Category Archives: Panda Security

Panda Security

Panda Security

Apple implements security measures following disastrous year

apple

Following a spate of security breaches and concerns, Apple has taken the steps to ensure that 2016 doesn’t see a repeat of the software problems that it suffered in recent months. The security measures have been widespread, with updates to their operating systems for mobile (iOS) and Mac (OS X), its television service (Apple TV), the Safari web browser, and the operating system for its much publicized smartwatch (watchOS).

This move was prompted by the worrying number of vulnerabilities that were present in its software. To give you some idea of the state of array that Apple found itself in, when an update for the 9.2 version of iOS was released, it was said to include a solution for more than fifty security issues that had been discovered, while the number of problems on OS X were said to have reached more than one hundred.

mac

Nearly half of those vulnerabilities allowed for a cyber attacker to take control of the device by accessing it via a malicious application that had been unwittingly installed.

It seems strange that Apple has to patch up security issues in its software when, for many years, fans of the brand vehemently boasted that there were no malware risks that could damage the luster of the brand.

However, it turns our this is false, and not only have threats existed for decades, but the past year has been one of the most devastating in the brand’s history.

According to a recent study, the number of malicious programs created for the Mac operating system in 2015 was five times higher than the total amount created in the previous five years, making it a low point for the security of Apple devices and its users.

keyboard

This bad news comes with an ironic silver lining for Apple – if there are more and more malware samples being created for its operating it systems, it means that the brand itself is becoming more popular. Until now, keeping in mind that Windows (or Android, in the case of mobile devices) has the lion’s share of the market, it was logical to think that cybercriminals would put more effort into taking advantage of the Microsoft operating system.

However, this growth means that Apple is now looking more and more attractive to cybercriminals, as they look to get bigger rewards from their malware. The company ended the year having covered up many holes in its security armor, but that’s just the start of it – it’s likely that the next year will see more holes that need covering up.

More | Panda Antivirus for Mac

The post Apple implements security measures following disastrous year appeared first on MediaCenter Panda Security.

Panda Security

6 simple steps for safely using mobile bank applications

money

The way that we carry out our banking operations has changed dramatically over the years. With the increase in Internet use a decade ago, it helped to remove the need to go to our banks or ATMs to manage transactions or to move money around. In the past couple of years the landscape has changed even further, with the advent of smartphones meaning we can also look after our finances on the go.

Thus, if you have a smartphone then it is likely that you will also have downloaded the official app of your bank. Most banks have invested greatly in ensuring the security of these apps, as any potential problems could be devastating for the reputation of the bank. These apps often have limits set on the amount of money they can transfer to minimize the risks and some demand a code from a token or card reader to authorize any transaction.

However, as with all apps, it pays to be safe and take precautions when using your banking application, just as you would with your credit cards, especially with Christmas just around the corner – a time when we are usually busy transferring money and checking our statements more than usual.

To help you stay safe, here are a few easy tips to help you bank safely from the comfort of your smartphone.

  1. Only use official apps

This may seem slightly silly, but you need to make sure that you’ve downloaded the official app from your bank.

  1. Keep the app updated

This piece of advice goes for all applications that you install, but with banking apps it is even more important. With each update, the developer may have included increased security defenses, which if you haven’t updated to, could leave you exposed.

  1. Select the SMS authorization option

Search for this option in the app, which means your bank will send you an SMS every time money has been lodged or removed from the account. This will allow you to spot any discrepancies before it’s too late.

  1. Log out when not in use

When you have finished using the app, it is very important that you log out of the app. This will help protect you in the event of your phone ending up the hands of the wrong person.

  1. Use a phone tracker

Getting a phone tracking app is an efficient way of remotely deleting information from your device in case you lose it or it is stolen.

  1. Install a trusted antivirus

A good antivirus will protect you from any suspicious activity or malicious apps. Panda offers solutions for both Android and iOS users in the form of Panda Mobile Security for Android and Panda Antivirus for Mac, which also scans iPhones for malware.

Finally, if you suspect that you have been the target of banking fraud, contact your bank immediately.

The post 6 simple steps for safely using mobile bank applications appeared first on MediaCenter Panda Security.

