Category Archives: Panda Security

Panda Security

Panda Security

Security tips to avoid becoming a victim of revenge porn

Leave a comment

http://www.pandasecurity.com/mediacenter/src/uploads/2017/02/pandasecurity-MC-revenge-porn-300×225.jpg

Relationship break-ups have always been difficult, sometimes even acrimonious. Unfortunately a distressing new trend has emerged that can make the process even more hurtful.

Revenge porn – the process of sharing intimate, naked photos of an ex-lover online without permission – is being used by some jilted partners. By sharing these pictures on social media and other public websites, the person hopes to hurt and humiliate their victim, who they often blame for the collapse of the relationship.

Obviously revenge porn is illegal – but once those photos are ‘in the wild’, there is almost nothing the victim can do to prevent their spread. The only way to stop yourself from becoming a victim is to put protections in place in advance.

Here are 4 ways to help yourself:

1. Don’t take naked photos

By far the safest way to prevent intimate photos from being leaked online is not to take them in the first place. As soon as those images exist, even if you don’t share them, they are at risk of loss, theft or leakage.

The minute you take a photo on your phone, it is copied to the Cloud for instance – so now you need to protect two copies. And if you sync your phone with your computer, that then creates a third; three copies that provide points of vulnerability.

2. Don’t share naked photos

The second rule of protecting yourself against revenge porn is to ensure you never send naked pictures to anyone. No matter how much you love and trust your partner, you give up all control over that image the minute you pass it on.

Should your relationship hit the rocks, you will find it even harder to regain any control over those pictures.

3. Don’t be afraid to ask someone to delete pictures

If you go ahead and send an intimate picture to someone, you should always be ready to ask them to delete it – for any reason at all. You should also watch as the image is deleted to make sure it really is gone.

4. Protect your devices

Sometimes technology lets us down, and sensitive data is stolen or leaked directly from our computers and phones. Modern malware and computer viruses are exceptionally good at stealing our information.

This is just one of many reasons why you must install security software on your phone and PC to protect against hackers. Using an application like Panda Security prevents cybercriminals from accessing your pictures, protecting you against revenge porn leaks or blackmail attempts.

Use your head

Like most cybersecurity problems, applying your common sense could save you a great deal of embarrassment later. There is nothing “prudish” about refusing to take or share naked photos – in fact, protecting yourself in this way is extremely mature. So you should never feel pressured into sharing something you don’t want to.

And if you so choose to share an intimate image, make sure that your phone and PC are secured to minimise the risk of your selfie being leaked. You can download a free trial of Panda Security to get started.

The post Security tips to avoid becoming a victim of revenge porn appeared first on Panda Security Mediacenter.

Panda Security

Online dating scams

Leave a comment

http://www.pandasecurity.com/mediacenter/src/uploads/2017/02/pandasecurity-MC-online-dating-EN-1-440×290.jpg

Does swiping right cost more than $200 million to the USA?

Protection when using dating apps no longer means you have to pop by the pharmacy before you go out on an internet date. UK’s National Fraud Intelligence Bureau (NFIB) recently reported online dating fraud in the UK cost victims a heart-breaking £27 million ($34 million) last year. NFIB states the numbers are not entirely correct as they believe many people are not reporting online dating crimes out of embarrassment. Quartz most likely takes this argument into account as it mentions the losses in 2016 from online dating in the UK estimates at very close to $50 million. Anyway, we will rely on NIB’s data. The UK has a population of 65 million people, and according to the UK’s office for national statistics, about 45 million of them have access to or use the internet.

How is this relevant to us here in the USA?

Having in the scams are happening in a well-developed country such as the United Kingdom we find the results of NFIB’s research utterly shocking. We decided to see how these numbers would compare to cases in the US. According to PerREsearch, today roughly 280 million Americans use the internet or have access to a connected smartphone or a PC.

If we maintain the same ratio, we can quickly conclude that online dating fraud is mostly costing the US population more than $200 million. This is a lot of money, just to put things into perspective $200 million would be the cost of constructing a desalination plant able to provide clean water for the whole county of Ventura. People need to be protected while enjoying the perks that come with online dating. I guess we just solved the drought problem for one of California’s drought-stricken counties.

