Antivirus Vendors
Like most of us, you probably got the router you use in your home from your internet service provider. Like most of us, you probably have not changed the password. And like most of us, you probably didn’t even know there was a password to be changed, much less how to access it.
A 29-year-old man has been arrested at Luton airport by the UK’s National Crime Agency (NCA) in connection with a massive internet attack that disrupted telephone, television and internet services in Germany last November.
The post British man arrested after 900,000 broadband routers knocked offline in Germany appeared first on WeLiveSecurity
http://www.pandasecurity.com/mediacenter/src/uploads/2017/02/facebook-two-step-verification-300×225.jpg
We’ve all been there. You get a new smartphone or computer, and you have to slog through all of your first-time logins by manually typing out usernames, passwords, etc. Sometimes it happens that one of your accounts has a particularly difficult password that you barely even remember creating and – yep, you get locked out of your account. You curse yourself for that distant day when you felt so ambitious about password security and created such a puzzle for your future self. But if you’re among the many who ordinarily aren’t too finicky about security, then you’ll probably have no qualms about recovering access to your account by requesting a password reset email from the company.
However, cases reminiscent of the recent data breach of the century at Yahoo that affected a billion accounts show the need for additional security measures. Attackers would be happy to use passwords and security questions collected from such breaches to access your current accounts. In fact, the password recovery link itself may be compromised.
The alternative standard procedure in these cases is the two step verification: associate a phone number with the account to add an extra layer of security. This option is available on a number of services, including Gmail, Facebook, Twitter, and Instagram. However, Facebook has just announced a new way to recover forgotten passwords safely and without the need of a phone.
Soon, the social network par excellence will allow third-party web users to recover their passwords through their own service. Internet users will be able to save an encrypted token on Facebook that allows them to retrieve their password on pages like GitHub. This way, if you lose your Github password, you can send the token from your Facebook account, thus proving your identity and regaining access to your GitHub profile.
The company has emphasized that the token’s encryption guarantees user privacy. Facebook can’t read the information stored in it and will not share it with the service you’re using it for without express permission from the user.
At the moment, the service, which has been called Delegated Recovery, is only available on GitHub. It has also been made available to researchers as an open source tool to be scrutinized for vulnerabilities before it is implemented to other websites and platforms.
With this new method, Facebook aims to eliminate the headaches of users who suffer theft or loss of their smartphones and can’t recover their accounts immediately. And while they’re at it, they’ll take the opportunity to offer themselves up as a safer alternative to email when it comes to recovering passwords. “There’s a lot of technical reasons why recovery emails aren’t that secure. Email security doesn’t have the greatest reputation right now. It’s the single point of failure for everything you do online,” said Brad Hill, security engineer at Facebook. Will Facebook succeed in becoming the hub of all of our accounts? Time will tell.
The post Two Step Verification, and How Facebook Plans to Overhaul It appeared first on Panda Security Mediacenter.
Can Parental Spyware Keep Kids Safe Online? – Christian Science Monitor
When computers were still relatively new, antivirus software defended against the only existing threat at the time – viruses. Today, users must protect themselves and their devices from viruses and from malware such as ransomware, as well as malicious activities carried out by cyber crooks, including Wi-Fi snooping to steal personal information, account breaching, and infecting Internet of Things (IoT) devices to perform DDoS attacks. You may be wondering, then, how to protect yourself from so many – and such diverse – threats.
While small and medium businesses don’t appear to be as concerned about their cybersecurity vulnerabilities as they should be – i.e. SMBs are the principal targets of cybercrime and as many as 60 percent of hacked SMBs go out of business after six months – the reality is that the growing and rapidly changing threatscape and limited resources are driving them to outside help to protect their businesses. That protection can include assessments, remote monitoring and management, and backup and disaster recovery, but one way to stand out from the competition is to focus on their risk tolerances and customize your offerings to their individual risk appetites.
http://www.pandasecurity.com/mediacenter/src/uploads/2017/02/pandasecurity-MC-whatsapp-status-300×225.jpg
WhatsApp –the Facebook-owned giant that really needs no introduction– is seemingly on a mission for world domination, this time, taking on Snapchat.
