Category Archives: Panda Security

Panda Security

Panda Security

How to reduce spam in almost 40%: Follow Canada’s example

mailbox

It was the year 2004 and Bill Gates dared to predict the spam’s death was near. According to him, in only two years spam wouldn’t be a problem. In 2006 nothing had changed.

Eleven years after that failed prediction, spam continues to flood daily our inbox, with huge amounts of emails in unknown languages with commercial information we hadn’t request.

However, someone somewhere is fighting against this intrusion, and surprisingly, they are winning the battle. We are talking about Canada, where they are trying to eradicate spam by means of law.

In July it will be a year since the Canada’s Anti-Spam Legislation (CASL) came into force and its results have been more that positive: according to a report, in the last ten months the spam received by Canadian Internet Users dropped 37%.

In fact, data go far beyond: the total of the emails received monthly by Canadian users has also dropped (29%) due to the spam reduction.

Canada

However, the problem is far from being solved. The CASL fight directly against spam sent from Canada, but can’t do anything when the sender is from another country. We are not talking about the Nigerian prince or Russian gold-diggers; 53% of the spam that Canadians receive actually comes from the United States.

A law to put an end to spam

For fighting against spam the CASL created three requirements about sending commercial emails and imposing hefty fines to any person or company that fails to comply these regulations:

  1. ‘You must have express or implied consent to send a commercial electronic message’.
  2. ‘You must clearly identify yourself and the business or organization sending the commercial electronic message’.
  3. ‘You must include an Unsubscribe mechanism on every commercial electronic message sent’.

Canadian companies that don’t strictly follow these criteria could receive a fine, as has already Compu-Finder, a company that received 26% of spam complaints, was fined for 1 million Canadian dollars (700.000 euros).

Canada has made it clear that there are things that can be done to clean Internet users’ inbox, but also, that without a global legislation the problem will never end.

The post How to reduce spam in almost 40%: Follow Canada’s example appeared first on MediaCenter Panda Security.

Panda Security

Seven things your kids shouldn’t do online

Online Children

It’s not unusual nowadays to hear people say that if you want to know how to operate any technical device, ask a child, and they’re not kidding! Computers, tablets or smartphones with Internet access are all a part of children’s lives and kids seemingly take to the digital world likes ducks to water.

Such access to technology and the Internet from such an early age means parents now have to control not only what kids watch on TV, but also the content they can be exposed to over the Web.

The Internet offers so many positive things for children but it can also leave them unprotected against threats or even dangerous people.

Seven things your kids shouldn’t do online

1. Talk to strangers

Kids Talk to Strangers

Social networks, WhatsApp… there are now many channels through which strangers can contact your children. The naivety of children often means they aren’t aware of where danger can be lurking. The anonymity afforded by the Internet is almost more dangerous than in real life.

2. Share personal information

Many of the things we do on the Internet involve sharing, in one way or another, confidential information. Adults tend to be far more aware of what data they can reveal than children are. You should talk with your children and make them aware of the dangers of providing certain information online.

3. Play without time limits

Almost all children want to download games to keep themselves amused and to have new challenges. In theory, this doesn’t become a problem until they end up spending all their free time doing it. This can affect their relationship with their environment and with other children of their age and they can ignore other responsibilities in order to keep playing. What do we recommend? Set a time limit for everything.

4. Having a profile in Social Networks

Facebook, Tuenti, Twitter, Ask.Fm, Instagram… Nowadays, there are multiple platforms in which children would like to be present, but is it recommended? The age at which someone can have an account depends on the platform. Find out more about it when talking to your child about this, and most importantly, control the privacy of their information once they have logged in.

5. Download inappropriate apps

Google Play and Apple Store offer thousands of apps, many of which are designed to make our everyday lives easier, but it is essential to know exactly what you are downloading and what information you give to and receive from these apps. Not all download sources are safe or trustworthy. Even within Google Play there are malicious apps that subscribe you to premium-rate SMS services or install other programs without your consent. Tell your children to ask your permission before downloading an app and find about it yourself first.

