Category Archives: Panda Security

Panda Security

Charger, the Most Costly Ransomware to Smartphone Users

Ransomware is evolving and becoming increasingly sophisticated, posing a greater threat to companies and private users alike. This malicious software has shown that it can propagate by using the viral mechanisms of a meme, that it can directly attack corporate servers, or even camouflage itself in false resumes. And now it has made its way to other devices, namely, our smartphones.

It is now the main threat to mobile devices, until now considered to be relatively virus-free compared with their PC counterparts. Recently, a new ransomware was discovered that goes by the name of Charger, which copies all the data from your agenda, text messages, etc., and seeks admin permissions from the devices owner. If the unwary user accepts the request, the malicious code begins its attack. A message warns the owner that their device has been blocked and their stolen personal data will be sold on the dark web unless they proceed to pay a ransom.

The Most Costly Ransom

Charger’s victims will have to pay 0.2 bitcoins (at about $1000 a bitcoin, it comes out to a round $200) to, supposedly, unblock their device. It may not be the first ransomware to affect smartphones, but never before has this figure been so high.

Also new is its means of spreading.  Until now, most cyberattacks targeting mobile phones found their gateway in applications downloaded outside official app stores. With Charger it’s different. Charger attacks Android devices through a power saver app that could be downloaded from Google Play, Android’s official app store.

It is vital for employees to be aware of the dangers of downloading apps from unverified sources. They should also know that it’s not such a great idea to store sensitive corporate data on their computers or mobile devices without taking the proper security precautions. Keeping passwords or confidential documents on an unprotected device could end up giving cybercriminals just what they need to access corporate platforms.

We’ve said it before, and we’ll say it again: new attacks like these come about every day and can take anyone by surprise, be they casual users or security experts. The unpredictable nature of attacks like Charger make an advanced cybersecurity solution indispensable. Perimeter-based security solutions are simply not enough anymore.

 

The post Charger, the Most Costly Ransomware to Smartphone Users appeared first on Panda Security Mediacenter.

The worst passwords ever created

For many online services, the only thing keeping your personal data safe from hackers is a password. If a hacker can get hold of that password, they immediately gain access to the account.

Your choice of password is absolutely vital

Your choice of password is absolutely vital which is why most services force you to use a combination of letters and numbers to make it harder to guess. Despite this, many people continue to choose the same, easily-guessed passwords year after year.

Every year mobile app developer SplashData publishes a list of the 25 most common passwords worldwide. Not only are these passwords extremely simple to hack using automated cracking tools, but the fact they are so popular means that cybercriminals will try this list first.

The top 5 passwords

According to SplashData the top 5 passwords are:

  1. 123456
  2. password
  3. 12345
  4. 12345678
  5. qwerty

If any of these passwords look familiar, you could be in trouble.

Most people choose passwords very easy to remember

Most people choose these passwords because they are very easy to remember, and only take a second to type in. The fact that they are all letters or numbers, and all in lower case means that they require the minimum number of keypresses to enter – perfect for the small keyboards on smartphones.

Ignoring password best practice

When you first set up a new account online, you will be encouraged to choose a memorable word of phrase – preferably one that contains upper and lower case letters and numbers to make it harder to guess. But as we discussed on the Panda Security blog previously, these measures are not enough to fully protect yourself.

To increase security, upper and lower case letters need to be used in the middle of the password. They should also include special characters, like !?*(), making them almost impossible to guess. Not unbreakable, but certainly much more difficult.

Reusing passwords

The other major problem with SplashData’s list of most common passwords is that people tend to reuse them for all their accounts. So if cybercriminals gain access to your Facebook account using an easily-guessed password, they can then log into your email, online bank account, and virtually any other system.

More worrying still, if you use these same passwords at work, you place their systems and data at risk too. If the breach is significant, you could even lose your job.

Get creative with your passwords

Although you must include specific characters in your password, you can choose any word you like. Better still, you can string several words together to make very long, very complex password that is almost impossible to guess.

And if you must use the top 25 most popular passwords, try stringing several of them together instead. It’s not a perfect solution, but your password will be more secure.