Panda Security

Attacks on Android and large-scale infections are among the main security threats in 2016

security trends

Panda Security, global leader in cloud based security solutions, has announced its predictions regarding the main problems that could affect IT security in 2016. The coming year will be filled with threats that could affect private users, small businesses, and large corporations.

The creation and spreading of new malware samples, aimed at infecting users, will continue growing at an exponential rate, just as we have seen in in 2015 where the number of new samples registered daily reached 230,000.

During 2016 there is a predicted increase in infections via JavaScript and a growth in the number of cybercriminals using Powershell, a tool included in Windows 10 that allows scripts with all types of functionalities to be executed, which could be used to attack users.

Large scale and mobile based attacks

Cybercriminals are looking for ways to attack the greatest number of users and businesses, while achieving the greatest possible profit.

Because of this, they will continue to use tools such as Exploit Kits, as many current solutions aren’t capable of combatting this type of attack effectively, which means its rate of infection is very high. For the same reason, malware on mobiles will also increase, especially for Android, which is the most popular operating system on the market.

“Although Android attacks have been commonplace in recent years, the news for 2016 is the manner in which mobiles will be infected. We will see more threats that root the device, which makes eliminating it a near impossible task for an antivirus, except for those that come installed from the factory”, says Luis Corrons, Technical Director of PandaLabs.

There will also be an increase in direct attacks through rootkit techniques, which allow the hackers to hide themselves from the operating system and security solutions.

Internet of Things and mobile payment

2016 will be the year in which the Internet of Things flourishes, with more devices than ever connected to the Internet.

With this in mind, cybercriminals will carry out attacks on these devices, as we have already seen in 2015 in the case of cars whose software is connected to the Internet, which allowed for the remote control of the vehicle.

Payment platforms on mobile devices will be under scrutiny as cybercriminals looks to take advantage of them, as they could be easy ways for criminals to steal money directly.

“If any of the platforms becomes more popular compared to the others, it will be the first one to be looked at by the attackers as they search for weaknesses in its system”, continued Luis Corrons.

Main challenges for security

In the face of the current panorama, where the number of threats is growing exponentially and attacks are becoming more sophisticated, users and businesses will have to adopt extra security measures to remain protected against the dangers of the Internet in 2016.

What’s more, for businesses there are also threats that could seriously damage both their reputation and finances. Cybercriminals will make it their goal to steal confidential information relating to the company (financial data, strategic plans, etc.), and even information belonging to their customers. Once they have it, they will try to blackmail the company into paying a ransom to get the information back, a method known as Cryptolocker.

To face the complexity of these attacks, and those that await us in 2016, it will be necessary for users and businesses to have security tools and solutions that analyze and classify the behavior of all executables, and that also offer advanced protection to prevent and act against security threats.

The post Attacks on Android and large-scale infections are among the main security threats in 2016 appeared first on MediaCenter Panda Security.

Panda Security

How kids’ toys are becoming a tool for cybercriminals

girl tablet

Until recently it would have been unthinkable to imagine that a simple Barbie doll could pose a threat to data security and information relating to minors, however, more and more toys aimed at children are now connected to the Internet of Things which leaves them vulnerable to attack.

A current example is the new Hello Barbie, recently released by Mattel, which can speak to children – it has up to 8,000 recorded phrases, allowing it to communicate with its owners.

The toy needs to be connected to a Wi-Fi network to send the audio to the servers of ToyTalk (the company responsible for the voice recognition technology), where it is analyzed and a suitable response is chosen. The users, which in this case would be the parents, have to download an application and open an account with ToyTalk to enable the doll to speak.

hello barbie

Mattel claims that the microphone will only activate itself once the related button is pressed, adding that “parents and guardians have control over their children’s information and can manage it via the account”. However, as is the case with other devices, the servers are exposed to a possible cyberattack.

An example of this type of technology’s vulnerability is the recent data leak suffered by VTech, manufacturers of electronic toys for children. The Chinese company sells tablets, mobiles, and baby monitors.

The cybercriminals managed to get data belonging to five million parents and 200,000 children from the company’s servers. This information included names, email addresses, passwords, postal addresses, and thousands of photographs of minors, and even included recordings of the conversations between the toys and their children.

