Category Archives: Antivirus Vendors

Antivirus Vendors

AVG

Six security lessons for small business from 2016

Historians will look back at 2016 as the year that cybersecurity moved from being an important issue to a critical one on both sides of the Atlantic. In the United States, the two main presidential candidates traded insults over email security and claims that Russian hackers were trying to influence the election’s outcome by leaking stolen data.

Democrat candidate Hillary Clinton was under fire for allegedly using a private email server for classified documents while working as Secretary of State. Republican candidate Donald Trump was accused of encouraging foreign powers to hack his rival and publish whatever incriminating or embarrassing information they could find. But both candidates agreed that cyber security was a vital issue of national security.

In Britain, the Chancellor of the Exchequer, Philip Hammond, unveiled a new £1.9billion cybersecurity strategy to ensure the country could “retaliate in kind” against any digital attacks on national infrastructure like the electricity grid or air traffic control systems. But behind the politics, what were the real security lessons of 2016?

  1. The Internet of Things is vulnerable

An attack on Dyn, one of the companies behind the infrastructure of the internet, in early October revealed how the new generation of connected devices has created fresh opportunities for hackers. Major websites – including Netflix, Twitter, Spotify and Amazon – all came under attack. Security analysts revealed that compromised Internet of Things (IoT) devices such as digital cameras and video recorders had been the entry point for hackers. A basic security vulnerability with these devices – factory-default security settings – had allowed hackers to disrupt the internet infrastructure.

The message for manufacturers, consumers and businesses was self-evident: The Internet of Things needs an urgent security upgrade.

  1. Rise and rise of ransomware

You can trace the early origins of ransomware to the days of pop-up bogus “official messages” warning that your computer has been infected, or that you’d been caught doing something illegal. Today, the tactic has evolved into attempts to lock businesses out of their own network, critical files or services until money is handed over. What has made 2016 different is a step-change in the scale of the problem.

The analyst firm Gartner reported $209 million was extracted through ransomware attacks in the first three months of 2016, compared to $24 million that was extracted from US businesses in 2015. Businesses, hospitals and universities have all been targets and an increasing number of victims are paying up to regain control of their network or vital files. A recent survey also revealed that 1 in 3 businesses were clueless about ransomware: either not knowing what it was at all, or misunderstanding what it was.

The lesson for business is clear: understand what it is and its possible impact on your business, and have a plan in place that outlines what to do if a ransomware attack happens.

  1. Rise of encryption

One of the tech stories of the year was the clash between Apple and the FBI over access to data in the iPhone of one of the San Bernardino bombers. The public debate about privacy and security that followed saw the instant messenger (IM) service WhatsApp decide to add end-to-end encryption to users’ messages.

In theory, the move meant that no-one apart from the sender and intended recipient can read messages – not even WhatsApp itself. The move put pressure on other IMs, email services and social channels to reassure users that messages were snoop-proof and encrypted. The need to use encryption to secure your data has never been stronger. Cybercriminals are becoming more sophisticated and as they do so we need to step up and take proactive steps to stay ahead of them.

There was a two-fold lesson for businesses: firstly, to understand how data was being shared inside and outside their organization; secondly, to consider encrypting the most sensitive files.

  1. Reinvention of the log-in

The password isn’t quite dead yet, but 2016 saw a broad effort to push users towards more secure log-in procedures. Both Google and Apple rolled-out improvements to multi-factor verification and authorization –using multiple devices or security steps to approve a key action or transaction.

A growing number of banks and financial institutions began testing biometric verification – fingerprint and voice recognition – seeing it as an important way to reduce fraud. The lesson of the year was that the days of logging in with just a username and password are coming into an end.

Businesses need to think of how they can create and encourage employees and customers to use more secure pathways to access account, order or profile information.

  1. The threat from inside

Reports about cybersecurity tend to be dominated by headlines about hackers, whether individuals, criminal gangs or countries testing other nations’ cyber defences. Looking back at some of the biggest security breaches of 2016 you’ll find a common factor: the loss of data involved someone from inside the business.

In some cases, the leak started with the loss or theft of a company laptop, memory stick or mobile phone. In others, employees shared data they shouldn’t have, either accidentally or by deliberately trying to sell confidential information. According to the Ponemon Institute, the cost to businesses of clearing up data leaks is going up year after year.

The lesson for businesses is to ensure that staff understand security risks, have regular training, and that procedures are in place to cut the chance of confidential data leaking out. Restricting access to only those employees that need it also helps businesses reduce the risk of loss of data and reputation.

