Category Archives: Antivirus Vendors

Antivirus Vendors

Panda Security

How Fraudulent Advertising Could Be Costly to Your Company

Leave a comment

Your company may be losing money because of online advertising. Beyond the success of advertisements when it comes to converting marketing budgets into sales, a singular type of cyberattack threatens to directly affect your company’s accounts.

Namely, there exist networks of bots that are used to inflate the number of clicks that ads receive. These botnets enable fraudsters to manipulate web advertising metrics, which in turn leads advertisers to pay more than what they should for legitimate clicks.

A recent study reveals the worrying consequences of this subtle kind of fraud. All over the world it has already cost businesses more than $7 billion, bloating advertising figures spectacularly and making up 11% of banner impressions and 23% of video advertisement impressions.

The main problem of this cyberattack in relation to other threats on the web — such as phishing and ransomware — is that it goes completely unnoticed. After infecting devices, cybercriminals are able to discreetly redirect traffic to simulate ad clicks. Since these are real devices owned by real people, advertisers are unaware that behind their ads’ success lies an army of bots.

So, it seems like nipping the problem in the bud may be complicated (at least from the advertiser’s perspective, who is billed according to these metrics, rigged as they may be). However, there are several things that companies can do, such as using quality advertising platforms that offer certain guarantees and that have demonstrated their willingness to persecute those responsible for these botnets.

Beyond that, it’s important to use ad metrics to check the duration of the visit to the webpage and the geographic location from which the supposed clicks are originating. This could be used to expose the fraud. Visitors that enter the page for only a fraction of a second or that do so from a faraway country that has little reason to be interested in the product will, most likely, be infected devices in the botnet.

The same thing happens with botnets used to make social network ad campaigns more expensive. These campaigns are likely orchestrated by a competitor with the intention of making advertising more expensive. In fact, they are relatively easy to track. If a wave of phantom followers appears out of the blue (without profile photo and with strange names), it most likely fraudulent.

The post How Fraudulent Advertising Could Be Costly to Your Company appeared first on Panda Security Mediacenter.

AVG

Beta Test the New AVG 2017!

Leave a comment
There are very few opportunities in life where you have the opportunity to be among the first to try something, but with AVG 2017 we are giving you that opportunity.

When I read news stories and see a new car concept is being tested or a movie idea tested on an audience I want to put myself in the group that excitedly goes where few have been before. Taking the opportunity to be part of the early adopter group that tests and helps shape a product or service for the masses.

If being first excites you then look no further and download the beta version of AVG’s 2017 product. Experience the new look user interface and the new features that are the result of the two large security companies combining their technology to bring you and exciting new product to keep you secure online.

There are many new features to test. Go now and download the new version, step where no one has stepped before and run the very latest AVG 2017 product. I’ll give you a hint on what’s new and where to start checking, real-time updates, CyberCapture and passive mode are to name but a few of the new features that need to be explored.

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/12/screen shot 2016 12 06 at 2.32.03 pm

We have one ask of you though, share the experience with us and let us know what you think through our beta test forum, so we can make sure when we are ready to release it delivers the best experience.

Panda Security

The Worst WhatsApp Scams of 2016

Leave a comment

List of the worst WhatsApp scams for the year.

With 2016 coming to an end we wanted to put together a list of the worst WhatsApp scams for the year. As you may remember WhatsApp was acquired by Facebook back in 2014. The promising app which has been making a name for itself in recent years just got its 1 billionth customer. A quick Google search and we find out that there are nearly 2 billion smartphones in the world. With this in mind, we can easily conclude that every 2nd smartphone user in the world has WhatsApp installed on their cell phone.

This automatically gives cyber trouble makers an opportunity of having one more source they could use for tricking you into giving away personal information such as credit card details, social security number or bank details.

Here’s what you need to know to stay out of danger and not fall victim of WhatsApp scams.

Getting you to download an app

Getting a message from an unknown number that allows you a sneak peek into your friends’ WhatsApp conversations. The message may sound something like ‘All WhatsApp messages are now encrypted but this app beats the code. Find out what your best friend and your girlfriend are talking about.’

It may sound hilarious and easy to catch but you would be surprised by the number of people without antivirus protection who fall for this trick.

The Nigerian lawyer

Have you heard of the Nigerian inheritance scam? It is still out there and even in 2016 you may end up laundering money without even knowing it. People who fall for it very often give away their bank details too. It may sound very 2014 but this scam is still going on in 2016.

These guys have now migrated to sending their messages on WhatsApp. And they still send them because people still fall for it. It may be 1 in a hundred that does, or even 1 in a 1000 but people still do. Common sense and antivirus protection would save you from getting scammed.

Craigslist

Without going into details, every seller on Craigslist wishing that you communicate only via WhatsApp is a person not worth doing business with. No, you will not get that cute little labradoodle puppy if you use an archaic money transfer service to send cash to a third world country while communicating solely over WhatsApp.

