Requires a long contractCancellation feesPoor BBB customer service ratingsEquipment availableHubIndoor cameraOutdoor cameraDoor sensorsWindow sensorsMotion sensorPlans & pricingBuild Your Own System: $179.99Starter System: $219.99Starter Plus System: $299.99

    Best for customizing

    Cove

    Reviews Score: 3.5 | J.D. Power: N/A | Contract requirement: No |Why we chose itFounded in 2018, Cove is new to the home security scene, but that by no means makes it a non-valuable player. Cove’s BBB customer ratings are impressive, to say the least, and its easily customizable security plans make it a dream for customers who want more control over their home security setup.Pros:No contractsCustomizable plansStellar BBB customer service reviewsCons:No professional installationLimited app functionsLimited integrationEquipment availableDoor/window sensorMotion detectorPanic buttonYI Indoor CameraKey remoteTouchscreen alarm panelPlans & pricingCove Basic: $15/moCove Plus: $25/mo

    Home security in Dallas: What you need to know Dallas, Texas, crime statisticsYour city’s overall crime rate and common types of crimes can provide better insight into how to keep your home safe. However, keep in mind that crime stats only offer a piece of the entire puzzle. In Dallas, Texas, the crime rate is twice as high as the national rate, which is understandable given how large a city it is. Unfortunately, in Dallas, you have a 1 in 29 chance of becoming the victim of a property crime. Here are a few more statistics to bear in mind:34 out of 1000 residents of Dallas are victims of property crimesNearly 7 out of 1000 people in Dallas will experience a burglary20 out of 1000 people in Dallas will experience a theftResearch your neighborhoodThe type of home security system you’ll need will depend on what kind of neighborhood you live in. Be sure to research your neighborhood to see how likely it is that you’ll experience a crime and what kind of crimes are common in your area. If you live in a low-crime neighborhood, you may only need a basic security setup. However, if burglary is a concern where you live, you may want to consider a complete home security package. Most of the safest neighborhoods like Hillcrest Road/Spring Valley Road, Northaven Road/Hillcrest Road, Northaven Road/Inwood Road, Northaven Road/Preston Road are located in northern Dallas. Areas like Sargent and Fruitdale, however, have lower safety ratings. To learn more about how to research your neighborhood’s safety record, browse our resources here.Register your home security system in Dallas

    It’s important to register your home security system with the city of Dallas because, if it’s not, the city can refuse to respond to your home alarms. Keeping a record of the Security Alarm Permits helps the city keep the registration information up-to-date. Hence, law enforcement knows how to reach you should your alarm go off and you’re not home, and it lets the city of Dallas keep track of false alarms. The first three times you spark a false alarm in Dallas, you will not be charged a fee. After that, the fourth, fifth, and sixth false alarms will cost you $50. For the seventh and eighth false alarms, you’ll be charged $75 and $100 from then on. In order to register for a Security Alarm Permit with the city of Dallas, follow these instructions:Visit False Alarm Reduction Website (dallasalarmpermit.com)Click “Register Online”Fill out the online registration form, which will require your contact information, address, and alarm company informationPay the $50 feeFor more information, visit Home (dallaspolice.net)How to choose your Dallas home security systemInterior/exterior cameras: If you’re going to purchase a security camera for your home, consider the weather ratings for exterior cameras. Dallas is hot and humid, with warm summers and mild winters. Since Dallas is exposed to such extreme weather conditions, you’ll want to make sure the camera you install outside your home is rated for your specific climate.Control panel: The control panel is one of the most important facets of your home security system. This is the interface that gives you access to the backend of your home security system. Before you purchase a security system for your home, research how intuitive and easy to use the control panel is. You won’t want to find yourself with a complicated control panel while frantically trying to turn off your home’s security alarm. Compatibility: One of the most convenient aspects of a home security system is its compatibility with your smart devices. The top operating systems for phones, Android, Google, and iOS, should integrate with most home security system hubs. Before choosing a home security system, research to make sure the software, usually an app, will work with your phone or any other smart devices you own. Storage: If you live in an area where you’re bombarded with foot traffic, you might stock up on video storage a lot more quickly than you would expect should you have a motion-sensor camera. If this is the case, be sure to position the camera to focus on the traffic that’s coming in and out of your home instead of the street. This will help to cut down on needless monitoring and keep you from racking up unnecessary video footage.Window/door sensors: Due to Dallas’s considerable humidity, you’ll want to make sure your door and window sensors are weatherproofed. With long-term exposure, the dense humidity and heat could cause a lot of wear and tear on any outdoor sensors. Ideally, you’ll want to keep your window and door sensors indoors. Local vs. national companiesPros of local security companyIt offers a more personalized experienceFamiliarity with your neighborhoodInvestment in your communityCons of local security companyPricier packagesLonger wait timesLess resources to offerPros of national security company24/7 monitoringWide variety of equipment optionsSmart equipment capabilitiesCons of national security companyPoor customer serviceLess personalized experienceLack of familiarity with your neighborhood

