Category Archives: Antivirus Vendors

Antivirus Vendors

Panda Security

Online harassment: is it time we do something about it?

Leave a comment

The real old, witty insult has come a long way since it was first blurted out by Mr. Caveman back in pre-historic times. That first grumble started everything and the rest, as they say, is history. Fast forward to 2017 – there’s now plenty of ways to deliver an insult to anyone, whether you know the person or not. And it can be done from a very familiar location: the relative safety of your home, sat at your desk, using a computer, typing furiously (instead of barking around as your distant ancestors did).

Online harassment is reaching epidemic proportions.

In the beginning, wasn’t the Internet promising a new era of civilized conversations? Here in the United States, freedom of speech is protected from government restrictions by the First Amendment to the United States Constitution. So what’s the difference anyway between a good old joke and harassment? Well, a joke is usually funny. Yep, that’s right: the fun has got to be both ways. A line is crossed when there are tears (we’re not talking about tears of joy here). Maybe it’s time to call time on the bullies.

Twitter seems to be thinking so. Everyone agrees there will always be trolls out there. Apparently, it’s a sad side to human nature. But since last month the company is making it harder for people who have been suspended for harassment previously to create new accounts. For obvious reasons, Twitter can’t disclose just how exactly it’s doing this. But the fact it is taking action has to be a good thing. Insiders say that in all likelihood users are still going to see some of the usual roughness, though it is hoped most of the mindless drivel will be flushed out. Phew!

“Safe search” feature

Also Twitter is working on a “safe search” feature, this is meant to remove those tweets that have sensitive content or come from muted and blocked accounts. These changes are being rolled out progressively so keep an eye out for them and be sure to share your thoughts about that with us. Are these changes making a difference? Are the tone of your exchanges better – if only a little bit?

Think before you tweet!

It’s important always to remember and follow the usual safety rules when online, so here are some Twitter-specific tips for you. Malicious people will sometimes try to take over accounts so they can send private messages or spam to a person’s followers. To guard against this don’t click links in Direct Messages unless you were expecting a link from that person! Also, many hacks will happen when Twitter login details are entered into a fake website. So be careful of sites that look like Twitter.com it’s easy to get spoofed.

Why not double check anti-virus protection while you’re at it? Granted, Twitter is doing its part to stop the insults flowing. How about you stop the hackers in their tracks with Panda Security? The company’s products include some of the most advanced cyber-security services available on the market. It may not stop the insults, but at least it will prevent you from becoming a victim of a cyber-crime.

The post Online harassment: is it time we do something about it? appeared first on Panda Security Mediacenter.

Panda Security

NSA and CIA were spying on you! So what?

Leave a comment

A few days ago WikiLeaks released information clarifying CIA have developed a whole lot of hacking tools that allow them to spy on everyone somehow connected to the internet.

Unfortunately,it’s not news NSA, and CIA are spying on you, this has been a well-known fact for years. According to NSA and CIA, the primary goal of the global internet monitoring is the fight against terrorism. There is no precise statistics of how many terrorist attacks have been prevented thanks to the patriot act and the hard-working guys at NSA and CIA. However, we are sure they’ve been doing a good job so far – with small exceptions there haven’t been any major incidents here on US soil since 9/11.

Even though no one is euphoric CIA and NSA seem to have access to virtually everything digital in the world, regular folks have accepted it.

So why is all the fuzz around WikiLeaks and their latest Vault 7 leak?

The problem is that according to Julian Assange, the tools CIA and NSA have developed could also be classified as cyber weapons. Briefly, it’s the equivalent of the discovery of the atomic bomb. If these cyber arms end up in the wrong hands, things can go horribly wrong. Imagine if a 16-year-old stoner from FYROM manages to access your router, and record everything connected to it. Imagine if they can do the same thing to a top government official.

Or if a piece of hardware used in airplanes has a backdoor allowing unauthorized access to the equipment located at captain’s cockpit. This is scary, isn’t it? We live in a digital era where adults in the US spend an average of 5 hours a day staring at their cell phones. We monitor our children with baby monitors, and we pay bills and shop online on a daily basis. There is barely any cash seen in the modern world; all our finances are in digital bank accounts. We no longer work for hard cash, we work for ‘doubloons’ in our bank account. Our life is starting to feel as we are in a video game, and as in many video games, villains want to take advantage of the regular people. Everything we do and that matters to us is somehow visible as a digital print.

