Category Archives: Antivirus Vendors

Antivirus Vendors

Panda Security

Spotify under fire: Are we entering a new era of malvertising?

pandasecurity-antivirus-spotify

Tips to protect your personal data on online music streaming platforms like Spotify

Malvertising – yet another offspring of the online advertising, has been around since 2008. However, in 2016 we’ve been observing more and more creative ways of hackers trying to compromise your system by injecting malicious or malware-laden advertisements.
They are getting so creative that infected adverts are no longer a threat that comes only from questionable torrent websites.

There are reported cases of malicious codes being able to sneak up into your devices from reputable online advertising networks and webpages. A few days ago even Google acknowledged a fault in their Chrome browser – as reported by Ars Technica, over a two-month span starting in August 2016, a malicious advertising campaign downloaded the Banker.AndroidOS.Svpeng banking trojan on about 318,000 android devices. Even though the malicious installation files were not automatically executed, they have been named names such last-browser-update.apk and WhatsApp.apk – file names that could have been easily mistaken for legitimate ones.

Spotify was recently under fire too – multiple sources such as Engaged confirmed some listeners got not just free music but malicious code too. Some of the confirmed cases state files didn’t even have to be executed in order to cause damage. All three major platforms have been targeted – Linux, Mac and Windows. It is not yet confirmed if the code has been able to affect all three platforms.

How is this happening?

It’s not yet that hard to get unnoticed. All reputable advertising networks have strict guidelines for organizations interested on working with them. However, even though advertisers pass rigorous checks, in some cases advertisers can modify the ads after they have been approved. This is particularly easy when the ads are hosted on their own servers. Therefore, seeing a malicious ad should not surprise you and you will have to be prepared.

How do we stop it?

There is a simple way to not be a victim – remain vigilant. Hackers are after your credit card information, social security number, address and personal information. Just don’t share this information with them! Phishing tactics are getting more and more advanced and you need to stay on top of your game – here’s how;

  • Don’t be afraid to install antivirus software on your device. You don’t drive your car without a car insurance, do you? Why would you leave your cell phone, PC and/or Mac vulnerable to threads without any type of backup? The best way to know if you are being targeted is to have the software that would sound the alarm if there is any suspicious behaviour around your connected devices. Panda’s Internet Security is a must and it comes with 1 month free trial.
  • Remain vigilant – even if you are protected, phishing emails could be so well done and could take you to spoof sites that may look as good as the original ones. Always check the URL you are on and make sure you double and triple check the page location if you are being asked to provide your login details or to reset a password. You may be in the wrong place!
  • Don’t use the same password over and over again – as we reported, millions of passwords have been stolen over the last years that it is very likely your username and password are in someone’s database already. Using the same password is similar to not changing the lock after purchasing a condo, you literally don’t know who else already has a key. Don’t test it, better be safe than sorry!

The post Spotify under fire: Are we entering a new era of malvertising? appeared first on Panda Security Mediacenter.

Panda Security

Companies don’t take proper care of the data they store in the cloud

cloud panda security

That hard disks, pen drives and other physical storage devices are an attractive target for cyber-criminals wanting to steal confidential information from enterprises is something that company managers are well aware of. And, in fact, they try to educate their employees about the need to use those tools properly.

However, the now-popular digital cloud, used by businesses to store increasing amounts of sensitive information, must also be taken into consideration when designing a company’s cyber-security strategy. Moving to the cloud has powerful benefits – cost savings, easy access to files from anywhere, convenience, etc.- yet it also poses some risks that must be identified and controlled.

According to a recent study published by the prestigious Ponemon Institute, the majority of businesses have not or do not know if they inspect their cloud services for malware.

The majority of businesses have not inspected their cloud services for malware.

According to the study, while 49 percent of business applications are now stored in the cloud, fewer than half of them are known, officially sanctioned or approved by the IT Department.

While respondents understand the risk of data breaches, nearly a quarter could not determine if they had been breached, and nearly a third couldn’t determine what types of data were lost in the breach(es). Neither do they know how the breach(es) occurred.

This and similar studies seem to indicate that enterprises rely too much in the security measures adopted by cloud service providers themselves and that, all too often, companies leave the protection of their most valuable secrets and assets almost exclusively in the hands of third parties such as Amazon or Slack.

To resolve this situation, CISPE, a coalition of cloud service providers operating in Europe, has published the sector’s first code of conduct aimed at ensuring data security and confidentiality. Compliant cloud infrastructure providers will be able to identify themselves with a ‘Trust Mark’ that will provide additional security assurance for customers, especially corporate ones.

Nevertheless, despite the measures taken by these Internet giants to ensure the integrity of the information stored on their servers, companies and their employees cannot ignore their own responsibility to keep corporate data and documents secure. Just as they take good care of their hard drives and pen drives, they should also take care of the cloud to prevent their data from ending up in the wrong hands.

The post Companies don’t take proper care of the data they store in the cloud appeared first on Panda Security Mediacenter.

Avast

A new era for politics and information security

USelection.jpg

Tuesday’s election defied virtually all expert opinion confidently put forth on traditional media channels. As many pundits have since accurately, albeit belatedly, noted, the outcome was a complete rejection of the country’s political establishment. More than that, it was a repudiation of the centralized, elite-driven information network that wrongly believed it still held a monopoly on public opinion. The result of this year’s presidential election is a stark indicator that the dominance of newspapers and cable television has passed, and that the new barometer of the public mood is social media—which Donald Trump understood better than any of the analysts and commentators who predicted his defeat.

Panda Security

Searching for celebrity news on Google can be dangerous for your computer

celebrites-malware-panda-security

Something as apparently inoffensive as employees keeping up with the lives of ‘celebs’ on the Internet could be far more dangerous than you think for your company’s IT systems. Whether you like it or not, some employees take advantage of dead time (and not-so-dead time) to look for all the latest gossip and news on the Web.

There may not be anything too risky about reading reputable newspapers online to see the latest news or check out your team’s results (although there have been cases of malware-laden ads in online newspapers). However, gossip columns and other celebrity stories have become a serious threat for the security of computers and mobile devices.

Cyber-criminals are well aware of the interest generated by the lives of the stars, which is why they have come up with specific strategies to bait users into downloading malicious programs on their computers when they access this content.

Cyber-criminals are well-aware of the interest generated by the lives of the stars.

The first step that the average user takes when looking for information about celebs is to ask Google. Yet some searches are more risky than others. Some famous people and related events offer more potential for attackers, as was the case recently with Brad Pitt and Angelina Jolie after their separation became public.

New film or music releases are also a popular weapon for criminals whose aim is to infect users’ computers and devices looking for passwords and other confidential information. Whenever a new story breaks, searches related to those involved increase dramatically and it becomes easier to infect users with malware hidden on malicious websites with related stories.

New film or music releases are also a popular weapon for criminals.

In order to minimize the threat, apart from having an efficient policy for controlling the way your employees use your company’s devices, the most effective measure is awareness. Firstly, your company’s workers should learn to distinguish between trusted pages and those that could potentially be used by criminals to infiltrate your systems. They should also avoid any links to illegal downloads, whether direct or via ‘torrent’ (highly in demand when a new film or song is released).

Of course, you can get an additional guarantee of protection against malware that exploits users’ fascination with celebrity news by having a security solution to protect all your devices, such as Panda Security’s corporate solutions.

The post Searching for celebrity news on Google can be dangerous for your computer appeared first on Panda Security Mediacenter.