  1. No-one is immune

2016 was the year that saw millions of user account details stolen from some of the best-known tech brands – Yahoo!, LinkedIn, Twitter – go up for sale on the Dark Web. It was also the year that the presidential campaign put the spotlight on government security – with a stream of leaked data and questions about unsecure email servers allegedly being used for classified information.

But don’t be fooled into thinking that big brands or big targets are the only game in town. Research by the Federation of Small Businesses in the UK in 2016 found that two out of three small firms had been victims of cybercrime in the previous two years. According to the FSB, the financial costs suffered by small firms from an attack are “disproportionately bigger” than larger firms.

One of the biggest lessons to take from the year is that no business is immune from cyber threats – and the risk to business survival is higher the smaller the company is.

Senior Security Evangelist, Tony Anscombe of AVG Business said: “Cybersecurity has had a high political and media profile this year, thanks to the US presidential elections. But businesses shouldn’t make the mistake of thinking that the issue is all about nations waging digital warfare or politicians being hacked. The key lessons of the year are about the rise in ransomware, and the new attack vectors that are being created for hackers by the increasing number of connected devices, often with poor built-in security. Business owners need to be thinking harder than ever about internal security, training and procedures, the tools and tech they are bringing in to their organisation, as well as the security they deploy across their network.”

Panda Security

Where the leading apps keep your company’s data

panda-security-data

The current digital economy revolves around data. Giving up our data is the price we pay for signing up for free internet services, as the companies who provide these services use this personal information in order to fine-tune ads paid for by their true clients: advertisers.

Data is the Internet’s oil. Unlike this limited fossil fuel, however, data is increased in quantity every day. In 2013, it was reported that 90% of the world’s data had been generated in the two previous years, in other words, between 2011 and 2012. The trend has not shifted since then. The companies and countries who control the world’s data reserves will have, as with petroleum, a highly valuable resource on their hands.

90% of all the data in the world in the year 2013 was generated between 2011 and 2012

So, where is the majority of the digital era’s black gold stored? For now, the winner is, by far, the United States. 63.5% of services analyzed by Jorge Morell, expert in the terms and conditions of these kinds of companies, store their data in the US.

A far cry from that figure, weighing in at 1.9%, it appears that Europe has not jumped on the bandwagon of Big Data, so for now it looks like the American domination of the digital market is here for the long haul.

For a more detailed look, 58% of the most visited websites in a country like Spain, the subject of Morell’s research, do not reveal where they store their users’ personal information. As of now, they are not obligated to do so, so many of them make no mention of it in their terms and conditions.

Among those who are transparent in this regard, the clear winner is, again, the United States (36% of all analyzed services), although it is rarely cited as the only one. The ambiguous “and other countries” is thrown into the report haphazardly, as well as the tags Canada, China, or the vague “Outside of the European Economic Area (EEA)”.

When data crosses the pond, companies are legally bound by the Safe Harbor or Privacy Shield agreements to declare where it is stored, hence the fact that national companies are more likely to keep this information a secret.

However, all websites that until now have been silent will soon be required to declare openly the country in which their users’ personal information is stored. The new General Regulation of Personal Data Protection, with which all countries in the EU will have to be in accordance starting in May 2018, will make it compulsory that companies who maintain operations in Europe reveal the whereabouts of their personal data storage for all users, whether companies or the general public.

Such being the case, we shall soon be able to answer with greater certainty the question, “Where do the leading apps keep your information?” For now, we know beyond the shadow of a doubt that in most cases your personal information ends up in or passes through the United States at some point as it bounces around the net.

The post Where the leading apps keep your company’s data appeared first on Panda Security Mediacenter.

Panda Security

What is a VPN and how it Works?

pandasecurity-vpn

Watch your favorite shows anywhere, and other useful VPN functions

In simple terms, a VPN, or Virtual Private Network, is a connection between a group of discrete networks that exchanges encrypted data between your computer and a distant server.

Sounds like boring technical jargon? Well, VPN’s can actually be used to perform some pretty neat tricks online that you’ll be missing out on if you don’t employ the services of these privacy boosting devices:

Safely access a work or home network from far away

VPN’s are an essential tool for professionals out there who travel and have to access important files from a distance. Individuals can use a VPN to access network resources even if they’re not physically connected to the same LAN (local area network).

Why are they perfect for dealing with important data from afar? Well, a VPN is also an efficient and easy way to maintain your privacy when you’re surfing the web. In fact, many experts recommend the use of a VPN when browsing the Internet on a public Wi-Fi hotspot as they guarantee that all the data you’re sending and receiving is encrypted and inaccessible to hackers.

If anyone tries to pry on your internet activity, all they’ll see is the VPN connection, all other data will remain anonymous.

