Category Archives: Antivirus Vendors

Antivirus Vendors

AVG

Should businesses worry about wearables?

In the last few years, businesses have been tackling a new set of privacy and security issues thanks to the Bring Your Own Device (BYOD) trend where employees are increasingly using their personal devices for business use.

But what about the new device trend; wearables? How will wearable devices in the workplace affect a business? Will Wear Your Own Device (WOYD) be an issue?

Forrester, among other analysts, is predicting that 2015 will be the “year of the wearable.” IdTechEx predicts growth from $14 billion in 2014 to over $70 billion in 2024.  But the market is just ramping up, and experts are predicting it to be huge, and ubiquitous –while feeding into the larger Internet of Things.

Part of the enthusiasm being generated for wearables is attributed to the much-heralded release of the Apple Watch. And part of it is that these devices are becoming mainstream. This has been brought to the forefront by developments with Google Glass.

Google Glass

Image courtesy of Sensory Motor

 

Early issues surrounding Google Glass go to the very heart of the wearable debate: there are real concerns that the person talking to you and wearing the Glass could be recording everything.  Taken into the workplace, Glass could be used to look at valuable corporate information or record a private conference meeting. Not to mention the company workout room and locker room!

My husband Bob, who was an early Samsung X watch adopter, likes to amuse dinner guests with demos of how he can video them with his watch without them having a clue… While his and the first “smart watches” were clunky, increasingly they are being designed to be smaller, cooler, and…well, look like any other watch.

Google and Apple are just two examples of the first wave of wearable tech; there’s also the Moto 360, Samsung Gear, and start-up players like Pebble with plenty more in development.  In the next wave, experts envision devices being woven into clothing, placed in jewelry and bracelets, available as a skin patch, and other weird and wonderful ideas.

Image courtesy of Independent

 

Privacy issues aside, there’s security to consider as well. Wearables run on software and software can be vulnerable to attack.  In the case of Glass, you could foresee an attack that grants the hacker with a view of everything you’re seeing. Scary, right? For these and other reasons, some government agencies and other high-security-risk workplaces have banned Glass.

Of course, everyone can see if you’re wearing Google Glass.  But as wearable devices get harder to spot, privacy risks go up. So as an employer, manager, enterprise expert, or small business owner, what can you do to maintain security and safety? Banning WYOD all together doesn’t appear to be a sensible option, and as a matter of fact may put your business at a disadvantage.

So, it’s a good idea to start putting policies in place. If you develop a good BYOD policy you’ll be in good shape for WYOD.

Here are a few areas to consider in expanding your BYOD policy for WYOD:

  • The types and acceptable use of personal devices by employees — whether wearable or not
  • How these personal devices will be monitored while in the office
  • Stipulation for use of company-owned BYOD/WYOD devices outside the office
  • Enhanced/expanded social media policy to include BYOD/WYOD
  • Details on penalties for violating the device policy

 

For more help creating a device policy for your business, check out our Small Business Digital Policy eBook.

 

I certainly don’t want to be all gloom and doom about wearable devices. I believe they can do great things in the workplace.  For example, Boston’s Beth Israel Deaconess Medical Center has developed a custom retrieval system for Google Glass, which allows an ER doctor to look up specific information about patients by using Google Glass to scan a Quick response (QR) code on the wall of each room.

Salesforce this summer announced the Salesforce Wear Developer Kit, a set of resources designed to help developers build apps that integrate with Salesforce service for such wearable devices as smart watches, smart glasses, smart armbands and biometric authenticators. Clearly we’re at the cusp of a WYOD evolution (I hesitate to call it a revolution).

It’s only natural that wearables are bleeding into the workplace.
And like any new technology in the workplace, it’s all about preparing for it and using it in the right way.

Title image courtesy of edudemic

Panda Security

The five top WhatsApp stories of 2014

whatsapp-news

WhatsApp is undoubtedly one of the most popular apps, with few users yet to install it on their smartphones. It is now one of the most widely used types of communications worldwide.

This has inevitably led to a continuous stream of news stories in 2014 about WhatsApp, and in particular, about scams that exploit the app or the new features introduced to the app.

The five top WhatsApps stories of 2014

1. Facebook buys WhatsApp

Breaking News: Facebook buys WhatsApp. US $19,000 was the incredible amount that changed hands.