So let’s get back to what’s scary.

The scary part is that CIA and NSA obviously are having issues keeping all this information secure and it is possible those cyber weapons will end up in the wrong hands. How would you feel if you know Iran, Russia or China have this power too? It would be a chilling fact to realize that a foreign government knows more about you than your own.

It will surely give you the chills to understand that a country with completely different beliefs and culture has access to your personal and professional life. Such hacking scandals also cause a stir around the globe as other nations say the USA needs to stop spying on them.

The good news is…

And if we try to somehow forget about governments fighting each other in cyber wars, such weapons could end up in the hands of groups of hackers who are after the regular people. The good news is that cyber criminals do not have nationality or beliefs; most of the times they are not after you; they are after your money. And using the weapons developed by CIA and described at WikiLeaks, gaining access to your bank account seems like a child’s play if you are not protected.

Julian Assange says the information released a few days ago is only 1% of what it is to come. According to WikiLeaks, the Vault 7 series will be the largest intelligence publication in history. We can surely expect extraordinary findings over the course of the next few months!

The post NSA and CIA were spying on you! So what? appeared first on Panda Security Mediacenter.

Avira

A cat and mouse game: catch the bad guy if you can

Leave a comment

A cat and mouse game with the government: catch the bad guy if you can, Regierung

In today’s connected world, governmental agencies spend tax money investigating new ways to breach software created to protect people, cyber-threats are getting more and more complex due to the diversity of devices, and users are less and less interested in protecting their privacy. Who’s the bad guy in this story and how can security vendors […]

The post A cat and mouse game: catch the bad guy if you can appeared first on Avira Blog.

Panda Security

Mobile World Congress 2017: Are Future Technologies Safe?

Leave a comment

“Technology is very hard to predict.”

So said Reed Hastings, Netflix CEO, during his keynote at this year’s Mobile World Congress when asked what his forecast was for future technologies over the next five to twenty years.

This year’s Mobile World Congress (MWC) was full of tech that gets us excited about the future though. From 5G, which could be up to a thousand times faster than 4G, to new real-world VR applications, the event over the years has become so much more than just a showcase for mobile devices.

We were able to check it out, and have put together a list of some of the technologies that got us most excited, and that we feel will form a big part of our future lives.

As Hervé Lambert, Global Consumer Operations Manager at Panda Security, was quick to point out though, there is a flipside. As he put it, as these new technologies advance, cyber criminals “will become more specialized with each type of attack and will go deeper into the system.” For every new exciting piece of tech, there is of course, the question of cyber security.

How will this tech shape our future and will it be one where we can feel safe in the physical and digital world?

Robots / AI

Driving home the MWC’s futurist appeal, as well as the fact that the event is more than a simple mobile device exhibition, was the amount of robots on display this year. PaPeRo, the human companion robot was demoed by various companies. Its impressive face recognition capabilities can be utilized for public safety, even being able to track lost children in shopping malls.

At the Ubuntu stall, meanwhile, REEM and REEM-C were both on display. REEM-C, which was designed by Barcelona-based PAL Robotics, is a flexible full-size humanoid biped robot that is used for different types of research, including AI.

Being connected to the Internet of Things (IoT) obviously poses potential risks.

REEM-C, for example, weighs 80 kg. In a future where robots are more widely available, a malicious attacker could cause real damage by taking control of such a heavy piece of machinery.

AI and big data analysis is actually being used today to make people safer though. During a keynote speech at the MWC, Takashi Niino, CEO and president of the NEC Corporation, described how real-time analysis with face recognition technology is being used in Tigre, Argentina to reduce crime. The highly accurate face recognition technology can be used to identify criminals, and even to detect suspicious behavior. Since the “urban surveillance system” was implemented, vehicle theft has gone down by 80 per cent in Tigre.

“AI will soon become a reality of most people’s daily lives”

As always, there’s another side to the coin though. Whilst high-speed data analysis allows law enforcement to act more efficiently, it also does the same for cybercriminals. “Cyber crime is increasingly becoming automated and the number of incidents are escalating exponentially”, said Hervé Lambert. “AI will soon become a reality of most people’s daily lives, so it is very important that its development is overseen responsibly by engineers that are specialized in intelligent security.