Avoid censorship and detection online

A controversial function of the VPN for sure, they can be used to bypass government censorship anonymously. Whether you agree or not with censorship online, it’s an undeniable fact that certain websites are blocked for legal reasons, almost every government worldwide blocking certain websites within their country.

Meanwhile, the ability that a VPN gives its user to go undetected online has been highlighted in the news recently as police in Holland confiscated 2 servers from VPN provider Perfect Privacy without releasing a public statement.

The German and French governments also want to controversially force mobile operating systems, by law, to allow them to access encrypted content if they deem it necessary in federal investigations.

Watch your favorite shows online wherever you are

Here’s where the fun begins! Many, many people are using VPN’s merely for entertainment purposes. The reason for this? Companies like Netflix, Youtube and Hulu use geo-blocking mechanisms to make some of their content unavailable outside of certain countries due to legal requirements appertaining to arguably outdated content laws in this age of free information.

In fact some people argue that, though this is only speculation, the content laws being so outdated, recent attempts by companies like Netflix to crack down on VPN usage have only been for show. In other words, the streaming giant wants to keep Hollywood distribution companies, who are responsible for creating a great deal of the content shown on Netflix, happy whilst harboring no real desire for making it harder to access their shows worldwide.

As an example of the numbers, in the US, Netflix offers the full experience of roughly 7000 shows, whereas in the UK slightly more than 4000 are available. Countries that have only been reached by Netflix recently are far behind.

Netflix though, has recently been trying to crack down on VPN usage, whilst also admitting that it is almost impossible to do so effectively.

The company’s Chief Product officer recently said that “since the goal of the proxy guys is to hide the source, it’s not obvious how to stop VPN Users. It’s likely to always be a cat-and-mouse game.”

Though the streaming company have blocked certain VPN users from accessing the site, providers like Express VPN and Buffered VPN claim to have great success at getting around these measures.

The post What is a VPN and how it Works? appeared first on Panda Security Mediacenter.

AVG

Celebrate Computer Security Day by getting the best AVG protection for all your devices – FREE!

Yup, that’s right. In honor of Computer Security Day, we are partnering with Softonic to give away ten 1-year subscriptions to AVG’s best antivirus protection: AVG Internet Security – Unlimited.

 

With it you can protect all your Windows, Mac, and Android devices for yourself and everyone in your family – no matter how many you have.

Entering to win is simple

  1. Like Softonic’s Facebook page
  2. Leave a comment on this post telling us how you keep your devices safe
  3. Share this picture

Easy, right? You have until 23:59 (GMT) on Wednesday, December 7, 2016, to enter. Once the competition closes, we’ll select 10 winners at random from all qualifying entries and notify them via Facebook direct message, then announce them on Facebook the following week. If you’re one of the lucky winners, go to this page to activate your gift license.

And whether you win or not, here are

3 simple things you can do to stay safe online

  1. Cover your bases. From keeping all your applications up-to-date to deleting sensitive files, all the must-dos are in one place, a checklist we’ve put together for you to use to keep yourself – and your family – safe.
  2. Use strong passwords. Don’t know how? No worries! Here’s a foolproof way to make passwords that are super-simple but super-strong.
  3. Run a strong antivirus. You’ll need more than just a virus detector to stay safe these days – something that really beefs up your PC’s firewall, encrypts and password-protects private files, and updates in real time to keep you safe against even the latest threats.

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/12/screen shot 2016 12 06 at 2.34.58 pm

Good thing AVG Internet Security – Unlimited ticks all those boxes. But even if you don’t win the contest, you can try it for free right now!

 

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/12/screen shot 2016 12 06 at 2.32.03 pm

Full terms and conditions.

AVG

Seven security predictions for small business in 2017

Digital life for businesses started out with dumb screens, keyboards and the days of the mainframe. This gave way to a simple set-up: a few PCs connected to a server with staff tapping away on keyboards at their desks. Then came laptops, mobiles, tablets and the era of computing on the move.

Next, cloud computing took digital storage and services and put them wherever you and your team needed to work. But with each evolutionary step came new security threats. And in 2017 we’ll see an ever-broadening range of connected devices becoming new “attack vectors”.

Hackers will exploit new methods to get into networks and find new ways to cause business disruption.

Here are seven emerging threats to watch out for next year:

  1. Biometric hacks

From Apple’s TouchID fingerprint scanning to banks trialing voice or retinal recognition, biometric security has been growing fast in recent years. The traditional log in to an account via username and password is being replaced by more sophisticated technologies.

But is it any more secure? Hackers and security experts have used photographs to beat biometric checks, including claims last year that a high resolution image of an eye could be used to hack retinal scans. Researchers have shown how high definition video of someone’s face, complete with a couple of blinks, is enough to break in to some devices.