However, when the news broke, users’ main concern was how this would affect them. Would user privacy be compromised?

In the end these were just rumors, as so far nothing much has changed.

2. Reading contacts’ chats

The ability to read the chats of your WhatsApp contacts. This was the tempting offer made by a group of cyber-criminals to entice users into their trap.

In this case, it was supposedly an application that would allow you to read your contacts’ messages. In reality however, when you installed it on your device, you would be subscribed to a premium-rate SMS service.

3. WhatsApp reaches 600 million users

In August this year, WhatsApp reached 600 million active users around the world.

This was announced by the CEO and co-founder of the app who was keen to underline that these were active users (those that had used WhatsApp at least once in the previous month), and not just registered users.

This most popular messaging app is also, however, the most popular target for cyber-criminals.

4. WhatsApp Gold, special scam version

One example of the above are the scams that end up subscribing users to premium-rate SMS services. In this case, what they were offering was the ‘Oro’ (Gold) version of WhatsApp with a special design and emoticons.

This app was promoted by cyber-criminals on Twitter. Once again, this was just another lie to scam users, as we reported back in October.

5. Blue Double Check

And the year has ended more or less as it started. With news that was as much welcomed as it was feared. Confirmation that your message has been read now comes in the form of blue check marks.

WhatsApp users were quick to react and the developers were forced to think again. They have now announced that future versions will include the option to remove this feature. No doubt this is good news for many users.

Who would argue that WhatsApp will continue to be an endless source of news in 2015? We’ll be waiting!

The post The five top WhatsApp stories of 2014 appeared first on MediaCenter Panda Security.

AVG

Four trends that will change mobile in 2015

In fact in the US mobile web traffic exceeded desktop web traffic for the first time. Mobile is fast becoming the most convenient and cost effective to way get online but what does the future hold for our smartphones?

Here are my predictions on how our mobile worlds will continue to evolve in 2015.

 

Apps will become the primary target for hackers

While the first generation of mobile threats was primarily using vectors and methods seen in the PC world, we are beginning to see new threats specifically designed to exploit mobile devices. The threats is not just malicious apps, but also regular apps that are vulnerable to attacks.

Until now, the centralized software distribution model seen with the AppStore and Google Play has helped protect our devices from malware. This concept came as a lesson we all learned from the PC, where software distribution is not controlled and so malware is common. Apps on official stores are less likely to be malicious, but it doesn’t mean they are not vulnerable to attacks.

Hackers love to find vulnerabilities. Almost every software program has vulnerabilities that are waiting to be discovered and mobile apps are not an exception. As official app stores make it difficult for hackers to directly upload malicious apps, they have instead begun hunting for vulnerable apps to attack.

Vulnerable Apps are not always removed from the App stores and as many have been left unmaintained by developers, creating an opportunity for hackers to exploit them.

 

New threats will emerge

As a result I expect to see a rise in the discovery of mobile app vulnerabilities during 2015. Here are a few examples:

  • Voice activation – Voice activated software is a standard feature on smartphones and are also appearing in smart TVs and other Internet-connected devices. However many of the implementations are vulnerable to voice activation attacks. This is because it does not authenticate the source of the voice – it could be you speaking, or equally it could be a synthesized voice coming out of an app – yes, even a game can play a sound an send an email to your contacts on your behalf.

Video

How Apps Could Hijack Google Now

 

  • Mobile browsers – For the average user, browsers on mobile are very difficult to operate. Small screens mean you see only a fraction of the URL, making it easy disguise a malicious URL. Drive-by infections, which are well known to PC users, will soon come to mobile users as well. Not surprising, mobile browsers are also vulnerable to JavaScript exploits that can be triggered by a hacker remotely. That could mean streaming video to or from a device, even if it is locked.
  • Radio-based threats (Wi-Fi, Bluetooth, NFC) – mobile devices are constantly broadcasting over radio frequencies in order to connect and transfer data. Rough access points and over-the-air sniffers can capture transmitted data, reply with malicious content or even modify the values in the data over-the-air.
  • Masque Attacks and malicious Profiles – as mobile users have less visibility on the files being downloaded on the device, like the running processes and settings, hackers will continue to use these limitations to mislead the user to download and install malicious files to their devices from outside the Appstore. However apps on app store are also vulnerable and I predict the number of malware detections from recognized app stores to increase in 2015.