Is it $200 million dollars?

It most likely is more than that. It’s no secret USA tops the list of the countries most engaged in online dating. We, the Americans might be smarter and not fall for the tricks of hackers, but according to eHarmony, 40% of Americans use online dating sites when compared to just 25% in the UK, who admitted to having at least one dating app installed on their phone or tablet.

Even if we are not as easy to trick as the Brits, online dating scams are most likely affecting us more than our British friends across the pond. We won’t go into further details but the time and money Americans lose on dating sites are serious. Thus, we wouldn’t be surprised if numbers in the US are even higher.

Who are the victims?

Seniors are more prone to fall victim to one of these scams. About 62% of those who fell for the scams were over 40, and a quarter were aged 50-59. So be extra vigilant if you are in this age group. And even if you are not, if it seems too good to be true, it probably isn’t. And unless you are into giving away your personal belongings, money and personal information to complete strangers in exchange for a possibility of a hookup, we advise you to keep yourself protected with antivirus software that may prevent you from getting scammed. We understand that chatting with exotic lads and ladies might be bringing emotions you enjoy, but please remember to remain protected. Don’t be a contributor to the $200 million pot the US is most likely giving away.

How to determine if you are being scammed and what actions you must take?

Yes, you can be a good citizen and help the police catch the lovebird trying to take your vacation money away from you. The number one rule is always to record the incoming phone number should you start receiving calls. This should not be hard as you can find it in your ‘recents’ section on your cell phone. Secondly, try to remember as much as possible about the way your lover-to-be is talking, i.e. accent, or type of words he/she is using. If it doesn’t feel right, hang up and report the user to the fraud department of the dating platform you are using.

Being a good citizen will help dating sites keep their listings as accurate as possible. Never allow access to your personal information, if you have doubts about the person you are meeting or chatting.

Bear in mind those three rules:

  • Do not give your account number to anyone over the phone or the Internet unless you are the caller or if you are 100% sure who they are.
  • Keep in mind that fraudulent activities are often made by non-native people.
  • Using common sense is the best way to avoid a scam.

Panda Security is here to the rescue; we offer the best antivirus protection for all your devices. Next time you swipe right, stop by at www.panda.com and get yourself protected. Then go to the pharmacy and get the additional things you may need to enjoy a safe and happy relationship.

The post Online dating scams appeared first on Panda Security Mediacenter.

Panda Security

Two Step Verification, and How Facebook Plans to Overhaul It

Leave a comment

http://www.pandasecurity.com/mediacenter/src/uploads/2017/02/facebook-two-step-verification-300×225.jpg

We’ve all been there. You get a new smartphone or computer, and you have to slog through all of your first-time logins by manually typing out usernames, passwords, etc. Sometimes it happens that one of your accounts has a particularly difficult password that you barely even remember creating and – yep, you get locked out of your account. You curse yourself for that distant day when you felt so ambitious about password security and created such a puzzle for your future self. But if you’re among the many who ordinarily aren’t too finicky about security, then you’ll probably have no qualms about recovering access to your account by requesting a password reset email from the company.

However, cases reminiscent of the recent data breach of the century at Yahoo that affected a billion accounts show the need for additional security measures. Attackers would be happy to use passwords and security questions collected from such breaches to access your current accounts. In fact, the password recovery link itself may be compromised.

The alternative standard procedure in these cases is the two step verification: associate a phone number with the account to add an extra layer of security. This option is available on a number of services, including Gmail, Facebook, Twitter, and Instagram. However, Facebook has just announced a new way to recover forgotten passwords safely and without the need of a phone.

Challenging email as the standard

Soon, the social network par excellence will allow third-party web users to recover their passwords through their own service. Internet users will be able to save an encrypted token on Facebook that allows them to retrieve their password on pages like GitHub. This way, if you lose your Github password, you can send the token from your Facebook account, thus proving your identity and regaining access to your GitHub profile.

The company has emphasized that the token’s encryption guarantees user privacy. Facebook can’t read the information stored in it and will not share it with the service you’re using it for without express permission from the user.

At the moment, the service, which has been called Delegated Recovery, is only available on GitHub. It has also been made available to researchers as an open source tool to be scrutinized for vulnerabilities before it is implemented to other websites and platforms.