Use a Password Manager

There are great security solutions that offer a larger degree of protection and include a password manager… all you need is a master password to access all of your favourite internet services. This way, you will only have to remember one password and, as you don’t have to memorize all of them, you can set different, more complex passwords for each service. It maintains your online privacy… at all times!

The post The worst passwords ever created appeared first on Panda Security Mediacenter.

Creepy? Maybe, but Employee Monitoring is Saving Companies Money

The practice of employee monitoring in the workplace has been evolving and is increasingly present in companies. As of this writing, 15% of companies on the prestigious Fortune 500 list have equipped their offices with tiny sensors created by the company Enlighted, which are used to find out how much time a worker spends at his or her desk, and also the time of first activity on their computers (used to determine when they begin the workday).

However, these aren’t the only companies to use this type of technology. Others have used biometric sensors manufactured by Humanyze to know exactly what their employees do in their working hours. The objective is to increase productivity and thereby achieve a more efficient use of resources. Hidden in the lights, walls, desks or even card readers, these sensors are installed with the intention of knowing as much as possible about what’s happening in the company.

One of benefits of this technology is knowing if the office space you use is inferior to its capacity. This would help companies decide whether or not it would be worth it to relocate to a smaller space. Other benefits include knowing when workers are most productive so as to readjust their schedules accordingly, knowing what time the office starts to fill up (and programming the power to turn on at that moment — some companies have already managed to save 25% on energy costs), or even having knowledge about which applications are being run on employee computers. On this last point, it could be possible to know if employees are accessing confidential data and whether, therefore, there is a potential risk to the company’s security.

Some companies have already managed to save 25% on energy costs with this technology.

Security and Confidentiality

When installing one of these employee monitoring systems, it is essential to have the best protection possible. For starters, any vulnerability in the new system could be exploited by cybercriminals to gain access to a great deal of information about the operation of your company, not to mention the possibility of manipulating said data.

Another major concern about having hidden sensors scattered throughout the office is the privacy of employees. Although in some countries it is allowed by law to install any type of sensor regardless of employee privacy, ideally employees will have given their consent. In fact, some companies and institutions, such as the British National Health Service, are already doing this with the consent of their workforce. Their employees are monitored voluntarily to measure, among other things, their movement or their location.

The post Creepy? Maybe, but Employee Monitoring is Saving Companies Money appeared first on Panda Security Mediacenter.

WhatsApp, message encryption and national security

Is Whatsapp the perfect communication channel for terrorists?

The devastating terrorist attack that took place in London last week has brought grief to the UK and the rest of the world. The police that investigation into the incident has raised a number of questions, that could have far-reaching consequences.

WhatsApp and messaging encryption hits the headlines

The discovery that terrorist Khalid Masood had been using the messaging app WhatsApp shortly before the attack presents police with a problem. WhatsApp uses a technology called end-to-end encryption to encode text messages.

This encryption is intended to protect messages from being intercepted by hackers and cybercriminals. If a text is intercepted, it cannot be read without the decryption key – and only the authorised sender has that key. The text is completely garbage without decryption.

Unfortunately this also means that legal investigators cannot access those texts either – the data is completely inaccessible without access to Masood’s phone. Which means that the police may be missing vital evidence of other terrorist activities because the texts are encrypted.

UK government criticises encryption

Speaking in the media, UK Home Secretary Amber Rudd has criticised the use of end-to-end encryption, calling it “completely unacceptable”. She even went as far as suggesting that these encrypted messaging apps are “places for terrorists to hide”.

Ms Rudd’s main concern is that traditional surveillance techniques used to prevent terrorism and crime simply do not work in the age of complex encryption. As such, police and intelligence services are limited in what they can do to keep people safe.

A difficult issue globally

The London terror attack is not the first time security services have run into problems. The FBI has run into similar problems in the US too, unable to access encrypted smartphones belonging to criminals.

Service providers like Apple, Google and Facebook have complied with requests to access data in the past, but in the case of WhatsApp, they remain powerless to act. All encryption keys are specific to the phone owner – services providers like WhatsApp do not store copies, so even they cannot read messages.

