Antivirus Vendors
Singer Taylor Swift has had her Twitter and Instagram accounts hacked, but laughed off claims that the hackers will release nude photographs of her.
The post Taylor Swift hacked, but denies naked pictures will be leaked appeared first on We Live Security.
In turn, app developers eager to earn revenues from their hard work find it lucrative to collect as much data from their users as possible in order to offer more ad targeting data, and they can find many convenient ‘mobile monetizing kits’ to handle all the in-app ad publishing details for them.
Unfortunately, both of these practices can cause app developers unwittingly to become a mule for corrupt ad networks and privacy exploits.
Collecting more information from users than is necessary just to have more data to offer to advertisers is not necessarily a good strategy. A recent study published by the Information Commissioner’s Office (ICO) in the UK found that 49% of app users decided not to download an app due to privacy concerns.
If scaring off half of your potential downloads isn’t reason enough to reconsider your app privacy policies, consider the privacy risks and negative publicity. The ICO study was part of a global survey of 1,211 mobile apps, sponsored by the Global Privacy Enforcement Network (GPEN), which enlisted 26 privacy regulators from around the world. The much-publicized conclusion of the survey was that 85% of all apps fail to properly explain what data they are collecting and how they are using it, and that 31% of apps request an “excessive number of permissions to access personal information.”
The numbers and negative attention will only get worse, as privacy groups and media continue to increase their scrutiny of data collection practices.
Unbeknownst to many mobile app developers, their ad networks may be engaging in aggressive practices with their users and where the network has been compromised, even installing malware on their phones. Examples include:
Other technical deficiencies in your mobile app code – such as failing to properly check SSL / TLS certificates or inter-app injection flaws – let hackers exploit your users directly.
With ad-funded mobile apps, the ad network is the data controller technically responsible for stopping malvertisments and other corruptions. But the app developer carries the responsibility to collect only as much user data as needed, to protect that data from exfiltration, and to do background checks of the ad publishing networks being used. Otherwise the mobile app developer may become an unwitting aid to criminals.
The post Mobile App Developers Unwittingly Aid Criminals appeared first on Avira Blog.
Panda Security, The Cloud Security Company, celebrates its 25th anniversary with a brand new strategic plan and a new corporate identity that goes far beyond simply using a different logo or brand image. This initiative has brought about a comprehensive transformation, both external and internal, which affects all of the company’s values and processes and reflects the company’s essence more accurately: innovation, vision and talent. This change represents the birth of a new Panda.
“We want to be perceived by the industry as we really are: challenging and innovative with deep human values. That’s why we have created a new corporate identity that we feel more identified with and which is closer, simpler and more modern. This transformation is based on the concept of “simplexity”: making complex things simple, simplifying the complexities faced by the computer security sector”, said Paula Quirós, CMO at Panda Security.
Panda Security has been working intensely on this project for more than a year, with participation from all of the company’s offices around the world. “This has been a very comprehensive project but also exciting at the same time. We have taken into account opinions from all the departments in Panda Security both in our headquarters in Spain and the rest of the world, as well as the insight offered by our customers and partners. Obviously, we have also closely tracked the competition and the computer security industry in general. The result? A completely renewed corporate image, fresh and simple, which differentiates us and positions us where we want to be. We are Panda, we are simplexity”, explained Panda Security’s CMO.
Panda’s rebranding initiative signals the beginning of an ambitious five-year strategic plan based on growth, technology and international expansion. “The objective for the next five years is to grow at twice the rate of the computer security industry, as well as integrating and unifying technologies to provide our customers with a global security service that includes elements such as mobility or the Internet of Things under the concepts of simplexity and peace of mind. Additionally, we will continue to expand our international presence, with special emphasis on the European, North American and Latin American markets”, explained Diego Navarrete, Panda Security CEO.