    Can I self-install my home security system?

    While some home security systems do require a professional install, many companies offer self-install options. If you’d like the DIY option, make sure to read all the fine print before purchasing a system to find out whether the home security company allows for self-installs.

    What’s the best Dallas home security system?

    The best home security system entirely depends on your individual needs and budget. If money isn’t an object, consider going with a package from a company like Blue by ADT, which is more costly but offers many benefits. If you’re interested in a more basic option, consider a company like Arlo or Abode.

    What’s the least expensive home security system?

    Within this listing, the least expensive home security system is Arlo. The company only charges $2.99/month for its Premier plan and $4.99/month for its Elite plan.

    Methodology We evaluated home security companies based on equipment cost, monthly costs, contract options, installation and customer satisfaction to determine Reviews.com scores and create our best home security reviews. To compare home security companies with other providers across the board, we calculate each Reviews.com score based on the following:Monthly price: The lower the cost of a home security company’s monthly contract, the higher the score. Inversely, the higher the cost of the monthly contract, the lower the score in this metric. Equipment cost: Affordability is important with home security, so we awarded higher scores to home security companies with lower equipment prices.Contracts: Reviews.com reviewed the flexibility in contracts of the home security companies. The more flexibility, like having no contracts to bind customers for long periods, the higher the score. Customer satisfaction: With J.D. Power’s 2020 Home Security Satisfaction Study, we assigned a score to each company based on the rating it received.Installation: Like with contracts, we award higher scores to companies with flexible installation options, like DIY or professional options.

    ZDNet Recommends More

  • in

    Ransomware: Take these three steps to protect yourself from attacks and make it easier to recover

    Microsoft has shared three key steps organizations can take to ensure a ransomware attack doesn’t cripple their entire network in an attempt to extract a multimillion dollar ransom or leak sensitive corporate data on the internet.   

    Microsoft developed the three-step advice as part of its feedback to the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST)’s recent call for expert approaches to preventing and recovering from ransomware and other destructive cyberattacks. In brief, the three steps are “prepare, limit, and prevent”, which include: prepare your recovery plan to enable recovery without paying; limit the scope of damage by protecting privileged roles; and make it harder to get in by incrementally removing risks. The steps work on the assumption that attackers will eventually breach a network. It’s part of the so-called Zero Trust strategy that tech vendors and the US government is interested in. “This may seem counterintuitive since most people want to simply prevent an attack and move on,” writes Mark Simos, lead cybersecurity architect in Microsoft’s cybersecurity solutions group.”But the unfortunate truth is that we must assume breach and focus on reliably mitigating the most damage first. This prioritization is critical because of the high likelihood of a worst-case scenario with ransomware.”Microsoft’s three stage plan actually involves a lot of work, but they can be organized under the three parts. 