Clearly there is no easy answer

.
For the majority of people, encryption is a vital tool to protecting their sensitive personal data. However criminals will exploit that anonymity – placing lives in danger in the process.

In future we may see WhatsApp and other messaging providers being forced by governments to create a “backdoor” in their apps that allows for proper surveillance. Although useful for the intelligence services, this approach could also be exploited by hackers, immediately weakening security of law-abiding citizens too.

How this situation will be resolved remains to be seen. But it could be that your favourite messaging app will undergo major changes security-wise in the near future.

The post WhatsApp, message encryption and national security appeared first on Panda Security Mediacenter.

The best ways to speed up your android device

Six top tips for speeding up a sluggish Android device

It’s soul-destroying and one of the hardest things you’ll ever have to deal with. No, not Sunday lunch with your mother-in-law. We’re talking about Android devices operating at frustratingly slow speeds. It wasn’t like that when you bought it of course. So what’s going on? Why is speed such a big issue half a year down the line? “Is my service provider at fault?” we hear you ask.

It probably isn’t. 88% of all US connections are 3G or 4G, so there should be enough juice available for everyone. Sorry to disappoint you but in all likelihood, your problem is closer to home. Like, with the device itself and the way you are using it. But the good news is that help is available. It’s a fact of life; Android devices will stop performing at top condition after any prolonged period of use. Nobody said you have got to settle for that.

You’ll find below six useful tips to speed up your sluggish Android device.

  1. Back things up. All those photos & videos from that last holiday are so last year anyway… export, weed out, or cull them – whatever you want to call it: it’s time to backup your device. That should be the first step you take. Doing it will free up some space on your phone, and this eventually creates a better working device.
  2. Reboot. When was last time you switched it off? You can’t remember, can you? Well, maybe it’s time to switch it off and restart the device. Your mom will be proud of you!
  3. Clear up that cached data. Cached data will build up in your applications over time. This affects the performance of your device – you’ll find it hard shifting the blame on this one… To delete individual caches simply open up the settings on your phone and go to Storage and press the Cached Data button. It will delete all this useless data choking your beloved cell phone.
  4. Be realistic about your device’s capabilities. Did you overburden your phone with resource-hungry apps gnawing away relentlessly? They’re degrading your phone’s performance, so weed out or cull those apps – whatever you want to call it: it’s time to make some space. Do you really need everything you’ve installed anyway?
  5. Make sure your OS is fully up to date. You should always keep your OS up to date. Yes it’s time-consuming, yes it’s annoying, but just like visiting your mother-in-law it’s got to be done. There are good reasons why Google releases improvements to the Android operating system: those updates deliver stability, higher performance and plenty of benefits. It’s not worth missing out, and they are for free.
  6. Disable unnecessary animations. No matter how great they look, animations and special effects are known to slow things down. Boost performance by taking a closer look at your launcher’s settings.

Panda Mobile Security

If after following all these tips your Android device is still not working at an optimal speed, keep in mind that Panda Mobile Security maximizes the performance and battery life of your smartphone by analyzing in real time the activity of the apps installed on it.

These are just a few tips

There are plenty of other things to consider too. For example, why not use a high-speed memory card to your device? Not only you will increase your storage space (up to 2TB depending on your phone’s capabilities), but your device will start working faster. Also, if you’re are a gamer, check out one of the RAM memory optimizers.
Obviously, we’re all for cleaning things up… but make sure you don’t disable your Panda Security anti-virus software by mistake.

Stay safe!

The post The best ways to speed up your android device appeared first on Panda Security Mediacenter.

The Apps That Most Frequently Appear on Companies’ Blacklists

Apps installed on smartphones and tablets are considered to be one of the biggest risks for companies today. And for good reason. In addition to diminishing the performance of the devices themselves, they can become the gateway to mobile and corporate tablets for cybercriminals.

Because of this, IT departments should be wary of employees downloading certain apps on their devices that may pose a risk, whether because of their popularity or their vulnerabilities.

A recent study looks at the applications that have been most banned by companies around the world, and the result is not surprising: although its popularity began more than five years ago, Angry Birds is the most vetoed mobile app to today.