The instant messaging company’s new WhatsApp Status feature will allow users to privately share edited photos, videos and GIFs, with their contacts, that will disappear after 24 hours.
It’s not the first Facebook-led Snapchat Stories copycat, but it’s perhaps the most ambitious. WhatsApp, with over a billion users, have really taken on the competition here.
One of the interesting points that Whatsapp have always made sure to emphasize in their blog is the “security by default” principle which will be upheld by Stories.
In the Status feature statement, Jan Koum has said “yes, even your status updates are end-to-end encrypted.”
Hervé Lambert, Retail Global Consumer Operations Manager at Panda Security says that the use of Whatsapp Status is still not risk-free:
“After having carried out various studies on the behavior of people on social media, we’ve detected a few potential risks that all users of this new version of WhatsApp Status should recognize.”
The default setting on WhatsApp Status will be set to public. All of your statuses will be visible to any contact you have on your phone. To some, this may entail a real invasion of privacy as most people hand out their phone number much more readily than they accept someone on social media. Think of the amount of work acquaintances or casual contacts that will have access to potentially private posts.
“We have to take into consideration that we can’t tell certain details of our private lives to all our contacts. We don’t know what these people could do with this information,” adds Hervé Lambert.
WhatsApp certainly prides itself on being a secure app with its end-to-end encryption, and rightly so. However, the fact that it boasts millions of users still makes it a target for hackers who seek to carry out cyber attacks on large amounts of people. For these attackers, it’s a probability game; the more users they try to attack the more likely they will succeed.
Apple’s, iOS Messenger, has recently been exposed by cybersecurity experts. Though the vulnerability in that app is by no means a cause for great concern in itself, it shows that encrypted messaging apps are not impenetrable.
Who are these types of features usually aimed at? It’s possible that Whatsapp Status could be a ploy to encourage less tech-savvy users to cross over to more involving social media, like Facebook itself, after having tried out the new Whatsapp feature for the first time.
However, it’s safe to say that features like Status, Snapchat Stories and Instagram Stories are most popular amongst young kids who enjoy the ability to post weird and wonderful images that won’t be saved on a profile indefinitely.
Unfortunately, young people are also perhaps the most vulnerable to ransomware attacks.
The very fact that the posted statuses are less permanent leads some young people to post photos or videos that are more risqué in nature. Cybercriminals look for this kind of content online to lead vulnerable young people into paying a ransom, or carrying out undesired actions if they don’t want the content shared with the public. Caution is always advised when posting online.
When a new feature comes out like Whatsapp Status, there’s usually a huge buzz, and a frenzied search for new functionalities. This is something that cybercriminals try to take advantage of.
It’s important to be weary of new apps claiming to add functionalities to Whatsapp Status. This is specially the case with apps that “promise” they can bypass important functionalities. With apps like Instagram and Facebook, they usually claim they will allow you to see who’s looked at your profile. With Whatsapp Status it would be unsurprising to see some that claim to allow you to still see photos after the 24 hours have passed.
These apps are largely malicious and they draw people in by claiming to be able to bypass an integral functionality of the app. As you try to use the pirate app it could be loading ransomware onto your device. Don’t be drawn in by desires to byspass main functions of an app.
As the new WhatsApp Status feature is rolled out, more possible risks will likely come to the attention of users and cybersecurity experts. Though WhatsApp is a safe app, relatively speaking, it’s important to be careful what you post online and where. It’s not always completely clear who has access to the data.
The post 4 Cybersecurity Risks We’ll Face With WhatsApp Status appeared first on Panda Security Mediacenter.
ESET researchers have discovered a new variant of botnet-forming Android banking malware based on source code made public a couple of months ago.
The post Released Android malware source code used to run a banking botnet appeared first on WeLiveSecurity
Avira’s Phantom VPN keeps a professional distance from you and your data.
The post Some VPNs take your data for a milk run appeared first on Avira Blog.
Kaspersky: Banking Malware Attacks up 30.6% in 2016; Finance Sector Phishing also More Prevalent – SC Magazine