 

Data will become more valuable and more threatened

Mobile devices are much more personal than our PCs ever could be. The data on them is much more intimate and is a much more rewarding target for hackers. In 2015, I expect data, especially that held on our mobile devices, to come under much greater scrutiny.

In particular, I foresee three threats to our data in the coming year:

  • Physical tracking – criminals or law enforcement can use location data stored on your phone to identify important places (such as home or place of work), analyze behavior such as a daily route or absence from home.
  • Data stealing – in mobile, everything is broadcast through the air, that means data is vulnerable to being intercepted as it travels. Credentials, financials, transactions or payments can all be captured and recorded by 3rd
  • Commercial tracking – mainly done by retailers to better understand the behavior of their visitors. Think online analytics but for the physical world.

 

Payments will also go mobile

The public’s positive reception of Apple Pay heralded a new phase of consumer payment methodology. Although Apple is not the first to introduce mobile payment, their offering came at a good time and the implementation seems to be practical and secure.

As mobile payments are a new experience for consumers, I expect to see social engineering attacks where hackers will try to confuse and mislead in order to steal credentials and personal data. This is expected to be the first phase of attacks. Once consumers are more familiar with the technology, attacks on vulnerable apps and even on the payment services are expected to soar.

Avira

3 Tips for Geeks to Save Their Holidays

If you’re a geek, like most people, you’ll probably visit your family for Christmas.
Like most people, you probably want to enjoy nice holidays with relatives and friends.
Unlike most people, you’ll probably have to face (many) tricky infosec-related questions during this period. So here are a few tips for geeks on that topic.

Heartbleed

  1. you want to unlock your phone, so you concentrate, and think about your PIN
  2. someone near you shouts “tell me what you think, chicken”
  3. you answer honestly (because you’re vulnerable to this particular word, like Marty McFly)
  4. you just leaked your secret PIN :(

To be exact, Hearbleed is not about a PIN, it’s about encryption key, but they both grant access if you know them.

It’s not about a phone, it’s about a widely used security library called OpenSSL – and in particular the “Heartbeat” extension of OpenSSL (hence the name Heartbleed)
It’s a bit more complicated than just shouting ‘chicken’, but it’s not too complicated either :(

And like Heartbleed, it’s about ‘attacking’ at the right moment: you’ll just get whatever is in the target’s mind at the moment of the attack: “buy bread & milk”, or what’s on TV tonight… or an access PIN.

Goto fail

Here is a dialog between you and your grandma:

  • You: “Grandma, you’ll guard that door. Follow exactly the instructions I’ll tell you now.”
  • Grandma: “OK”
  • Y: “The door should be closed”
  • G: “OK”
  • Y: “if it’s grandpa, leave the door open”
  • G: “OK”

But then, your child comes behind you, and just repeats the last part of your sentence, imitating your voice.

  • child: “leave the door open”
  • G: “OK”

Now the door is permanently open. Just because a statement was accidentally repeated, out of its original context.

Consequences

This is as simple as that: since a conditional piece of code was executed in all cases because of a mistake, one of the security doors of Apple’s operating system was always open: if you knew which door to go to, you could bypass the whole security and enter without any problem.

Shellshock

Your grandpa speaks an old forgotten dialect.
You only know one sentence in this language.
Because you learned it so long ago that you can’t clearly remember, you just think it’s a common greeting.
But it actually means “do this now”.
And your grandpa – a fragile person due to his age – would actually blindly do anything you ask him.
So far, no one noticed because no one gave an order to your grandpa in his dialect.

Yet he was vulnerable all the time (or at least, for the past 25 years). He’d just do anything if asked the right way.
Sadly, it turned out that a lot of people would actually also do the same.
It wasn’t a mistake, just some old dialect that very few people consciously understood.

Conclusion

Of course, there were much more than 3 major events this year, but that might be enough to convince your audience, and save your holidays :)

I hope this will help to face your relatives & friends’ questions without boring them.

May you enjoy nice holidays – Merry Christmas / happy solstice!

The post 3 Tips for Geeks to Save Their Holidays appeared first on Avira Blog.