After surveying technology leaders from nearly 8,000 companies around the world, the report’s authors concluded that globally the game has been declared the number one public enemy of corporate security. No wonder, bearing in mind that the sequel to the game, ‘Angry Birds 2’, was infected a couple of years ago by malware that affected iOS devices.

The ban of Angry Birds on corporate devices shows that, today, mobile phones and business tablets are used interchangeably for professional and personal matters. On the other hand, BYOD (‘Bring Your Own Device’) has become a trend that, either because of the vulnerability of certain applications or of employees’ own personal devices, can jeopardize the security of any company.

To carry out the study, its authors took into account both Android devices and those with iOS or Windows Phone as operating systems. In this sort of blacklist, other applications that veer more toward the personal than the professional follow on the heels of Angry Birds, Dropbox and Facebook: platforms like WhatsApp, Twitter or Netflix are also among the ten most banned applications in the business world.

Another notable conclusion of the study is that among the prohibited applications there are also some that would seem right at home in a corporate environment. However, even these are considered by many companies to be a danger to their security. Such is the case of Skype, Outlook or Dropbox itself, which, after a leak that compromised millions of passwords, seems to have fallen out of favor of late.

The post The Apps That Most Frequently Appear on Companies’ Blacklists appeared first on Panda Security Mediacenter.

Music lovers, are your Sonos devices safe?!

Shout out to a crowd “Hands up if you like music!” Cue plenty of hands going up, with some ‘whoohoo’ screams added on. Rock stars know how to win a crowd over. And not just rock stars… music is one of those universal pleasures passed down generations, with percussion being (probably) the earliest form of music known to humankind. Heck, the Egyptians were at it 6,000 years ago! Other civilizations developed musical instruments too until Guido D’Arezzo reportedly invented solfege a thousand years ago – thus making improvements to music theory that remain in place today (do, re, mi, fa, so, la, si, do… ).

Music and technology

The way we came to appreciate music has changed massively as technology evolved. From outdoor performances in public squares to enclosed theaters, to the invention of the humble gramophone all the way up to Sony’s Walkman, it looks as though the trend for “any music, anywhere… right now” is here to stay. The ability to listen to one’s favorite tunes while out and about is now a given and as common place an occurrence as can be.

At the turn of the millennium, four music visionaries founded Sonos in California. They forever changed music with the introduction at the CES showing off their smart speaker, an intelligent piece of technology operating wirelessly. The company’s Digital Music System bundle won the “Best of Audio” award at the CES Innovations Design and Engineering Awards in November 2005.

The rest, as they say, is history.

Today, Sonos offers many powered speakers that utilize Wi-Fi, Bluetooth, and other standards to extend usage beyond audio playback; a soundbar “PLAYBAR”; and a subwoofer (for those craving that deeper sound!). The company also offers a device to link its system to conventional audio equipment such as and CD player and amplifiers for example.

For music lovers, this means multiple devices within a single household can be connected to one another wirelessly, or through a wired Ethernet network or a mixture of the two. The Sonos system operates with a proprietary AES-encrypted peer-to-peer network known as SonosNet.

In theory, this allows for each unit to play any chosen input. If desired, synchronized audio with one or more zones can also be achieved. Latest versions developed by the company integrate MIMO (an essential element of wireless communication standards) that function on 802.11n hardware, this provides a more robust connection.

Is the system hackable?

Can I get my mate’s audio device to blast out some weird music as a prank? Well, one hack reported a few years ago was much creepier: called “Ghosty”, this Sonos hack freaked people out with haunted mansion sounds. We’re not joking. Developer Aaron Gotwalt combined an unofficial Sonos API, some spooky audio files, and a Raspberry Pi to achieve scary effects.

Taking control of a Sonos system isn’t exactly easy, but that’s beyond the point. Almost everything is hackable nowadays. In today’s era of plentiful connected, hackable devices… it’s good to know help is available. Take Panda Security for example. We operate toll-free, seven days a week phone lines with a human being picking up the phone. We resolve all your home IT and security issues providing much-needed piece of mind.