The Lady from Thailand

The lady claiming to be from Thailand or the Philippines you’ve been chatting with since last month is now asking you to buy and send her the latest iPhone 7. Even though this may sound legit you can’t be sure of who she really is. Drop the chat and report it. Remember that if it is too good to be true, it most likely isn’t. Don’t be cyber prey.

The 60% off

It may be a voucher or just an invitation to fill out a survey that promises you a gift card. It sounds legit as it promises you a little prize at the end of the survey. You directly get a message that qualifies you for a huge discount on remarkably expensive watches or sunglasses.

In both cases the link forwards you to a website where you give away your name, home address, password and possibly credit card number and SSN. All you get in return are $0.20 or $0.14 transactions on your credit card statement followed by huge losses if these phishing transactions don’t get detected by your bank’s fraud department.
You may get a message about you having a voicemail, a message inviting you to download a premium app, an invitation to join a dating site with millions of single people. A website that is so secure that you are required to add your credit details to obtain membership. Just leave these scammers in 2016.

We hope you didn’t fall for any of these scams this year or simply had protection on your device to keep you away from the cyber criminals. Have a wicked 2017!

The post The Worst WhatsApp Scams of 2016 appeared first on Panda Security Mediacenter.

Panda Security

Can a Hacker Guess Your Password in Only 100 Attempts?

Leave a comment

Making sure that our employees use complex and diverse passwords, both in and out of the workplace, is of vital importance. Not least because multitudes of confidential data could be at risk because of flimsy credentials, ones that are obvious and oft-repeated.

To demonstrate the necessity of adequate protection that also allows for the handling of many distinct passwords, a group of researchers has created a software that is capable of guessing passwords with only a small number of attempts. Specifically, with a little bit of the victim’s personal information, the tool would be able to hit upon the correct password testing fewer than a hundred possibilities.

It’s called TarGuess and was created by researchers at the Universities of Beijing and Fujian in China, and the University of Lancaster in the UK. According to their study, an attacker with sufficient personal information (username, a pet, family members, date of birth, or the destination of their most recent vacations) has a one in five chance of guessing their password in fewer than a hundred attempts.

All they’ve done with TarGuess is to automate the process with a tool that scours social networks for personal information that could later be used in its attempts.

Using this tool, the researches successfully guessed 20% of passwords of those participating in the study with only one hundred attempts. More strikingly, the success rate increases proportionally with the number of guesses. So with a thousand attempts TarGuess is able to get 25% of passwords, and with a million the success rate can climb up to 50%.

Moving beyond the controversial data breaches of platforms such as Yahoo or Dropbox, the main conclusion that this study draws is that many users’ passwords are not robust enough to withstand this kind of attack. And as if that wasn’t enough, these breaches have brought to light another risk: TarGuess reportedly detected that many of these credentials are used in other services, or at best have many similarities (constituting what they call “sister passwords”).

This investigation demonstrates once again the necessity of controlling what kind of information is published on social networks. An employee that ‘shares’ every moment of their life may be inadvertently helping a cyber attacker to learn their password, putting corporate data at risk.

The post Can a Hacker Guess Your Password in Only 100 Attempts? appeared first on Panda Security Mediacenter.

Panda Security

An Oversight in Online Payments Allows Cards to be Hacked in Seconds

Leave a comment

The countdown to year’s end almost inevitably means an increase in online purchases. On the heels of Black Friday and Cyber Monday, a full-blown consumerist race kicks off the goes until January. This 2016 will continue to show consumers turning more and more to e-commerce for their gift giving needs.

However, the convenience of paying by credit card online comes hand in hand with a real risk to our wallets. A recent study by investigators at the University of Newcastle revealed that the existence of a multitude of online payment systems, with their corresponding security measures, isn’t enough to guarantee consumer protection.  It’s more like the opposite — often, as a result of so much variety, we end up with a chaotic jumble that generates major vulnerabilities.

After analyzing several different payment methods, researchers discovered a new type of attack that allows cybercriminals to hack a credit card in only six seconds.

This kind of attack, which takes advantage of a couple of vulnerabilities with Visa cards, is already being used. In fact, it is believed to be the system used to steal money from 20,000 accounts of Tesco’s clients.

Actually, the attack is not very complex. It uses sheer brute force. Specifically, it exploits two oversights in online payment platforms. On the one hand, these platforms do not detect multiple erroneous payment requests when coming from different websites. On the other hand, they allow up to twenty erroneous payments for each credit card on each page. And as if that wasn’t enough, the payment system doesn’t refresh to request different information from the buyer after each failed attempt.

Thus, the attacker needs only a credit card number to start randomly guessing the CVV (Card Verification Value) and expiration date until it arrives at the right combination through brute force. Investigators tested this kind of attack on the 400 most popular e-commerce websites. They demonstrated that if we trust a credit card’s security as the sole safety measure, theft becomes a real possibility.

Platforms which use the Verified by Visa system or even payments with Mastercard actually escape these vulnerabilities. This shows that online credit card security by itself may, paradoxically, pose a serious risk.

The post An Oversight in Online Payments Allows Cards to be Hacked in Seconds appeared first on Panda Security Mediacenter.