With the growth in electronic toys comes a growth in possible leaks, which has led to national governments taking measures to counteract this. A recent document released by the British government stipulates the areas in which technological fields intelligence and security agencies can investigate, and each of their respective obligations.

child tablet

According to a report from the BBC, Antony Walker from techUK (an organization that represents more than 850 companies in the UK) has claimed that any device connected to the Internet is at risk of being used as a spying tool.

Walker also raised concern with regards to the danger posed by toys that come equipped with cameras and microphones. “In theory, the manufacturer of those products could be the subject of a warrant to enable equipment interference with those devices”, he added.

The aim of these warnings isn’t to cause panic, nor to put people off purchasing these toys, but rather to raise awareness of the growing risk attached to this type of gift.

The post How kids’ toys are becoming a tool for cybercriminals appeared first on MediaCenter Panda Security.

Panda Security

The security risks posed by working from home

working from home

It offers greater flexibility for employees and makes them more productive – the work from home revolution, which is being offered by more and more businesses, allows workers to complete their jobs from the comfort of their own home. According to Eurostat, 35% of European businesses currently offer their employees the option of working from home.

Although this percentage is lower in some countries (the EU average is 12%, while in the UK the figure rises to 25%), the trend is clear, and businesses that have yet to embrace it do so for fears over security.

If employees manipulate information from their homes, the companies don’t have any control over the security that is in place, which leads to fears over the loss or theft of data.

The fear is logical as a home environment could be much more vulnerable than a corporate one, where the software of the servers offers greater security guarantees.

The existing risks are, in reality, quite varied and extensive. Data loss can arise in various different forms such as a failure in the system that deletes files that haven’t got a secure copy, the theft of a password, or even the computer itself. This could all result in a thief getting is hands on your company’s confidential information.

That said, working from home doesn’t have to be synonymous with danger. For employers to permit their staff to work from home, they first need to put in place a protocol that establishes rules for working from home or outside of the office.

home office

However, there are some measure that workers can take to avoid any shocks. To start with, the use of remote desktops is a possible solution. With them, it is possible to avoid information theft as they allow the employee to connect directly to the company’s server where the information is stored and where there are automatic security copies made.

Passwords and encryptions

Another key point for making working from home safe is the concern over passwords. The theft of that which the employees uses for accessing the company’s network while working out of the office could end up being disastrous, practically handing a huge amount of data to a cybercriminal.

Beyond the corporate server’s passwords, teleworkers that carry out their tasks from home should keep in mind that, when using services and tools on the cloud, that they follow certain steps in creating secure passwords. These including avoiding the use of the same password over and over, making sure to change it frequently, and using a password manager.

That said, passwords aren’t always enough. Although a remote desktop is useful for avoiding the storage of corporate information on a home computer, sometimes it is unavoidable.

In this case, apart from using a safe password, it is important to encrypt confidential information. This way you can avoid a laptop theft resulting in the theft of information. Encrypting archives via the operating system or encrypting the hard drive removes all of this risk.

One way or another, working from home is growing at an unstoppable rate thanks to technology, but it should mean that security has to suffer – the correct technology offers tools so that information isn’t at risk while workers complete their jobs from home.

The post The security risks posed by working from home appeared first on MediaCenter Panda Security.

Panda Security

How to be a cybersecurity Jedi – 5 things we’ve learnt from Star Wars

While we await the premiere of the seventh installment in the famous series, Star Wars VII: The Force Awakens, we’ve decided to look back on the original trilogy to look for subtle security tips that are hidden in films.

Pop culture, especially when it concerns robots, spaceships, and technology, can show us a lot about data protection and strategies to prevent possible cyberattacks.

star wars

Hiding places can be found

In The New Hope, the original film, Princess Leia managed to record a message on R2-D2 in the hangar that she’d been held captive in. Later, the lovable robot escaped with his companion, C-3PO, and they made it to Tatooine.

There they found a young Luke Skywalker who, after playing around with some buttons, succeeded in unlocking the holograph message that the princess has left on the machine, which also included blue prints of the Death Star.