With this new method, Facebook aims to eliminate the headaches of users who suffer theft or loss of their smartphones and can’t recover their accounts immediately. And while they’re at it, they’ll take the opportunity to offer themselves up as a safer alternative to email when it comes to recovering passwords. “There’s a lot of technical reasons why recovery emails aren’t that secure. Email security doesn’t have the greatest reputation right now. It’s the single point of failure for everything you do online,” said Brad Hill, security engineer at Facebook. Will Facebook succeed in becoming the hub of all of our accounts? Time will tell.

The post Two Step Verification, and How Facebook Plans to Overhaul It appeared first on Panda Security Mediacenter.

Panda Security

4 Cybersecurity Risks We’ll Face With WhatsApp Status

Leave a comment

http://www.pandasecurity.com/mediacenter/src/uploads/2017/02/pandasecurity-MC-whatsapp-status-300×225.jpg

WhatsApp –the Facebook-owned giant that really needs no introduction– is seemingly on a mission for world domination, this time, taking on Snapchat.

The instant messaging company’s new WhatsApp Status feature will allow users to privately share edited photos, videos and GIFs, with their contacts, that will disappear after 24 hours.

It’s not the first Facebook-led Snapchat Stories copycat, but it’s perhaps the most ambitious. WhatsApp, with over a billion users, have really taken on the competition here.

One of the interesting points that Whatsapp have always made sure to emphasize in their blog is the “security by default” principle which will be upheld by Stories.

In the Status feature statement, Jan Koum has said “yes, even your status updates are end-to-end encrypted.

But Is It Really As Safe As They Say?

Hervé Lambert, Retail Global Consumer Operations Manager at Panda Security says that the use of Whatsapp Status is still not risk-free:

After having carried out various studies on the behavior of people on social media, we’ve detected a few potential risks that all users of this new version of WhatsApp Status should recognize.

Your Status Will Be “Public” By Default

The default setting on WhatsApp Status will be set to public. All of your statuses will be visible to any contact you have on your phone. To some, this may entail a real invasion of privacy as most people hand out their phone number much more readily than they accept someone on social media. Think of the amount of work acquaintances or casual contacts that will have access to potentially private posts.

We have to take into consideration that we can’t tell certain details of our private lives to all our contacts. We don’t know what these people could do with this information,” adds Hervé Lambert.

Hackers Can Breach WhatsApp’s Vulnerabilities

WhatsApp certainly prides itself on being a secure app with its end-to-end encryption, and rightly so. However, the fact that it boasts millions of users still makes it a target for hackers who seek to carry out cyber attacks on large amounts of people. For these attackers, it’s a probability game; the more users they try to attack the more likely they will succeed.

Apple’s, iOS Messenger, has recently been exposed by cybersecurity experts. Though the vulnerability in that app is by no means a cause for great concern in itself, it shows that encrypted messaging apps are not impenetrable.

Ransomware

Who are these types of features usually aimed at? It’s possible that Whatsapp Status could be a ploy to encourage less tech-savvy users to cross over to more involving social media, like Facebook itself, after having tried out the new Whatsapp feature for the first time.

However, it’s safe to say that features like Status, Snapchat Stories and Instagram Stories are most popular amongst young kids who enjoy the ability to post weird and wonderful images that won’t be saved on a profile indefinitely.

Unfortunately, young people are also perhaps the most vulnerable to ransomware attacks.

The very fact that the posted statuses are less permanent leads some young people to post photos or videos that are more risqué in nature. Cybercriminals look for this kind of content online to lead vulnerable young people into paying a ransom, or carrying out undesired actions if they don’t want the content shared with the public. Caution is always advised when posting online.

Pirate “Complementary” Apps

When a new feature comes out like Whatsapp Status, there’s usually a huge buzz, and a frenzied search for new functionalities. This is something that cybercriminals try to take advantage of.

It’s important to be weary of new apps claiming to add functionalities to Whatsapp Status. This is specially the case with apps that “promise” they can bypass important functionalities. With apps like Instagram and Facebook, they usually claim they will allow you to see who’s looked at your profile. With Whatsapp Status it would be unsurprising to see some that claim to allow you to still see photos after the 24 hours have passed.