Virtual Reality (VR) / Augmented Reality (AR)

Virtual reality has been touted for a while as the next big thing in entertainment. We’ll be able to fully immerse ourselves in distant locations and invented realities. Arguably, its close relative, augmented reality (AR), is where the most life-changing innovation is going to take place though.

Several new VR/AR applications were on show at the MWC. Relúmĭno –which was on show at Samsung’s C-Lab VR projects stall– demonstrated an impressive practical application for VR. The Relúmĭno app, designed for Samsung’s Gear VR headset, acts as a smart visual aid for visually impaired people by remapping blindspots. The effect, when using the headset, can be described as seeing the world as a cartoon with edges and surfaces in your surroundings rendered as sharp black lines.

Other separate standalone projects, like Inflight VR, aim to enhance our inflight experience with VR entertainment. Flight notifications will appear at the bottom of the screen as you navigate the hand-tracking controlled system. LiveRoom, on the other hand, will allow people a more immersive retail experience with its AR capabilities, and can also be used to enhance the classroom experience.

What dangers do we face when it comes to VR/AR though?

VR and AR can be compared to social media, but on a whole other level. This means that when it comes to online privacy, the stakes will be much higher. An unfortunate example has already been seen of this in real life. Users have reported sexual harassment on VR, with inappropriate gestures by some gamers towards other players. Much like with social media, some users sadly see the anonymity afforded by their digital avatars as allowing them to act inappropriately in the digital world.

This type of problem could reverberate beyond just VR gaming though. It’s very likely that our digital avatars will become an even more important part of our lives in VR than they are now in the likes of Twitter and Facebook. If hackers can carry out ransomware attacks after retrieving information on social media, it’s possible that this type of attack will be an even bigger danger with VR in the future.

Connected and Autonomous Cars

One of the visions of the future presented at the MWC was one of people sitting back on their commute to work, in their driverless cars, as the vehicle safely takes control of everything.

Whilst this future may still be in the distance, some cars on display at the MWC are certainly taking us in that direction. Roborace showed off its “robocar” at the even, whilst Peugeot revealed its Instinct concept car, a futuristic and stylish vehicle that wouldn’t look out of place in a sci-fi movie. One of the Instinct’s capabilities is that it can change the ambience inside the vehicle, depending on the passenger’s mood. Stressed out after work? It’ll put you into a relaxed seating position and change the lighting to ‘ambient’.

As the car will connect to the IoT using Samsung’s Artik cloud platform, it will be able to seamlessly integrate your vehicle’s operating system with other devices. This could make your car remind you that a drive to the supermarket is in order, for example. Haven’t been keeping up with your fitness regime? Your car could encourage you to stop and jog the rest of your journey.

Potential risks

Of course there are potential risks when it comes to this technology. Though the technology doesn’t exist yet, there were many 5G demonstrations at the MWC. Most of these focused on reduced latency speeds, meaning that we’ll have a future where almost anything can be controlled in real-time. Could hackers take control of a vehicle that’s connected to the IoT and take it off course without the passenger realizing? It’s a scary prospect.

“Online security’s Achilles’ heel is the Internet of Things”

According to Panda Security’s Hervé Lambert, “online security’s Achilles’ heel is the Internet of Things”. It’s important for cyber security experts to keep up with tech innovations, as there’s no doubt that cyber criminals will too.

Lambert says that hackers aren’t the only worry though. It’s a possibility that in the future, “insurance companies could exploit driving data. This could include data about the way people drive and it could be used to increase insurance prices based on new criteria.” Insurers could have access to a huge amount of data, including where people drive and where they park.

Third-party data gathering could be taken to a whole new level. The IoT will massively benefit our lives, but sadly, it could also open a door to hackers and companies that are looking to financially exploit its users.

Honorable Mentions

“Smart cities, smart factories, smart cars, and anything ‘smart’ will also create a necessity for smart security.”

There was so much tech on show at this month’s Mobile World Congress that will undoubtedly shape our futures and improve our lives in many ways.