The agency selected to assist Panda in such an ambitious project was Saffron Brand Consultants. Panda and Saffron worked closely together in 2014 to shape a new, closer and more modern Panda, with a new design that conveys the sharp, honest and optimistic spirit of the brand.
“In short, with this new identity we want our customers to perceive us as we really are. A close, friendly, innovative company capable of successfully facing the present and future challenges,” concluded Paula Quiros.
You can see the new brand video here.
The post Panda Security announces new growth strategy and identity change #PandaSimplexity appeared first on MediaCenter Panda Security.
Privacy and security are intertwined when it comes to our individual information. Consumers are becoming increasingly aware of the value of their personal data, so that means that businesses have to step up and do a better job of securing that data. Identity theft is the #1 fear of consumers, but for your business the risk is loss of trust and brand damage.
Since trust is the core of any transaction it’s important to know how privacy factors into your customer’s buying decisions. Research shows that almost 40% of consumers made buying decisions based upon privacy. When looking at who these people are, it was found that these individuals are aged 46-65 and have the highest incomes. But don’t rely on the business of the younger generation to supplant that once trust is lost; 27% of millenials abandoned an online purchase in the past month due to privacy or security concerns.
To mark Data Privacy Day on January 28, the following Privacy is Good for Business tips were created by privacy experts in civil-society, non-profit, government and industry and aspire to help business address the public’s growing privacy concerns:
January 28 is Data Privacy Day, an international acknowledgment of the importance of privacy in an increasingly data-driven world. The key themes of Data Privacy Day this year are: Respecting privacy, Safeguarding data, Enabling trust.
The post Data Privacy Day 2015: Respecting privacy, safeguarding data, enabling trust appeared first on We Live Security.
Marriott International has fixed an exploit in their Android app, that could expose personal details for customers of the hotel chain, highlighted by a security researcher.
The post Marriott fixes Android app exploit that could expose personal data appeared first on We Live Security.
The papillary ridges of our fingers define us as unique in the universe. That is why our fingerprints are being used more in the biometric security field; our finger conceals a password that is difficult to steal.
Computers and smartphones are already adopting this technology. The iPhone 6 and Samsung Galaxy S5 incorporate a fingerprint scanner so that you are the only one who can unlock your phone. With this system, you can supposedly rest easy in the knowledge that if your phone is stolen, the thief will be left flabbergasted when he realizes that he cannot access the valuable data stored on it.
However, we are sorry to tell you that there is a way of getting your fingerprint and don’t think that we are going to talk about amputating one of your limbs. A few photos of your finger can now be used to copy every tiniest detail of your fingerprint and impersonate you, as demonstrated by security expert Jan Krissler, alias “Starburg”, in a conference organized by the Chaos Computer Club, one of Europe’s largest hacker communities.
Last year, the Chaos Computer Club announced that it had managed to hack the iPhone 5S fingerprint scanner. Now, they have moved on from hacking the security of the device to hacking the security of a finger, without even needing to have physical contact.
Krissler explained that he had copied the fingerprint of German Defense Minister, Ursula von der Leyen, without needing an object that the politician had touched. All he needed was a few photos taken with a standard camera (one of them from her press office) to discover all of the data that the minister has in her fingerprint. In order to carry out the experiment, he combined various images showing von der Leyen’s finger from different angles.
This hacker used Verifinger, a commercial fingerprint identification software, to clone the minister’s thumbprint using the photos. A simple method for getting the fingerprint of anyone you want.
“After this talk, politicians will presumably wear gloves when talking in public,” said the hacker during the presentation. We do not know if the minister will be as happy about this cloning and will now be obsessed with hiding her hands in future public appearances.
Jan Krissler, who has researched weakness in biometric security systems at the Technical University of Berlin, demonstrated the effectiveness of his method during the conference. This is not the first time that the hacker has demonstrated that the famous biometric techniques, which base their security on unique features of our body (the fingerprint, retina, iris or facial features), are not as secure as we thought. This hacker reproduced in 2008 the fingerprint of the German Minister of the Interior at the time, now Minister of Finance, Wolfgang Schäuble.
