Small and medium-sized businesses (SMBs) are the biggest targets of cybercriminals, and they often don’t have the necessary budgets, people, processes, and products to protect themselves. Because of this, SMBs are increasingly turning their cybersecurity protection over to managed service providers (MSPs).
Category Archives: Antivirus Vendors
Antivirus Vendors
New Security Measure in the US and UK: Tablets Banned on Some Flights
Laptops, handheld video games, cameras, tablets… unless it has some sort of medical use, all electronic devices bigger than a smartphone will be banned from the cabin of all flights originating in North Africa and the Middle East and bound for the US or UK.
The Trump administration announced the drastic measure, which will affect ten airports in Jordan, Egypt, Saudi Arabia, Kuwait, Morocco, Qatar, Turkey, and the United Arab Emirates.
According to the department of Homeland Security, terrorist organizations “continue to target commercial aviation and are aggressively pursuing innovative methods to undertake their attacks, to include smuggling explosive devices in various consumer items.”
The UK has adopted a similar ban against laptops and tablets. In this case, the measurements are specified and can only travel in checked luggage. The ban is effective for six countries in order to “maintain the safety of British nationals.” Recently, a bomb exploded on a Daallo Airlines flight that may have been hidden on a laptop, forcing the plane to make an emergency landing in Mogadishu.
Fear of Explosions… and Cyberattacks?
Even though the TSA (Transport Security Administration) hasn’t gone into detail about the ban, Kip Hawley, ex-director of the organization, defended the decision. According to Hawley, an explosive charge could be installed in a smartphone as well, but would be limited by size and insufficient to pose any major threat.
At the same time, a bomb in the cargo bay would be ineffective, since not only is it surrounded by suitcases that would stifle the blast, but is also itself highly reinforced.
Oddly enough, the decision arrived not long after the Federal Aviation Administration announced that lithium batteries presented the risk of catching fire while in storage under the plane. Some experts have criticized the new measures. Nicholas Weaver, researcher at the International Computer Science Institute, has taken the opposing stance that a bomb “would work just as well in the cargo hold.”
Weaver also points out that if hacking is the main concern, “a cellphone is a computer.” After the Germanwings accident, which took the lives of 150 people, some questioned whether a cybercriminal could be responsible. As of now, however, the threat of a cyberattack is still hypothetical. Indeed, it has only been demonstrated that control can be taken of navigation systems in a simulation environment.
Recently, a Spanish researcher discovered vulnerabilities in planes’ in-flight entertainment systems. The most damage he could do, however, was to turn on and off the lights, broadcast messages over the PA, or steal card numbers from passengers making in-flight purchases.
For the time being, it seems the fears of the US and UK are not based on a potential cyberattack, but rather on the stated concern about hidden explosives. As can be expected from sensitive policy decisions, however, neither London nor Washington are offering much in the way of details.
The post New Security Measure in the US and UK: Tablets Banned on Some Flights appeared first on Panda Security Mediacenter.
The hunt for the dawn of APTs: a 20 year-old attack that remains relevant
Kaspersky Lab and Kings College London researchers announced today that they found a link between a modern threat actor and the Moonlight Maze attacks through samples, logs and artefacts belonging to the ancient APT, which targeted the Pentagon, NASA and more in the late 1990s.
The right to privacy in the digital era
ESET’s Miguel Ángel Mendoza discusses the right to privacy in the digital era, which is an increasingly important issue.
The post The right to privacy in the digital era appeared first on WeLiveSecurity
Chasing Lazarus: A Hunt for the Infamous Hackers to Prevent Large Bank Robberies
Kaspersky Lab published today the results of its more-than-year-long investigation into the activity of Lazarus, a notorious hacking group allegedly responsible for the theft of $81 million USD from the Central Bank of Bangladesh in 2016.
Kaspersky Lab Introduces New Partner Program to Drive Business Growth for Managed Security Services Providers
Kaspersky Lab Awarded MSPWorld Cup for “Best MSP Solution” at MSPWorld 2017 Conference & Expo
Why we (still) need World Backup Day
More than 40 years after the invention of the personal computer, it is astounding that we still need World Backup Day. This year’s event, which takes place on March 31st, the day before April Fool’s Day, ‘is a day for people to learn about the increasing role of data in our lives and the importance of regular backups.’ Here’s the key takeaway: You need to regularly back up your data because the chances of losing some or all of that data are high, and getting higher.
Backup your (digital) life
In the digital age, data backup is essential. Find out how you can protect yourself ahead of World Backup Day, which falls on April Fool’s Day.
The post Backup your (digital) life appeared first on WeLiveSecurity
How safe are VPNs?
It’s a tough economy out there. Things are looking up, alright. But for some low-life criminals like Joe Crook, ANY work will always be too much work anyway. So what do people like Joe Crook do? They scheme. They’re on the lookout for the latest scam so that they can defraud you of your hard-earnt cash.
How does a vpn work?
Take VPN technology for example. For IT knowledgeable evil-doers, it’s as good a target as anything there is. The technology has been around for decades of course. In the beginning, it was meant for big businesses – and most probably it was never intended for the many purposes that it serves today (nope, it was not created with Netflix in mind!)