    Under prepare, organizations need to develop a detailed secure backup plan covering the who, what, why and how of it. It also means defining how an organization would limit damage in the worst-case scenario. Restoring systems from backups is easier and cheaper than dealing with attackers and using their decryption tools, it notes. Paying up also doesn’t guarantee recovery. Microsoft also recommends backing up critical dependencies, including identity and access systems such as Microsoft Active Directory, protecting backups, and testing business continuity in a disaster recovery scenario. On limiting the scope of damage, Microsoft encourages end-to-end session security as well as multi-factor authentication for admins; protecting and monitoring identity systems, mitigating lateral traversal (once an attack is inside a network), and rapid threat response. Despite the zero trust ‘assume breach’ mentality, Microsoft of course recommends preventing attackers entering an environment and rapidly removing access before they can steal and encrypt data. Why? It raises the attacker’s costs. “This causes attackers to fail earlier and more often, undermining their profits. While prevention is the preferred outcome, it may not be possible to achieve 100% prevention and rapid response across a real-world organization with a complex multi-platform, multi-cloud estate and distributed IT responsibilities,” Microsoft explains. Finally, Microsoft says that countering the threat of ransomware and creating the ability to recover tech assets needs buy getting buy-in from top execs, such as the board, as well as IT and key security team members.  Microsoft is also trying to update what file encrypting ransomware attacks mean today compared to when they emerged in 2013. Nowadays, it doesn’t just mean encrypting files on a single PC. Today, there are well-developed markets behind ransomware, such as ransomware-as-a-service, marketplaces for buying login credentials, as well as specialized toolkits and affiliate business models to support groups who target organization to steal admin credentials. Large ransoms have existed for the past few years, but the past few months has seen ransomware attackers become more ambitious, including the attacks on Colonial Pipeline and meat packer JBS, which netted the attackers $4.4m and $11m, respectively.   These attacks won’t stop either. The FBI last week warned the US food and agriculture sector about recent attacks by ransomware groups seeking to “disrupt operations, cause financial loss, and negatively impact the food supply chain.” 

    The most common techniques to breach a network include phishing, Remote Desktop Protocol (RDP) vulnerabilities, and software flaws, the FBI warned, listing several non-public attacks on the sector.  More

  • in

    Palo Alto Networks announces new Prisma Cloud features

    Palo Alto Networks unveiled new security features for its Prisma Cloud product that will give developers and DevOps teams access to container image sandboxing. The tool will also now run a third-party container image in an isolated environment, leveraging machine learning to perform an inspection of processes, file systems and networking activity pre-deployment.  “Today’s announcement delivers a leap in what’s possible for container security, taking our incredible machine learning and applying it to third party, or any, image, regardless of its provenance — enabling customers to run these in a pre-deployment sandbox,” Palo Alto Networks said in a statement. “Automatically, Prisma Cloud analyzes the actual runtime for dynamic threats, learning all the processes that will be run, the network activity for the image, and all filesystem access to build an in-depth model of what the image will do.”The update includes protection for virtual machines on Azure and Google Cloud as well as Windows support, service mesh support and improved API telemetry.In April, the company announced Auto-Detection and Auto-Protection capabilities for standalone VMs running in AWS. That now will be extended to Azure and Google Cloud as well. The company said the tool “reduces the efforts required by DevOps and security teams to manually configure, deploy, and update host security agents.”
    Palo Alto Networks
    The new Web Application and API Security (WAAS) features have been extended to protect Windows hosts, including Windows Server 2019 LTSC. WAAS also “automatically supports installing on service meshes such as Istio or Linkerd.” 

    Palo Alto Networks also announced that it is now a Red Hat Certified Technology Vulnerability Scanner, which they said “verifies our extensive capabilities and strengthens our interoperability with Red Hat.”The announcement included app-embedded defender forensics, which provides protection for new workload types like AWS Fargate, Azure Container Instances, Google Cloud Run and Google Kubernetes Engine Auto-Pilot. Palo Alto Networks unveiled a slate of other improvements. “Now, Host Security capabilities are expanded to cover custom VPCs and even encrypted AMIs. The latest release includes Serverless Auto-Protect v2 and support for Ruby 2.5 and 2.7 in Serverless Defender. Defender, our unified agent, now supports the latest release -2 giving effectively a year of support for each release!” the company explained.”Our deep product integration continues to shine with unified notifications on the SaaS platform and single logic cloud onboarding.” More

  • in

    Operation Chimaera: TeamTNT hacking group strikes thousands of victims worldwide

    The TeamTNT hacking group has upped its game with a set of tools allowing it to indiscriminately target multiple operating systems. 