According to Krissler, iris, facial and fingerprint scanners can be fooled easily. “I consider my password safer than my fingerprint… My password is in my head, and if I’m careful when typing, I remain the only one who knows it”.
Even our body is no longer a safe place if a hacker has the brilliant idea of copying our features. So, if you have an iPhone, perhaps the next time you use the fingerprint sensor, you will bear in mind that someone could copy your beautiful finger using a few Facebook pictures that show your fingers from different angles. However, you can rest more easily knowing that your data is not as interesting as that of a politician and no hacker is going to take the trouble to copy your fingerprint. Anyone who is not content with that does not want to be.
The post It only took a few photos to copy the fingerprint of the Minister of Defense: Could the same happen to you? appeared first on MediaCenter Panda Security.
A vulnerability in Android’s Wi-Fi Direct functionality has been uncovered by security researchers.
The post Android Wi-Fi Direct bug means hackers can reboot your device appeared first on We Live Security.
President Obama’s recently announced comprehensive new cybersecurity proposal for the U.S., highlighted in his State of the Union address (you can see a full transcript of this address here), puts the issue of cybersecurity where it should be: front and center.
The high-profile cyber-attacks and hacks of the past year have drawn a mainstream spotlight to cybersecurity. As the President emphasized in his address: “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids.”
What are my thoughts? I think this is a real, actionable step in the right direction to increase the war on cyber-attacks and protect consumers and businesses.
The new Presidential cybersecurity proposal, officially announced on December 19 at the National Cybersecurity and Communications Integration Center, aims to move to quicker and more active security breach and threat reporting.
According to the White House announcement, the proposal would create a more proactive environment for companies and organizations in the private sector to share security breaches with the government. The proposal, for example, would criminalize the sale of stolen financial data, and mandate that companies notify consumers about data breaches, as well as protect companies from liability.
As stated by the White House, “Specifically, the proposal encourages the private sector to share appropriate cyber threat information with the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC), which will then share it in as close to real-time as practicable with relevant federal agencies and with private sector-developed and operated Information.”
Information sharing provides a way to get a real-time response to these breaches. But it’s the old left-hand, right-hand problem. Information sharing would speed up an organized response to a data breach or cyber-threat and allow a concerted response. But there remain legitimate concerns in many camps about the information shared.
This proposal seems to be well crafted in that it recognizes a general apprehension of handing over information to the government, a genuine concern (even an obsession) for many. The plan seeks to mollify privacy concerns by requiring participating companies to comply with a set of restrictions, such as removing “unnecessary personal information” and to protect personal information that has been shared.
A national standard in the United States for reporting breaches has been a long time coming. If you’re a company that has been hacked, your obligations are different in different states. If your information has been hacked, a company’s obligation to report it to you currently depends on the regulations of the state you reside in, which simply doesn’t make sense. If you’ve been hacked by someone from Russia, for example, does it matter whether you live in Connecticut or Texas? The problem is a global one, but a national plan is a great move.
The new cybersecurity proposal has critics and supporters lining up in debate. And the prospect is real that this cybersecurity plan like previous proposals could become stalled in Congress.
“cybersecurity needs to be proactive in preventing and detecting cyber crime”.
We all need to focus on the idea that cybersecurity is not just reactive, but needs to be proactive – in preventing and detecting cyber crime. The President’s proposal is a step along that path.
I’m looking forward to a next step and results of the newly announced Summit on Cybersecurity and Consumer Protection at Stanford on February 13, 2015 which will convene a wide variety of groups for industry, private and public – to help shape public and private sector efforts to protect consumers and companies from growing network threats.
The good news is that momentum for cybersecurity is building. If we can get business, government, and the security industry in this country working from the same digital page, the benefits could be tremendous.
It’s a critical and very exciting time to be in digital security.