Just as autonomous cars look to be brining sci-fi predictions to real life, IIT’s grapheme electrode prosthetic is set to change people’s lives in a way that was previously only imaginable on the big screen. Think Luke Skywalker’s robot hand in The Empire Strikes Back. Graphene, a material that is invisible to the naked eye, will allow electrodes to be embedded comfortably into a robot-like prosthetic hand; a big advance in prostheses.

Drones were also a big draw at the MWC. Though they can be used for games as well as to record things from a distance, their most prominently discussed capacity at the MWC was for use in security systems. Whilst the flying machines will allow efficient surveillance, we also face the Orwellian prospect of drone surveillance as a means for law enforcement. Will they keep us safe or be used to control us? Only time will tell.

When pushed to give an answer for his forecast of the future, Reed Hastings said, “[at Netflix] we’re not sure if we’ll be entertaining you or AI.” While such advances in artificial intelligence are still a long way away, the Mobile World Congress has shown this year that technology will increasingly become a seamlessly integrated part of our very existence. Though future predictions are largely positive when it comes to new technologies, there’s a negative side that also merits attention.

As Hervé Lambert puts it, “smart cities, smart factories, smart cars, and anything ‘smart’ will also create a necessity for smart security.

Cyber security is undeniably a big part of the puzzle when it comes to a future of safe, smart, integrated cities.

The post Mobile World Congress 2017: Are Future Technologies Safe? appeared first on Panda Security Mediacenter.

Panda Security

Sticky Attacks: When the operating system turns against you

Leave a comment

Cyber-attackers are always finding new ways of bypassing the protection systems installed on computers in order to avoid detection and steal user data. In that respect, Black Hat hackers have always turned to malware-based attacks (phishing, network worms, or the dreaded Trojans with ransomware as the most dangerous example) to reach their goals: break into companies to steal credentials and huge amounts of other data in exchange for a ransom… At least, until now.

PandaLabs has recently detected a quite clever attack targeting a company in Hungary. What makes it so special? Well, the attack does not use any malware as such, but scripts and other tools belonging to the operating system itself in order to bypass scanners. This is just another example of the increased self-confidence and professionalization we have been observing among cyber-crooks in recent months.

Analysis of a malware-less attack

First, and as has become the norm in the latest security incidents analyzed at the lab, the attack starts with the attackers launching a brute-force attack against a server with the Remote Desktop Protocol (RDP) enabled. Once they get the computer’s login credentials, they have complete access to it.

Then, the first thing that the attackers do is run the sethc.exe file with the parameter 211 from the computer’s Command Prompt window (CMD). This turns on the system’s “Sticky Keys” feature. We are sure you have seen this message before:

panda-security-pandalabs

Next, a program called “Traffic Spirit” is downloaded and run. “Traffic Spirit” is a traffic generator application which in this case is used to make extra money out of the compromised computers.

panda-security
Traffic Spirit website

Then, a self-extracting file is launched that uncompresses the following files in the %Windows%cmdacoBin folder:

  • registery.reg
  • SCracker.bat
  • sys.bat

The attackers then proceed to run the Windows registry editor (Regedit.exe) to add the following key contained in the registery.reg file:

This key aims at ensuring that every time the Sticky Keys feature is used (sethc.exe), a file called SCracker.bat gets run. This is a batch file that implements a very simple authentication system. Running the file displays the following window:

The user name and password are obtained from two variables included in the sys.bat file:

This way, the attacker installs a backdoor on the affected machine. With this backdoor, the attacker will be able to connect to the targeted computer without having to enter the login credentials, enable the Sticky Keys feature (for example, by pressing the SHIFT key five times), and enter the relevant user name and password to open a command shell:

The command shell shortcuts will allow the attacker to access certain directories, change the console color, and make use of other typical command-line commands.

However, the attack doesn’t stop here. In their attempt to make as much profit as possible from the targeted company, the attacker installs a bitcoin miner to take advantage of every compromised computer for free money. Bitcoin mining software aims to use the victims’ computer resources to generate the virtual currency without them realizing. A cheap and very effective way to monetize computer infections.

How does the Sticky Keys feature aid cyber-crooks?