    On Wednesday, cybersecurity researchers from AT&T Alien Labs published a report on a new campaign, dubbed Chimaera, that is thought to have begun on July 25, 2021 — based on command-and-control (C2) server logs — and one that has revealed an increased reliance on open source tools by the threat group.  TeamTNT was first spotted last year and was connected to the installation of cryptocurrency mining malware on vulnerable Docker containers. Trend Micro has also found that the group attempts to steal AWS credentials to propagate on more servers, and Cado Security contributed the more recent discovery of TeamTNT targeting Kubernetes installations. Now, Alien Labs says the group is targeting Windows, AWS, Docker, Kubernetes, and various Linux installations, including Alpine. Despite the short time period, the latest campaign is responsible for “thousands of infections globally,” the researchers say.TeamTNT’s portfolio of open source tools includes the port scanner Masscan, libprocesshider software for executing the TeamTNT bot from memory, 7z for file decompression, the b374k shell php panel for system control, and Lazagne. Lazagne is an open source project that lists browsers including Chrome and Firefox, as well as Wi-Fi, OpenSSH, and various database programs as supported for password retrieval and credential storage. Palo Alto Networks has also discovered that the group is using Peirates, a cloud penetration testing toolset to target cloud-based apps.

    “The use of open-source tools like Lazagne allows TeamTNT to stay below the radar for a while, making it more difficult for antivirus companies to detect,” the company says. While now self-armed with the kit necessary to strike a wide variety of operating systems, TeamTNT still focuses on cryptocurrency mining.  Windows systems, for example, are targeted with the Xmrig miner. A service is created and a batch file is added to the startup folder to maintain persistence — whereas a root payload component is used on vulnerable Kubernetes systems.  Alien Labs says that as of August 30, a number of malware samples still have low detection rates.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

  • in

    BladeHawk attackers spy on Kurds with fake Android apps

    Fake Android apps are being deployed on the handsets of Kurds in a surveillance campaign promoted across social media.  

    On Tuesday, researchers from ESET said an attack wave conducted by the BladeHawk hacking group is focused on targeting the Kurdish ethnic group through their Android handsets.  Thought to have been active since at least March last year, the campaign is abusing Facebook and using the social media platform as a springboard for the distribution of fake mobile apps.  The researchers have identified six Facebook profiles connected to BladeHawk at the time of writing, all of which have now been taken down. While they were active, these profiles posed as individuals in the technology space and as Kurd supporters in order to share links to the group’s malicious apps.  ESET says that at minimum, the apps — hosted on third-party websites, rather than Google Play — have been downloaded 1,481 times.  BladeHawk’s fake applications were promoted as news services for the Kurdish community. However, they are harboring 888 RAT and SpyNote, two Android-based Remote Access Trojans (RATs) which enable the attackers to spy on their victims. 

    SpyNote was only found in one sample, and so it appears that 888 RAT is currently BladeHawk’s main payload. The commercial Trojan, of which a cracked and free version has been made available online since 2019, is able to execute a total of 42 commands once executed on a target device and a connection to the attacker’s command-and-control (C2) server is established.  The Trojan’s functions include taking screenshots and photos; exfiltrating files and sending them to a C2; deleting content, recording audio and monitoring phone calls; intercepting and either stealing or sending SMS messages; scanning contact lists; stealing GPS location data; and the exfiltration of credentials from Facebook, among other functions.  The researchers say that the RAT may also be linked to two other campaigns: a surveillance campaign documented by Zscaler that spreads via a malicious and fake TikTok Pro app, and Kasablanca, threat actors tracked by Cisco Talos who also focus on cyberespionage.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

  • in

    Facebook believes accountability and investment signals it is taking privacy seriously