These apps are largely malicious and they draw people in by claiming to be able to bypass an integral functionality of the app. As you try to use the pirate app it could be loading ransomware onto your device. Don’t be drawn in by desires to byspass main functions of an app.

As the new WhatsApp Status feature is rolled out, more possible risks will likely come to the attention of users and cybersecurity experts. Though WhatsApp is a safe app, relatively speaking, it’s important to be careful what you post online and where. It’s not always completely clear who has access to the data.

The post 4 Cybersecurity Risks We’ll Face With WhatsApp Status appeared first on Panda Security Mediacenter.

Panda Security

Your Virtual Assistant Knows Quite a Lot about You

Leave a comment

http://www.pandasecurity.com/mediacenter/src/uploads/2017/02/google-home-3-100×100.jpg

“OK, Google.” With this simple voice command, the Google Home smart speaker sprung to life in a recent Super Bowl ad for Mountain View’s virtual assistant. To the surprise of many viewers, so did the Google Home in their own living room. OK, indeed. Just one more reminder that virtual assistants, capable of turning on lights or putting together playlists or making purchases online, are also spies in our very own homes.

In fact, their gift for listening in on conversations and keeping them on file can make them a good helper for solving crimes as well. The local police in a US town asked Amazon if it would allow them to access the information of an Amazon Echo. The smart speaker may have stored information that could help clear up some points of their ongoing investigation. Ultimately, such a device will record anything that happens if prompted, and we’ve seen that sometimes its owner is not the only one to wake it up from its dormant state (OK, Google…). So, it begs the question: how can you wipe its memory?

Deleting the memory of Alexa and Google Assistant

Alexa, the virtual assistant that only speaks English (for now), is the brain of the Amazon Echo. She will be the brain behind other products, as well, it seems. In the last Consumer Electronic Show, Lenovo presented an affordable device that works with Alexa, and Huawei will integrate it into its Mate 9 smartphones. In order to protect our privacy, it will come in handy to know how to delete the information they keep squirrelled away on their servers.

For Alexa, you can do it either from the app itself, available for Android and iOS, or from the website. It’s as simple as going to Settings, History. From there, you can select the files you wish to delete permanently (or the, um, evidence you wish to destroy). From the website the process is slightly different, but just as simple. Just go to the menu that allows you to manage your content and devices. From there, select the Amazon Echo and request to delete recordings.

The procedure is similar for deleting data from Google Assistant, the virtual assistant that for now is only available for Google Home, Android Wear, Google Allo, and the Google Pixel. From My Activity, the page that allows you to see an overview of your activity on Google’s various services, you can filter results to only see the data kept by your virtual assistant, or Voice and Audio services. Once there, you can either delete all the files at once, or just start clicking away and have a field day deleting them one by one.

In culling as much information on us as possible, the obvious goal of these virtual assistants is to offer more personalized services. But it’s nice to know that the dirt they have on you can be swept under the rug without any hassle.

The post Your Virtual Assistant Knows Quite a Lot about You appeared first on Panda Security Mediacenter.

Panda Security

Smart Meters Can be a Threat to Homes and Offices

Leave a comment

http://www.pandasecurity.com/mediacenter/src/uploads/2017/02/light-100×100.jpg

For some time now, a large majority of buildings have made use of smart meters to record their electrical consumption. Besides the potential impact on the electric bill, which some consumer groups have already denounced, the widespread adoption of this apparatus carries along with it some lesser known security risks.

As researcher Netanel Rubin explained during the last edition of the Chaos Communications Congress held in Hamburg, Germany, these meters pose a risk on several fronts. First, these devices record all household and office consumption data and send it to the power company. An attacker with access to the device could see its data and use it for malicious purposes.

For example, a thief could find out whether a house or office is empty in order to burgle it. And since all electronic devices leave a unique footprint on the power grid, such a thief could even analyze variables to find out what valuable devices they could potentially have at their fingertips upon entry.

A thief could find out whether a house is empty or not, and what valuable objects it contains

 

In a few years, when smart homes become more widely popular, the scenario could end up being even more serious. The attacker could actually enter the home or office without having to force the lock. If there is a smart lock installed, all they would need is access to the system to enter the house.