The original idea behind this technology was to create a private connection between multiple people and devices across the Internet. In other words, it was the Internet within an Internet: a secure, private and encrypted network keeping hackers, ransomware, prying eyes and anybody that was after your personal data.
In a way, VPN offered a perfect solution to those sharing sensitive data or looking to evade government censorship. VPNs typically allowed only authenticated remote access via tunneling protocols and other encryption techniques to prevent disclosure of private information. In short, no one knew where you surfed, what content you saw, nor where you were even surfing from. Your connection was fully encrypted!
VPN’s risks
But, sensing an opportunity, the Joe Crooks of this world came to realize people like Average Joe might have grown complacent in their use of VPN. For instance, millions connect to public Wi-Fi hotspots without thinking twice about the potential consequences. Fraudsters came to understand the technology’s possible weaknesses. And with over 280 million Internet users in the US alone, roughly 80% of which are using the web every single day, let’s just say there is plenty of fish to go after.
It’s not just traditional VPN that can be targeted
Research conducted just last year revealed that nine in 10 SSL VPNs were using insecure or outdated encryption. The large-scale study randomly scanned over 10,000 live and publicly-accessible SSL VPN servers (SSL refers to Secure Sockets Layer – it’s a form of VPN that can be used with a standard web browser).
Users’privacy
Although VPNs are meant to protect users’ privacy by setting up an encrypted tunnel between the device being used and the VPN provider’s servers, vulnerabilities are known to exist. Hackers like Joe Crook are keen to steal your data mid-transit and unfortunately are getting better at it.
So what more should you do to protect your privacy online?
When making payments online, are you unwillingly allowing hoodlums to help themselves to your credit card details? One thing for sure, our devices are getting more and more connected every day. Having access to a VPN should form part of your set of digital tools – though it isn’t a foolproof sort of firewall by any stretch of the imagination.
And for the highest level of protection look nowhere else but to Panda Security. We have developed a cyber-security platform designed to eradicate threats. Security systems are activated before threats are executed, and advanced protection for endpoints and servers helps destroy the malware before it’s too late. Now, that’s what we call protection!
We’d like to ask you about the VPNs, do you have 2 minutes ?
The post How safe are VPNs? appeared first on Panda Security Mediacenter.
Panda Security’s GDPR Preparation Guide Helps Ease the Transition to the New Regulation
There’s a new challenge that lies ahead for businesses that have operations within the European Union. The new General Data Protection Regulation came into effect on 25 May, 2016, and will begin to be enforced 25 May, 2018.
With the focus on protecting the fundamental rights and freedoms of natural persons and their right to the protection of personal data, the regulation establishes obligations and advantages both for private entities and public administrations.
Panda Security’s “Preparation Guide to the New European General Data Protection Regulation” introduces the new legislation to businesses before its application in 2018. Disregarding the application of the GDPR could lead to costly administration fines of up to 20,000,000 euros.
Panda’s objective is to address the need to adapt data security practices and thereby give its clients a competitive advantage.
How will the GDPR affect businesses?
One of the main points of the white paper is that taking action only when an infringement has already occurred is insufficient as a strategy, since such a failure can cause irreversible damage to interested parties and can be very difficult to compensate.
Here are some sanctions and other potential problems stemming from non-compliance with the GDPR:
- Direct or indirect economic repercussions. These could result from security incidents coming from outside the company or from a company’s own employees and collaborators.
- PR damages. Damages to your reputation could result from security incidents not properly being reported to the public.
- The loss of current or potential clients may occur when the company is unable to demonstrate that it is in compliance with the regulation.
- The risk of data-processing limits or bans imposed by data protection audits, which could affect the normal functioning of a company.
- The possible suspension of your service for your clients, which could induce them to leave your service or even take legal action.
- Reparations that interested parties will have the right to claim in case of infringement.
- Costly administration fines that could reach up to 20,000,000€ or 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.
Panda Security, a partner in compliance with the new law
For organizations dealing with data, prevention is the core element of the regulation. We underscore the importance of working with vision and anticipation as a competitive advantage in business strategy.
Businesses that have put their trust in Adaptive Defense are already well on their way to complying with the GDPR. It offers:
- Prevention: Adaptive Defense features an internal audit system to verify the security status of the IT infrastructure at any given time, even before the solution is deployed. In the implementation of the action plan for compliance with the GDPR, it proves to be an invaluable tool.
- Protection of personal data processed on a business’s systems, stopping, for example, any untrusted process from running.
- Risk reduction, key activity indicators, and endpoint status, which helps to establish security protocols.
- Tools to satisfy the requirement to notify authorities of security incidents within the first 72 hours after a breach·
- Control mechanisms and data management for the DPO, who will be notified in real time not only of security incidents, but also whether or not these incidents involve compromised personal data files.
The post Panda Security’s GDPR Preparation Guide Helps Ease the Transition to the New Regulation appeared first on Panda Security Mediacenter.