6. Enter websites with inappropriate content for children

Frightened-child

Deliberately or not, children may visit websites with content that is ill-suited for their age group. In many cases, just checking the browser history on the computer, tablet or smartphone is not enough. Parental control features let you decide the websites that kids can visit and block those that are inappropriate.

7. Believe they’ve won something

We all receive constant invitations to take part in a prize draw or even messages claiming that we have won some fantastic prize. In order to claim the prize, you are almost always asked to provide some personal information. It’s important to teach children that nobody is going to give them a latest generation smartphone just because they send in their personal data.

8. Suffer cyber-bullying

Given the seriousness of these attacks, children often hide the truth about cyber-bullying from their own parents. Cyber-bullying is bullying among children but carried out across the Web. It is carried out by people from the child’s environment, so it’s important to observe their reactions when using the Internet or interacting with other children on social networks. This way you can detect if there is anything wrong or if their behavior changes.

The post Seven things your kids shouldn’t do online appeared first on MediaCenter Panda Security.

Panda Security

‘Macro virus’ are back: threats of the past that will haunt us in the future

virus

Maybe you don’t remember, but in 1999 Melissa was an extremely popular name within cybersecurity. This cyber virus infected more than 100.000 computers in only three days. It was a macro type malware, that is, a virus that hid the malicious source code in an Office document programming. When the user opened a Word or Excel document containing Melissa, it quickly infected all the Microsoft Office products. Its propagation speed broke records.

Almost 20 years after, ‘macro virus’ are becoming again a worldwide plague. Microsoft has confirmed this trend, and according to the company, there are more than half a million computers infected, especially in the United States, United Kingdom, France, Italy or Germany.

Cybercriminals have realized that the most simple and traditional methods continue working, and therefore, they try infecting computers through Word with these simple virus. “In the past couple of months, we have observed the resurgence of malicious VBA macros (programmed in Visual Basic for Applications),” said security expert Gabor Szappanos in a recent study entitled ‘Virus is not dead’. “This time, not self-replicating virus, but simple downloader Trojan codes”.

Office 2007 repelled a great extent of these virus- macros were disabled in the configuration by default- but attackers found new ways of spreading the virus. This Hungarian researcher has studied how the virus creators rely on an external attack vector: our own behavior. “They prepared the content of the documents in such a way that it would lure the recipient into enabling the execution of macros, and thus open the door for infection”, explains Szappanos. The user opens the document, enables the macros as directed and the virus begins to roam freely.

computer with padlock

The point is that every day we receive dozens of emails with potentially dangerous attachments. Although we are aware that clicking ‘run’ on an ‘.exe’ file can be risky, we don’t stop to think it when an Office document asks us to enable our macros. We just accept it without thinking about the consequences.

The macro virus come-back reveals that neither the sophistication nor the novelty are the most important factors when quickly spreading malware. They just need a naive user to willingly open a document from an unknown sender.

The fact is that we hardly ever stop to think why someone would want us to download an attachment. We just open it, despite the risks to our safety. Now, we will have to think it twice.

The post ‘Macro virus’ are back: threats of the past that will haunt us in the future appeared first on MediaCenter Panda Security.

Panda Security

Panda Security audits the risk level of applications and users

Panda Security today announced the launch of Panda Audit Service, a new audit service to detect vulnerable applications, users and computers at risk, Advanced Persistent Threats (APTs) and targeted attacks. The service is deployed across the network in a matter of minutes, with no need for configuration changes, additional server infrastructure or databases to start the audit.

In short, Panda Audit Service provides real-time monitoring of all applications running on endpoints, performing analyses in cloud and Big Data environments to detect and neutralize any type of threat.

audit service, threat

Complete visibility into all running applications

Panda Security’s new solution provides complete visibility into the applications running on the network, showing the origin and location of any running process. This way, users will know at all times who and when accesses their computers’ files and folders.