    While a discussion paper on the Attorney-General’s review of Australia’s Privacy Act 1988 remains outstanding, Facebook has taken the opportunity to bust some so-called myths about the company’s approach to privacy.During a virtual briefing with media on Wednesday, the social media giant’s privacy and policy director Steve Satterfield said the company is on a “perpetual quest” to bust the myth that Facebook sells people’s data to advertisers or other third-parties. “It’s just false,” he said. “We do not sell people’s data. We never have.” In July 2019, the social media giant was hit with a $5 billion fine by the US Federal Trade Commission (FTC) for violating user privacy. The FTC investigation alleged that Facebook repeatedly used “deceptive disclosures and settings to undermine users’ privacy preferences” in violation of its 2012 agreement with the FTC. It was that case that forced Facebook to agree to overhaul its consumer privacy practices. In that same year, Facebook paid a £500,000 fine issued to it by the UK Information Commissioner’s Office after an investigation into the misuse of personal data in political campaigns. Satterfield added another “myth” that still exists in “certain parts of the world” — and unsure whether that includes Australia or not — that should be clarified is Facebook is anti-regulation. 

    “That’s actually quite the opposite. We are very vocally pro-regulation, including around privacy,” Satterfield said. He pointed out, for instance, that the company believes a globally consistent approach to privacy regulation is necessary, noting that inconsistency is “both bad from a user’s perspective and it’s also bad from the business perspective”. “It’s really hard to build global services to accommodate the laws of individual cases, or in my case, in [US] states,” Satterfield said, noting that Europe’s General Data Protection Regulation (GDPR) is the “most influential piece of privacy legislation ever created”. The remarks echo Facebook’s submission for the Privacy Act review where it recommended that Australian privacy laws be reformed to make them more aligned with the GDPR. Satterfield also took the opportunity to rattle off a slew of features that Facebook has introduced over the years to ensure that privacy is “built-in” to its products, including allowing Facebook users to easily delete past posts and download copies of their own information to Dropbox or Google Drive. Introducing a Snapchat-like view once photo and view feature on WhatsApp was another one that Satterfield listed. But when asked by ZDNet about why Facebook’s emphasis on privacy considerations have really only surfaced in recent years — and not since the beginning — Satterfield said it was due to a couple of reasons. “Executive level accountability that is something that has happened by virtue of our settlement with the FTC, but it’s also I think more broadly reflective of executive investment in privacy,” he said. “I think it’s always been central … that has evolved in the time that I’ve been here now. We have a privacy board that is made up of product managers and engineers to work on privacy that didn’t exist when I got here. “I would say it’s those two things: It’s executive level investment and accountability — and I include our CEO Mark Zuckerberg — and technical investment in privacy.” Satterfield was brought into Facebook to work on privacy and public policy seven years ago — a decade after Facebook was first established.  Related Coverage More

  • in

    Microsoft, CISA urge use of mitigations and workarounds for Office document vulnerability

    Microsoft said it has identified a limited number of attacks targeting a remote code execution vulnerability in MSHTML that affects Microsoft Windows.CISA released its own message urging “users and organizations to review Microsoft’s mitigations and workarounds to address CVE-2021-40444, a remote code execution vulnerability in Microsoft Windows.”Microsoft said the vulnerability was first discovered by Rick Cole of the Microsoft Security Response Center, Haifei Li of EXPMON as well as Dhanesh Kizhakkinan, Bryce Abdo and Genwei Jiang of Mandiant. “Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine,” Microsoft explained. “The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.” The Microsoft release notes that their Defender Antivirus and Defender for Endpoint protect against the vulnerability. Anyone who has the tools and uses automatic updates is safe from the vulnerability, while they noted that enterprise customers who manage updates “should select the detection build 1.349.22.0 or newer and deploy it across their environments.” The alerts in Microsoft Defender will show up as “Suspicious Cpl File Execution.”

    Microsoft said once its investigation is finished, they will send out a security update in a Patch Tuesday release or in a separate out-of-cycle security update. The release adds that Microsoft Office opens documents from the internet in Protected View or Application Guard for Office by default, both of which prevent the current attack. In terms of mitigations and workarounds, Microsoft suggested disabling the installation of all ActiveX controls in Internet Explorer. “This can be accomplished for all sites by updating the registry. Previously-installed ActiveX controls will continue to run, but do not expose this vulnerability,” the release said. “If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly.” The notice also provide specific instructions on how to disable ActiveX controls on an individual system. Mandiant threat analyst Andrew Thompson noted that “robust detections focused on post-exploitation behavior are a safety net that enables you to detect intrusions involving zero day exploitation.” More