If an attacker can actually access a targeted computer via an RDP connection, what do they need a backdoor for? The answer to this question is quite simple: By installing a backdoor on the affected machine, even if the victim realizes that their system has been compromised and changes the Remote Desktop credentials, all the attacker has to do is  press the SHIFT key five times to enable Sticky Keys and run the backdoor to be able to access the system again. And remember, all of this without running malware on the affected computer.

Adaptive Defense 360, Panda Security’s advanced cyber-security solution, was capable of stopping this targeted attack thanks to the continuous monitoring of the company’s IT network, saving the organization from serious financial and reputational harm. Protect your corporate network with the security solution that best adapts to your needs.

 

The post Sticky Attacks: When the operating system turns against you appeared first on Panda Security Mediacenter.

Panda Security

Protect your social media account in these 5 simple steps

Leave a comment

It’s pervasive; it’s everywhere. It can even rig national elections according to some well-known experts and academics. No, we’re not talking about Vladimir Putin’s team of world-class cyber spies. We’re talking about the medium of social media.

Hate it or love it, social media is here to stay. It’s bringing us closer to one another, and it’s helping us keep in touch across vast distances. Hey, it’s even helping us reconnect with these long-lost, faraway people we thought we’d never hear from again. Like, ever. And on the other hand, it’s hard to remain anonymous these days.

There are many people who decide not to store and share information on their social networks in order to avoid risks

It is smarter to share content on social networks from a cyber-secure point of view than to try to do not to exist digitally

The kind of information we share on social media is very personal and everyone posts what they concon disider necessary. However, we live in a hyper-connected society and there’s a lot of effort to be made to avoid leaving our mark on the Internet. Sooner or later, somebody ends up doing it for us. It is smarter to share content on social networks from a cyber-secure point of view than to try to do not to exist digitally. At least in the first case, what you have on the Internet is protected, “says Hervé Lambert, Global Consumer Operations Manager at Panda Security.

We are not saying we ought to pull the plug on this social media thing altogether. It has too many advantages to give up… But with the rise of fake news and cyber insecurity, we need to be protected.

Malware programs

As an example malware, short for malicious software, are computer programs that get installed on your device – often inadvertently. It may just be a brief moment of inattention, one rapid click, and boom! A malware installs itself on your hard drive if you are not protected.

Malware programs will then disrupt normal operations, and they might collect personal data like bank details, credit card information, and passwords. Briefly, anything valuable to any mildly talented crook. And let’s face it, by listening to the news, it’s seems that there are many of them out there.

Nothing is more important than the safety of the people who use Facebook, and the security of their data.

According to Facebook, “nothing is more important than the safety of the people who use Facebook, and the security of their data.” That’s re-assuring. The company has a Security Team dedicated to keeping you safe. Apparently, they’ve pioneered multiple defense systems against spam, viruses and phishing attacks. And even though Facebook has some automated enforcement mechanisms that are meant to shut down malicious apps, pages or accounts quickly, sometimes troubles makers manage to people like you.

Prevention is the best cure, therefore, why not implement these easy steps to protect your social media accounts?

  • Step 1: Choose a secure password. The bottom line is you need a more robust password. Sorry to disappoint, but if you think pa55word is a safe option then think again. Someone figured that one out a long time ago.
  • Step 2: Don’t put sensitive information in your profile. Why would anyone want to do this anyway? Like your mother would say: “if in doubt, leave it out.”
  • Step 3: Refuse to let ANY application access your profile. That’s right, and we mean it: deny access to all of them. They promise to make your life easier, but they might end up making your life a nightmare instead!
  • Step 4: Don’t click on suspicious links, however tempting they may look. It’s not worth it! Think before you take action.
  • Step 5: adjust your privacy settings. There’s a reason why these settings exist, familiarize yourself with them and review them regularly. You’ll thank us later!

And remember that if you think your device may have been infected with malware, fear not: help is available. Anti-virus specialists like us propose an advanced, dynamic, ever-evolving cyber-security model based on the principles of artificial intelligence. In short: we’ve got your back.

We developed, patented sets of proactive technologies aimed at blocking unknown viruses, along with the Collective Intelligence model. This system is the first to automatically detect, analyze, and classify malware in real time. We are very proud of our product and remember, your safety is our priority!

The post Protect your social media account in these 5 simple steps appeared first on Panda Security Mediacenter.