“Panda Audit Service tracks and monitors all applications running in an organization. It provides granular control and monitoring of all applications running on endpoints, ensuring customers’ security and peace of mind”, said Josu Franco, VP Business Development at Panda Security.

Additionally, Panda Audit Service generates real-time comprehensive reports on network activity, offering specific recommendations to take preventive action.

Identification of advanced threats and system vulnerabilities

Data theft has become the number one objective of targeted attacks and advanced threats to the point that any company may fall victim to a data breach. Modern-day attacks are increasingly complex and sophisticated, and in some cases traditional antivirus solutions are unable to even detect them.

“Panda Audit Service sees what others do not. It detects any attempt to access data and performs forensic analyses of the actions taken by malware.  Thanks to its continuous monitoring of the network, the service detects threats and identifies system vulnerabilities immediately”, explained Franco.

The post Panda Security audits the risk level of applications and users appeared first on MediaCenter Panda Security.

Panda Security

Fusion: Cloud Security, Management and Support for your IT network

You know Fusion is an integrated solution that provides security, management and remote support for all devices on your IT network.

Why Fusion?

  • Because you will not require any additional infrastructure to centrally manage all your customers end points, smartphones and tablets. The solution is 100% cloud hosted.
  • Because it offers maximum protection against malware thanks to Collective Intelligence and anti-exploit technologies against unknown threats.
  • Because it reduces costs through optimization of your IT infrastructure, automation of management tasks and centralized control.
  • Because it provides an optimal support experience to your end users, through proactive problem resolution and remote, non-disruptive access to their devices, wherever they are.

Try Fusion! The global solution to manage your company’s security and IT infrastructure!

The post Fusion: Cloud Security, Management and Support for your IT network appeared first on MediaCenter Panda Security.

Panda Security

Security challenges in the digital era

security

The boom in information technology has led to a transformation which has been increasing in recent years due to the widespread adoption of Internet and mobile devices. Individuals and companies are all are imbued with ‘digital life’, which now defines the way we act, buy, work… the way we live. This reality has also marked a before and after in another sector:  that of information security which is becoming more complex every day.

According to IDC, companies are becoming increasingly aware of the risks in the market – from an infection caused by one of the many existing malwares, now spread to any platform and device, to a persistent advanced threat – and almost 50 percent of the companies in Europe (45 percent to be exact) increased their security budgets in 2014. In fact, Spain is the third country in Europe where more companies have increased their investment in this area, just behind the United Kingdom and Germany. Moreover, according to Gartner, another major IT consultant, the fear of suffering targeted cyber-attacks is what is encouraging 40 percent of the largest companies to make far-reaching plans for 2018 to defend themselves against these risks. Plans which they currently lack and which go far beyond preventive controls such as firewalls, traditional antivirus and vulnerability management, and which follow a more global and integrated control of all security areas.

In this context, the way of buying and selling security has also changed radically. According to independent analysts in the ICT sector, companies no longer sell only security, which is just the necessary lever to sell anything related to technology: cloud, big data, Internet of Things, mobility… Let’s say security has become a ‘building block’ for almost every aspect. In fact, these macrotrends carry the most sophisticated formulas for information security. For example, big data and analytics allow behaviors to be modeled in order to prevent attacks.

More sophisticated and intelligent solutions offered as a service

In general, the market trend is to offer as a service the most sophisticated and intelligent security solutions.  Advanced security services, managed and based on the cloud system, are on the rise. As it is no longer possible to put up walls as in the past, we now have to protect companies from below, from the processor itself to the highest levels. In this new approach security must be seen as a more global concept which includes more aspects from communications to storage, passing through many more elements. The key to this more complex world is, on the one hand, that security is immersed in a complete cloud solution, and on the other, that it includes different capacities in order to provide a more comprehensive service.