All of this valuable information was protected by what is known in the real world as security through obscurity: a strategy that uses a secret in the design of a program to hide information. Its defenders don’t think it’s likely that anyone could discover what’s hidden but, without a good encryption, Darth Vader could have easily accessed the information saved on R2-D2 (if he had managed to capture the two friends).

death star

Small vulnerabilities, big problems

At the end of the film, Luke Skywalker is able to blow up the massive Death Star with just two shots: applied to the right spot, a small hit can cause huge damage.

Something similar happens in IT security. Sometimes it’s the small vulnerabilities in the most basic of software that serves as an entry point for cybercriminals, allowing them to carry out complex attacks, steal information, or take control of the entire network. The conclusion is that, in order not to wind up like the Death Star, be sure to look after the security of your devices, up to the smallest of details.

Hackers with Jedi abilities

We also see in The New Hope that Obi-Wan Kenobi shows his Jedi abilities to trick the imperial soldiers, playing with their minds to make them believe something different to the reality.

Cybercriminals use a similar trick to make programs miss certain details. Many types of malware include what is known as a rootkit, which hides in the operating system and stops the malware from being detected.

luke star wars

The importance of good training

In The Empire Strikes Back, Luke had to decide between sticking with his Jedi training or rescuing Han Solo and Princess Leia. Despite his masters advising him against it, he went with the latter. As a result of this, he couldn’t save any of his friends and ended up losing an arm. Perhaps if he had continued with his training he would’ve been better prepared.

Security professionals don’t have to rescue any princesses, but they also can’t afford to let their training be an afterthought. It’s important to always be prepared as cybercriminals are constantly developing new and more sophisticated strategies.

ewok

The secret of the Ewoks

Even the loveable Ewoks from The Return of the Jedi have something to show us: they may have only used simple weapons, such as wooden catapults, but that didn’t hold them back.

As a whole, simple security strategies are extremely useful. One of the most basic, the application of various security layers to protect devices, hasn’t lost its use despite ever more complex attacks. If you use different tools, they will each cover the deficiencies of the other.

The post How to be a cybersecurity Jedi – 5 things we’ve learnt from Star Wars appeared first on MediaCenter Panda Security.

Panda Security

Panda Security launches Small Business Protection, the cybersecurity solution for microbusinesses and freelancers

small business antivirus

Online threats don’t just affect private users and large corporations. Freelancers and microbusinesses, which in the USA account for nearly 80% of the business sector, are an easy target for cybercriminals.

To help them stay protected against the 230,000 malware samples that are created daily, Panda Security has launched Small Business Protection, the new antivirus for freelancers and microbusinesses that protects them against large threats. Now, these companies can rely on a solution that eliminates, in real-time, all types of viruses and threats on IT devices.

Amongst the main characteristics of Small Business Protection is its ability to protect against both known and unknown threats, thanks to a security model based on the supervision of processes and the control of applications that run on the company’s computers.

This allows Panda to offer these types of businesses a complete protection that also protects against online fraud, identity theft, phishing attacks, and other threats. What’s more, in no way will it affect the performance of the devices as it is a lightweight and responsive product.

Wi-Fi protection against hackers and intruders

One of the daily battles that microbusinesses face is keeping their corporate data free from threats via Wi-Fi connections. To combat this, Small Business Protection includes a security model that detects weaknesses on the Wi-Fi network and protects against intruders. Thanks to a bidirectional firewall, corporate users can browse on the network in peace, without interruptions, and protected against unwanted connections.

Furthermore, Panda Security has incorporated a series of periodic tips and recommendations in Small Business Protection so that its users can increase the security of their network without needing to be IT experts.

“With Small Business Protection we wanted to help freelancers and microbusinesses to protect their business. They need the same protection as a large organization and by using free antiviruses, or inappropriate solutions, they are putting their company’s security at risk,” claims Alejandro García, Panda Security’s Head of Global Strategy. “This solution is particularly relevant for the USA, where approximately 80% of businesses consist of 9 employees or less.”

Small Business Protection is a product designed so as to allow freelancers and SMEs to focus their attention on the correct development of their business, removing any barrier that gets in the way of this, including cybersecurity. An intuitive and simplexity version of Panda Security’s best protection just for them.