Hackers have even shown that impersonation can crack voice recognition. It can be bypassed simply by grabbing a short recording of someone’s voice, either by making a spam call or stealing a voicemail message, so expect to see more biometric hack stories in 2017.

  1. Connected car hacking

Security researchers made headlines in 2015 when they hacked a driverless Jeep and drove it off the road. Since then trials of driverless cars and autonomous systems – like Tesla’s autopilot mode – have clocked up millions of road miles.

We’re still a few years away from seeing truly autonomous cars for sale on garage forecourts, but the threat of cyber-sabotage was enough to prompt the FBI to warn in 2016 that owners of connected cars would need to ensure software was secure and up-to-date. As more cities and States in the US open up to driverless trials, and more road tests get under way in the UK, there is sure to be more news about car hacking next year.

  1. Internet of Things hacks

A major botnet attack on Dyn, one of the companies behind the infrastructure of the internet, in late 2016 revealed the vulnerability of the Internet of Things. The attack – which caused disruption for major websites like Netflix, Twitter, Spotify and Amazon – started with hackers exploiting factory-default security settings in hacked digital cameras and video recorders. As more and more previously inert, unconnected devices connect to the internet – from fridges, to toys and thermostats – expect news of more Internet of Things-related hacks.

  1. Mobile hacks

2016 will be remembered as the year that mobile web browsing overtook desktop browsing for the first time. Hand in hand with mobile browsing comes mobile malware and an ever-rising tide of malicious software designed specifically to target Apple’s iOS or Google’s Android mobile operating systems.

Through 2016 Google stepped up its efforts to clear malicious apps from the Google Play store, while Apple quickly released security patches for iPhones after the discovery of the “Pegasus” malware package that could read users messages or steal contact information. As mobile usage grows, there’ll be more news than ever of mobile malware.

  1. Virtual reality hacks

Virtual reality headsets generated the biggest tech buzz of 2016. Facebook founder Mark Zuckerberg gave a sneak look at what Oculus Rift has in store in the future; while Google unveiled its new Daydream headset. But as VR grows, expect to hear more about the location and personal data being collected by devices. As more and more apps are developed for VR tech, it would be no surprise to soon hear about the first hacks of VR in-game payment systems.

  1. Contractors under attack

But it’s not just devices that are vulnerable: it’s people. It’s become a fact of digital life that hackers will look for easy routes into their targets. So, if they want to hack a big business … they look at its contractors.These are often smaller businesses with more limited security systems, processes and resources. There’ll be more news in 2017 of major hacks that originate with small businesses in the supply chain – and there’ll be a growing expectation on small firms to step up their security if they want to win big contracts.

  1. Cloud under attack

A list of the “treacherous 12” vulnerabilities of cloud computing was unveiled at a major conference in 2016. These ranged from hacked APIs and broken authentication to denial of service (DoS) attacks.  But the benefits to business of being able to access data wherever they are – and cut the cost of IT infrastructure by using cloud services – make it an attractive proposition that’s unlikely to lose its appeal any time soon.

But as more businesses adopt cloud storage and services, do not be surprised to read more reports of businesses being locked out, hacked or losing data. It’s a story that’s not going to go away.

Tony Anscombe, Senior Security Evangelist, AVG Business suggests what may be in store for the New Year, “Overall, I think the big story of 2017 is going to be about the broadening range of tactics, channels and platforms that hackers try to exploit to steal data and extort money from businesses. The buzz around new tech – particularly IoT devices – needs to be tempered with serious questions about security.”

“Manufacturers are racing to get products to market and security is being left behind… businesses of all shapes and sizes need to be careful about what new tech they adopt and how they use it. They also need to bridge their knowledge gaps, 1 in 3 businesses we recently surveyed were clueless about ransomware for instance. Small businesses, in particular, need to be more aware of how their data and systems can be hacked and exploited

Avast

How to protect your account after the Dailymotion hack

 password-2.jpg

After the massive data breaches of web giants Dropbox, Badoo, MySpace, Tumblr, LinkedIn and Yahoo! in September 2016 (the biggest massive piracy of individual data against a single company never made public), Dailymotion, one of the most visited video platforms in the world has been attacked. The French online video giant remains behind YouTube, bringing in more than 300 million unique visitors per month. More than 85 million accounts are affected by this massive data leak, which still makes it one of the most important attacks of the year.

One of the most important attacks of the year

LeakedSource sounded the alarm this week by acquiring some of the stolen data. According to them, Dailymotion’s database was victim to an intrusion in early October which allowed the hackers to recover the data of more than 85 million users: mainly identifiers, passwords and email addresses.