The price of being safe

 With this more complex scenario with “the ‘baddies’ becoming increasingly ‘badder’ and smarter”, with the proliferation of more sophisticated attacks with different formats making them more difficult to stop, will companies have to invest more money to be safe? The answer is ‘no’. In fact prices have dropped in recent years, especially since the boom of the cloud based system. What happens is that now companies have to protect themselves against more threats. There is a new range of risks and this is why investments in security are becoming increasingly higher.

Obviously, the investment made by large corporations is still higher than that made by the smaller companies.  But at least, it seems that they are all starting to be aware that an attack can cost them a lot of money and can damage their image.  How they deal with it is another matter, but the awareness is there, and also at the highest level within the companies. Moreover, news about security is one of the few subjects in the IT world which makes the headlines in newspapers around the world. Still, as we said, SMB’s are the most vulnerable.  Unfortunately they are generally the least prepared and the main victims of many attacks.

With the Internet of Things the risks can be limitless

Another major risk looming on the horizon in this new digital scenario derives from the so-called ‘Internet of Things’. Given the growing proliferation of all kinds of sensors and gadgets such as the popular wearables, devices which we will all wear in the near future like watches or smart glasses  (many people already do this), and the unstoppable advance of the smartphone, the risks will constantly increase. The Internet of Things means bringing the digital into the physical world, and this will lead to endless security risks. Undoubtedly, with this trend there are many challenges ahead to overcome, not only with regard to safety, but also privacy, complying with the regulations, etc. Therefore, the Internet of Things makes the current situation even more complex, opening up at the same time interesting business opportunities which we should all exploit to the full.

The post Security challenges in the digital era appeared first on MediaCenter Panda Security.

Panda Security

A JPEG may jeopardize your company’s network

smartphone taking picture

We daily capture them on our phones. We have dozens of them stored on our computers. We share them on social networks and we love to see those of others. We are talking about the images in JPEG format, the most used one because when compressed the pictures don’t lose much quality. Indispensables, and yet, could be the tool used by a cybercriminal to access any corporate or institution network.

This was proven by security expert Marcus Murray, who researched a new way a cyber-attacker could exploit a malicious JPEG to compromise Windows servers and access any company’s sensitive information.

The researcher demonstrated how someone could performed this attack during the RSA Conference in San Francisco, an event that gathers dozens of experts in computer security every year. Murray implemented a ‘demo’ to compromise a similar security network to any US government agency network.

upload picture

Murray changed the attributes or metadata that any JPEG file stores including in it a malicious code. Then he got this image to infect the corporate network. How did he do it? By a form that allowed users to upload a profile picture to the alleged government agency web page. Once inside, the file became a gateway for the attacker.

Thanks to the malicious JPEG, the cyber-criminal’s administration permissions over the network grew more and more, reaching a point at which he could steal sensitive information or even take control over the network.

The rest of the process is simpler: the criminal only has to exploit his advantage to install malicious software that infects the computers to spy the corporation or steal confidential information. According to Murray, this attack can be performed in “even mixed environments” with Windows and Linux.

secure pc

On the conference in San Francisco, he showed how to introduce a remotely accessed Trojan he created using Metasploit, the popular open source project that allows trying different kinds of attacks as part of a ‘pentest’ (penetration test).

That’s how he prove that only with a picture you can access any company’s network and steal their confidential information, without the employees realizing the damage a file so seemingly harmless could make.

The post A JPEG may jeopardize your company’s network appeared first on MediaCenter Panda Security.

Panda Security

Virus in the name of WhatsApp! Now via email!

whatsapp for pc

Profits are not the only thing brought by the voice calls in WhatsApp. We are sure that some of you are also worried about this.