To get more information on Small Business Protection, enter here.

The post Panda Security launches Small Business Protection, the cybersecurity solution for microbusinesses and freelancers appeared first on MediaCenter Panda Security.

Panda Security

5 memorable WhatsApp scams from 2015

Just like we saw in 2014, it has been a year full of scams, tricks, and swindles aimed at WhatsApp, the ever popular messaging service.

We don’t doubt for a moment that 2016 will be any different, so we’d like to remind you of how cybercriminals look for their potential victims by taking a look back on the main scams we’ve seen on WhatsApp this year.

Amazon-Gift: a virus in WhatsApp

The Trojan known as Amazon-Gift tell users through a WhatsApp message that both companies have joined and they are offering a gift-card. And if the user wants to obtain the check he must click on a link.

whatsapp virus

The prize is none other than a Trojan that will infect your mobile phone and add it to a network from which other cyber-attacks will be launched.

So, now you know if someone sends you an Amazon-Gift forget it and don’t click on the link!

Voice messages for WhatsApp?

In this case, we were advised by email that we had a voice message waiting for us. The infection was unleashed once we downloaded this supposed message which one of our contacts was said to have left us.

whatsapp voice message

As we warned you in May, cybercriminals try to infect us by via emails in which they invite us to download a WhatsApp voice message.

Discount coupons

Neither McDonald’s nor Ikea are offering coupons for filling out surveys on WhatsApp, yet this method of social engineering was spotted in 2015, with the aim of stealing confidential information from victims.

ikea scam

It all starts with a link sent by one of your contacts. From there, the potential victims have to fill out a survey which is supposedly from the well-known brand. This is how the criminals get the private information and have used other famous names such as Zara, Lidl, and Starbucks to complete their scheme.

WhatsApp Trendy Blue

This is the latest scam that tries to trick users of the instant messaging service. This supposed new version of the app promised new personalization options but, in reality, the user was signing up to a premium rate tariff without realizing it…

whatsapp trendy blue

Don’t fall for these traps! Only trust the versions that are offered via the official store!

Spying on our contacts’ conversations 

This scam was launched in 2014 and reappeared again this year with the aim of taking advantage of the human desire for gossip. Like anyone else, we would all love to read the private messages of someone, whatever the motive!

whatsapp spy

This is why cybercriminals create fraudulent applications like this, claiming that by downloading it you will be able to spy on your contacts’ chats.

The post 5 memorable WhatsApp scams from 2015 appeared first on MediaCenter Panda Security.

Panda Security

10 tips to avoid unwanted surprises this Christmas

christmas gifts

Christmas is around the corner and with it comes the usual round of parties and celebrations. This means that our spare time is taken up more than usual, which has an effect on how we complete our gift shopping. The easiest way around this for most is to take to the Internet, avoiding the queues and stress of the stores, in search of those last minute presents.

However, the speed and efficiency of online shopping isn’t the only thing we may experience as this time of year is prime season for cybercriminals and scams, owing to the sheer quantity of activity taking place online. For this reason, we’ve got some tips to help you avoid any nasty surprises.

Also, because taking precautions shouldn’t just be confined to December, nor to online shopping, we’ve filled out the following list of recommendations with some tips regarding how to stay safe when using some of the new technology you might find under the tree this year.

10 tips to avoid unwanted surprises this Christmas

1. Be wary of your cards

Services like PayPal are highly recommended as they encrypt all transfers. If you use them in conjunction with a credit card, you will double your protection if you add in the antifraud used by banks. Anyway, if you only use a credit card, be sure to use just one so as to minimize any potential risks.

2. Pay attention to your browser

Despite always being advisable to surf on secure websites, it is even more important at this time of the year. Only make purchases on known platforms that use authorization services to complete transactions.

amazon

3. Manage your passwords

Make sure that your passwords are secure. During the days leading up to Black Friday, many Amazon users received emails that advised them that their passwords has been reset because someone has tried to access their accounts.

4. Bargains and scams

Don’t trust emails that arrive in your inbox claiming to offer you discounts and deals, especially if they come from unknown sources. The links might direct you towards fraudulent pages where a malware could install itself on your computer.