No need to call Ghostbusters if your Sonos system goes wild, call us – we’ll sort it out.

The post Music lovers, are your Sonos devices safe?! appeared first on Panda Security Mediacenter.

Spring Cleaning: Get Rid of Those Cookies from Your Browser!

Pretty much every day, you accept a few new cookie warnings without actually reading them. Websites are required to inform you that they’re storing cookie files that gather data about your preferences on your own computer. The European Commission has just proposed to simplify these warnings. In addition to cookies that websites create, the memory cached on your browser stores temporary files so that pages load more quickly.

All those cookies start to pile up, believe it or not. Your computer can actually end up getting sluggish after gorging on all those digital cookies. Now that I’ve put it into perspective for you, you can appreciate the seriousness of the situation.

Sometimes what we chalk up to possible malware is actually just an information overload slowing down your browser. That’s why it is recommendable that you do a little bit of tidying up every now and again and clean out the cookie cache. And if you use a shared computer, this could have the additional benefit of protecting your privacy.

Chrome, Firefox, Edge… How Do I Clear Out the Cookies?

Chrome

In the case of Chrome, the most popular browser, you have the option in the icon of the three vertical points located at the top right of the window. Just click the icon and go to More tools and Clear browsing data. Chrome allows you to select the exact information you want to delete: you can delete cookies, files and cached images, browsing history or passwords, and specify a date range. It also offers an alternative path from Settings, Show Advanced Settings and Privacy.

Firefox

To remove your little trail of crumbs in Mozilla Firefox, click on the icon of the three horizontal stripes and select History and Clear recent history. You’ll see a window that allows you to decide the time period for which you’d like to do the cleaning. From the Details tab, you can choose the information you want to delete. And from the same menu, you can access Options, Privacy and History. There you will find the option “Use a custom configuration” for the history, which allows you to decide which browsing data will be cleared when Firefox closes.

Safari

For their part, users of Apple computers can clean out the Safari browser from the Preferences and Privacy menus. Among the available options are to change the configuration of cookies and accepted data from certain websites, delete information of specific pages individually or all at the same time, and see which sites store that data in Details.

Edge

If you’ve already installed Windows 10 on your computer, you’re sure to have saved personal information on Microsoft Edge. To clean it, select More, Settings (the little gear), Clear scan data and check the boxes of the data you want to delete in Choose what to delete. From Advanced Settings you can tell Edge to stop collecting or storing certain information.

Opera

Finally, Opera users remove cookies and clear the cache much like users of Chrome. By clicking on the icon at the top right of the window, you can click Delete browsing data and select the items you want to delete and from when you want to delete them.

Now you know where to find the virtual duster on your personal or corporate computer, so go and do some spring cleaning!

The post Spring Cleaning: Get Rid of Those Cookies from Your Browser! appeared first on Panda Security Mediacenter.

Should You Share Your Netflix Password?

What you need to know before sharing your Netflix account details

Is it illegal to share your Netflix password? As of July last year, a court ruling in the US asserted that it is, in fact, a federal crime to share passwords for online streaming services.

If you share your Netflix password with people you trust though, the truth is that there’s no real need to stress out. It is very unlikely that Netflix are actively coming after password sharers.

Reed Hastings, Netflix CEO, spoke on the subject at CES last year:

We love people sharing Netflix whether they’re two people on a couch or 10 people on a couch. That’s a positive thing, not a negative thing.

The new court ruling was part of the 30 year old Computer Fraud and Abuse Act (CFAA). For obvious reasons, it’s difficult to legislate for online activity, and the CFAA is known for its uncertain, ambiguous and sometimes murky rulings.

Whilst password sharing may be a contentious subject, drawing widely differing opinions from legislators and the CEOs of streaming services, it’s important to look at the impact that account sharing could have on a user.

Reed Hastings recently told Business Insider that, “as long as they aren’t selling them, members can use their passwords however they please.”

Is this advisable though? Probably not.