As serious as this is, smart meters are open to even more grievous lines of attack. As Rubin explained, meters are at a critical point in the power grid because of the large amount of voltage they receive and distribute. An incorrect line of code could cause serious damage. For example, an attacker who took control of the device could “cause it to literally explode” and start a fire, according to the researcher.

This is all pretty alarming.  But the biggest weakness of smart meters is in the way they communicate with each other and with power companies. Normally they do it through the GSM protocol, the standard of 2G communications for mobile networks. The insecurity of this protocol has been well demonstrated.

According to Rubin, some companies are not using any sort of encryption in such communications. Among those that do, weak algorithms or very simple passwords are sadly run-of-the-mill. You might just as well serve it up to attackers on a silver platter.

The fact of the matter is many of these devices are insecure by default. As Rubin points out, they do not have a CPU with enough power and memory to use strong encryption keys.

The post Smart Meters Can be a Threat to Homes and Offices appeared first on Panda Security Mediacenter.

Panda Security

The Dangers of Using an Old Android are Real for Everyone (Even the President)

Leave a comment

The presidency of Donald Trump kicked off with some controversy in the area of ​​cybersecurity. The NSA modified the BlackBerry of his predecessor, Barack Obama (who ended up having to part with it for security reasons), the new leader of the United States seems to be less concerned about the vulnerabilities of mobile devices and continues to use an old Android.

According to various reports, the real estate tycoon has a Samsung Galaxy S3 from 2012. The lack of caution on the part of the newly-inaugurated head of state holds a valuable lesson for any top manager of a company. Although Trump’s smartphone may not be the gateway to all the secrets of an entire nation, using a phone without proper security can be fatal to your company.

The main problem derived from the use of an old Android is the lack of updates. Although Google usually reacts quickly whenever a vulnerability is found in its operating system, security patches only come quickly to a few devices, including the company’s own Nexus.

Meanwhile, other smartphones, and especially older models, have to wait months until the patch arrives (if at all).

For this reason, to use an outdated phone in the corporate environment is to be exposed to all types of cyber threats. Everything from a phishing campaign to the installation of malware that takes advantage of an uncorrected vulnerability of the device.

That’s why it is essential to have the right protection and also to make sure that both the phone and its applications have the latest versions of the software installed.

That a cybercriminal can access the outdated telephone of someone in charge, be it the owner of a company or the leader of a country, can have more serious consequences than simply having access to the device itself. Through an unprotected smartphone, attackers could sneak into the networks to which the mobile is connected and steal valuable corporate information.

There are also known vulnerabilities that track what the phone’s owner is typing, take control of the camera, or listen through the device’s microphone. In short, it is too great a risk for the privacy of company data.

Private email should stay at home

Another lesson we can glean from recent US policy is that under no circumstances should a personal email account be used for professional matters. Hillary Clinton already made that mistake, and now Trump’s high-ranking officials seem to be following in her footsteps.

Using personal mail to send corporate information is risky indeed. Unlike corporate mail servers, whose protection is in in the hands of the company’s security department, the services that are usually used to send emails in the domestic sphere are beyond the control of the company.

This does not mean that they are unsafe, but ensuring the absolute privacy of corporate communications is impossible if those responsible for cybersecurity cannot control which accounts are used and how they are configured.

The post The Dangers of Using an Old Android are Real for Everyone (Even the President) appeared first on Panda Security Mediacenter.

Panda Security

Smart Cities and Open Data

Leave a comment

With the constant advancement of technology, we are already witnessing the phenomenon of smarter cities.

According to Anthony Mullen, research director at Gartner, the next couple of years will be crucial for smart cities and open data as people will continue to “increasingly use personal technology and social networks to organize their lives, and governments and businesses are growing their investments in technology infrastructure and governance.” Even though the term ‘smart city’ means different things to different people, generally cities are considered ‘smart’ when its citizens are benefiting from open data sources converted into solutions that ease people’s lives. The solutions are developed by government and private companies.

How do smart cities work?

There are all sorts of reporting devices placed around every town, as well as IoT devices, which communicate with each other. The information is then converted into a solution such as the ones that ease traffic or control traffic lights. To some extent, smart cities also rely on people who voluntarily share their data. To experience the benefits of a smart city, you may need to have a subscription or rely on data democracy, i.e. sharing your data with third party grants you access to the solutions they are offering.