5. Games and privacy

Recently, a group of cybercriminals hacked the servers of VTech, a manufacturers of electronic games such as tablets, computers, and dolls). They stole information belonging to five million customers, including photographs of minors. Although the company assures us that the theft hasn’t affected credit card details, the hack serves as a reminder that we should be careful with information that kids and parents share on technological devices.

6. Drones

These remote controlled flying machines are all the rage at the moment and there’s a high chance of one being under the tree in your home. Where you give or receive one, keep in mind that just like any other electronic device, they too can be at risk. They are easily manipulated, which can cause them to veer off course, so it’s best to use them in places where there is no risk to third-parties.

7. Watch out when using public Wi-Fi

Don’t fall for the temptation to purchase online when you’re connected to public Wi-Fi. Avoid carrying out anything related to your bank as your device won’t be protected against any attacks – cybercriminals can follow your steps on the network and spy on communications carried out on different pages.

smartwatches

8. Time to take precautions

Smartwatches are another present that many of us will give or get this Christmas. The sensors that are built into them obtain user information which most of the time is stored on the cloud, not to mention the separate information that the applications store. Make sure that the model that you have allows you to block the screen, be sure to choose good passwords, and inform yourself of encryption measures that the brand uses.

9. Keep your receipts

Once you’ve completed a purchase, save the receipts and proofs of purchase just in case there is a problem down the line. Also, take a look at your bank statement every so often to ensure that there are no unauthorized movements being carried out.

10. Information and wearables

There’s no better gift for a runner than a device that measures their physical activity and health at the same time. Bracelets such as trackers store a huge amount of information and share them with different applications. As a security measure, keep an eye on the passwords for your accounts, deactivate Bluetooth when you don’t need it, be care with what your share on social media, and read the terms and conditions of the apps that are linked to the device.

The post 10 tips to avoid unwanted surprises this Christmas appeared first on MediaCenter Panda Security.

Panda Security

Thousands of errors found in multiple Internet of Things devices

iot

The Internet of Things (IoT) has arrived and it’s here to stay. What might seem a tool that is only used by a select few will soon become a worldwide trend – the lock on your home, your household objects, and even your toothbrush will soon be connected to the network and under control via an app.

For this to become a reality, it will be necessary that an army of engineers and developers that program the software is created. It is estimated that in the coming years this will generate millions of employment opportunities. That said, it won’t just be necessary to create thousands of applications and devices that are connected to the network, but rather the importance will be on protecting the security of users.

In fact, the first stages of the Internet of Things is fraught with a worrying number of vulnerabilities – according to a study by Andrei Costin and Aurelien Francillion, two security experts at the French investigation center, Eurocom, IoT devices that are currently on the market are riddled with security flaws.

To complete their investigation, the pair analyzed nearly 2,000 variants of firmware that accompanied the first network connected devices. The conclusions of the study couldn’t be more worrying – they found nearly 10,000 vulnerabilities that could put user security at risk.

Among these flaws were some that would allow cybercriminals to access personal information to even infect the device with the aim of controlling it remotely.

iot home

The situation is particularly worrying if one keeps in mind that a lot of devices related to the Internet of Things are used to control doors and windows of homes, and even the temperature of the house. By taking advantage of this, a criminal with sufficient knowledge could manipulate the devices and gain access to our homes.

As Costin explains, the team of investigators unearthed these flaws in a simple way. He highlighted that the manufacturers could have discovered them earlier if they had used his methods before releasing them on the marketplace.

Although it is worrying that they have found nearly 10,000 vulnerabilities, it is even more frightening to think that the investigators limited their search to only the interfaces of the devices. This all points to a grim reality of the possibility that there are still more flaws that have yet to be discovered.

If the Internet of Things wants to become a reality within our lives, it is hugely important that its developers pay more attention to its security. Only then will users be able to use connected devices without the fear of a security flaw hanging over them.

Meanwhile, Costin and Francillon’s investigation appears to indicate that our data and security are currently at risk due to this new technology.

The post Thousands of errors found in multiple Internet of Things devices appeared first on MediaCenter Panda Security.