The first question on your mind when someone asks if they can use your Netflix account, is do you trust that person? Even if they pinky promise they’ll stop using it after that House of Cards binge. This may seem obvious, but bad things can happen if your Netflix password is passed on enough times that it falls into the wrong hands.

Without you knowing, it’s possible, for example, that your account details could be sold on the black market. It could become part of a Netflix scam that sees your account being used a lure to infect people’s systems with ransomware. If you’re “recently watched” section is coming up with shows you’ve never seen, it may be that your account is being used by strangers.

Or the friend who promised to stop after House of Cards simply couldn’t resist.

It’s Safe To Share, If You Trust The Other Person

The truth is that Netflix also have their own way of dealing with over sharing of passwords. Their basic account setting allows for one stream at a time. The standard account allows for two. It’s a simple way of stopping one password being shared with hundreds of people.

Netflix is famous for having encouraged binge watching of shows, and it simply wouldn’t be possible if users had to co-ordinate and share out the use of one account. Hastings relies on the concurrent streaming limit, as well as their relatively inexpensive service being enough of a draw to stop people sharing passwords. It is very unlikely that they would ever try to prosecute users.

“Password sharing is something you have to learn to live with”

Hastings has emphasized as well that there’s no plan to add any other type of restriction to account sharing. “Password sharing is something you have to learn to live with, because there’s so much legitimate password sharing, like you sharing with your spouse, with your kids… so there’s no bright line, and we’re doing fine as is,” he said.

Anyone remember, the early days of online sharing when Metallica received a mighty backlash for having called out thousands of their own fans -who had shared their music online- as criminals? Maybe Hastings knows this type of stance would be bad press, especially for a company whose modus operandi, after all, is online sharing.

There is talk of what’s appropriate ethically though. Something that seems completely fair, considering Hasting’s and Netflix’s relaxed stance towards their service’s members.

We usually like to think that a husband and wife can share an account and that’s perfectly appropriate and acceptable,” said Hastings during a 2013 earnings call. “If you mean, ‘Hey, I got my password from my boyfriend’s uncle,’ then that’s not what we would consider appropriate.

The post Should You Share Your Netflix Password? appeared first on Panda Security Mediacenter.

Protect Your Instagram Account From Spambots

Comments that have nothing to do with the photo you’ve posted, followers that don’t seem completely human despite their profile picture, messages from unknown accounts containing suspicious links or offering to help you get followers… It’s likely that you or some of your friends and maybe even the social media manager at your company have run up against this kind of thing on Instagram.

Spambots continue to be a major headache for the Facebook-owned social network that has over 600 million users. According to a study carried out by Italian researchers, 8% of Instagram accounts are false.

This is a blight on the company’s image, and has led to some embarrassing occurrences, like the time when spammers inundated feeds with a multitude of pornography. Apart from that, there are plenty of brands that use bots to swell the numbers of their followers, a practice that Instagram prohibits. So what can you do about this?

Instagram offers its users a few tools to report spam. The user can delete a comment that she considers offensive and report it, block a user or inform the social network that a profile or a publication is potentially suspicious. For example, if you see that a user does not share photos, follows hundreds of people and only posts comments with links, it could well be a ‘spammer’, although generally try to hide it using an attractive profile photo.

Recently, the social network has included new options to protect privacy. If you’ve decided to make your account private (which is advisable if you don’t want strangers browsing through your photos), then you can now remove followers without having to block them.

Also, all Instagram users can now use an automatic filter that eliminates comments which include a word considered offensive by the community or by the user. Just go to Options, Comments, and Hide inappropriate comments. In fact, you can disable comments on photos and videos altogether.

On the other hand, if an unknown follower sends you a direct message, it is best not to click on the link. It could be a bot sending a malicious ‘link’. It is also possible that its intention is to start a phishing attack.

Improving Instagram account privacy by adding two-step verification, using a strong password, and being careful about sharing content are other tips to avoid running into security problems with your personal or company accounts. And of course, if your using any social network from work computers, Panda Security’s advanced cybersecurity solutions for companies could be a great help in preventing spam from leading to the downloading of malware.

The post Protect Your Instagram Account From Spambots appeared first on Panda Security Mediacenter.