Smart city examples

Have you noticed all the people texting or looking at their phones on your last trip to Europe? Yes, people are surely checking their Facebook feeds but what they also do is informing themselves when the next bus or train is going to arrive. Buses and trains are now connected to make public transport more predictable and decrease traffic congestion. London’s TFL, in particular, encourages app developers to integrate the open data that TFL is sharing to help the city circulate better.

The situation is similar in New York – imagine how helpful it would be if we knew when and where there would be parking slots available. Smart city perks are saving time and money to millions of folks every day, and the trend will continue to grow. Research firm Gartner claims that by 2019, fifty percent of citizens in million-people cities will benefit from smart city programs by knowingly sharing their personal data.

How to stay safe in a smart city?

Regular cities are going ‘smart’ because governments are making an effort to make your life easier. It surely helps knowing when your bus is going to arrive, and how to get from point A to point B avoiding traffic saving yourself some time and money. However, all these connected devices and the mass sharing of both usable and unusable data could be dangerous. Hackers are getting creative, and the safety of millions of connected devices has been compromised already.

Panda Antivirus software protects you from sharing more than you have to. In a recent report by a tech giant Hitachi, a staggering 95% of respondents rated the role of technology in ensuring public safety as ‘important’ or ‘very important.’ A smart city wouldn’t be smart if it is not safe.
Panda Security offers various solutions that will help you stay protected and remain smart even when you are not in a smart city. The more protected you are, the better.

The post Smart Cities and Open Data appeared first on Panda Security Mediacenter.

Panda Security

If You Use Autofill, You Might As Well Give Away Your Info For Free

Leave a comment

 

The autofill feature that many browsers offer is a useful time-saving tool that saves you from having to manually fill out forms with the same information every time. Programs include all the necessary information without the user having to go from one field to another to write information that is often repeated in most forms. However, what at first seems to have nothing but upsides for workers and individuals, does in fact carry with it some security risks.

Autofill can be used by cybercriminals to perpetrate phishing attacks in order to collect user data through hidden fields. When the Internet user allows the browser to fill in the form information, it would also fill in a number of spaces that the screen does not display. In this way, when the individual sends the document, she would also be sending her personal information to cybercriminals without realizing it.

Finnish developer Viljami Kuosmanen has revealed how such attacks work with a practical demonstration. He created a form in which only the fields “name” and “email” can be seen, along with a “send” button. However, the source code of the web page harbors some hidden secrets from the user: there are six other fields (phone, organization, address, postal code, city and country), which the browser also automatically populates if the user has activated the autofill function.

The method is a simple strategy to get all sorts of personal information that, according to Kuosmanen tests, can be used in both Chrome and Safari. Other browsers like Opera also offer the autofill feature and Mozilla Firefox is currently working to implement it.

Fortunately for users, it is possible to disable this option in the program settings without too much difficulty. Browsers have it activated by default without asking permission first, so the only way to turn it off is by taking a moment to change the setting manually.

This is a serious threat to the security of personal and corporate information and is difficult to detect because, unlike other types of attacks, the user does not see any links or other types of samples that might lead her to suspect anything is amiss.

It is therefore advisable to disable the option in your browser, even though this means that you’ll be spending a little more time filling out those pesky forms.

The post If You Use Autofill, You Might As Well Give Away Your Info For Free appeared first on Panda Security Mediacenter.

Panda Security

Compilation of PandaLabs Reports

Leave a comment

The following is a compilation of all past PandaLabs reports. It is a complete record of the cybersecurity lab’s highlights.

2016

Q1 Report Q2 Report Q3 Report Annual Report

2015

Q1 Report Q2 Report Q3 Report Annual Report

2014

Q1 Report Q2 Report Q3 Report Annual Report

2013

Q1 Report Q2 Report Q3 Report Annual Report

2012

Q1 Report Q2 Report Q3 Report Annual Report

2011

Q1 Report Q2 Report Q3 Report Annual Report

2010

Q1 Report Q2 Report Q3 Report Annual Report

 

The post Compilation of PandaLabs Reports appeared first on Panda Security Mediacenter.