According to RedesZone, this new service has reactivated, and made more believable, an old scam. Do you want to know how does it work? We will tell you! If you wonder how it works, keep reading…

  • You receive an email which informs you that you have a pending voice message, supposedly/technically from a friend/ one of your contacts.
  • If we want to listen to it, we just have to click on the “autoplay” button in the email.

whatsapp voice message

 

If there was any doubt, you are not downloading a voice message, instead you are downloading malware.

That’s why, so you don’t fall for this kind of scams, you should take this into account:

  • WhatsApp doesn’t send notifications for pending messages.
  • If we look closely to the sender’s address: [email protected], we will see it doesn’t have to do anything with WhatsApp.
  • The application won’t never refer to itself as Whats App.

The best thing you can do is just ignore these emails and install in your computer the best antivirus, which will block the malware in your computer.

The post Virus in the name of WhatsApp! Now via email! appeared first on MediaCenter Panda Security.

Panda Security

Russian models that fall in love with you… it’s a scam!

I want to chat with you” if you have received an email with this subject, or something similar, with the picture of a beautiful Miss Russia, just ignore it! She is not contacting you because she has fallen deeply in love with you.

The Spanish Internet User Security Office and the Spanish Civil Guard have warned about these scams, because as you might think their only purpose is to take all your money.

email scam

The Spanish Civil Guard warns via their Twitter account: Yes, we know that they are all crazy about you… but then they will ask you for money to come #SCAM

If you have already made some sort of contact, it is possible that they have already asked you for money so they can come to visit you, so you can finally meet in person,

In this case we recommend:

  • Don’t send money to anyone.
  • Stop all communications.

Spanish National Police warns us through their Twitter account about other kinds of scams similar to this one.

policia tuit fraude

As the tweet above says: someone answers to your add in which you are looking for concert tickets, a home for renting, etc. and they ask you for a deposit. Watch out, possible scam! Don’t take the bait!

Don’t fall for it!

The post Russian models that fall in love with you… it’s a scam! appeared first on MediaCenter Panda Security.

Panda Security

Your likes in Facebook can be the passwords of the future

smartphone keyboard

Do you remember, who was the last person you spoke on the phone with? And the first one you sent a WhatsApp message this morning? If the answer is yes, you might want to change your usual passwords for the answers to this questions.

Do you imagine your passwords changing depending on your last ‘Like’ in Facebook? Anything you have done with your smartphone or your computer during the last few hours can be used as a password by ActivPass. A system developed by researchers of the universities of Illinois and Texas and the Indian Institute of Technology Kharagpur, in India.

These researchers have developed a new method of authentication to unlock applications for which users had to answer correctly questions about recently completed actions. Something that it has proven to be possible, despite of what our absent minds might think. In fact, those who took part in this study answer correctly 95 percent of the questions.

ActivPass could be a possible solution to the many times a user forgets his password and clicks on “forgot your password”. In fact, they hope to reduce the amount of passwords we have to remember thanks to their tool, as the questions will be about recent topics and will change overnight.

forgot-password

They first thought of it as an evolution to the questions about our past which are already used as security measures in many platforms. Questions like: “What was your first pet’s name?” or “What was the first name of your favorite teacher?”

“Whenever there’s something you and your phone share and no one else knows, that’s a secret, and that can be used as a key” says professor Choudhury, University of Illinois. However, this new security method is not foolproof yet. Still raises some unknowns, like what would happen if a long period of time passes and the user can’t remember what he did last time.

Researchers are working to improve it, but for now they just conceive it as a part of a user’s authentication on a platform. Also, during the firsts test they found other disadvantages. Those who volunteered to take part in the tests not only had a high percentage of success in the questions about their own activities, but also were able to answer question about other people less than 6 percent of the time, which is quite disturbing.

forgot password

As the research conducted by Jason Hong, a professor at Carnegie Mellon University, demonstrated the percentage of users correctly answering questions about other people is low.

So, despite of having to fix some details, it doesn’t seem far away when we will use a system like ActivPass instead of standard passwords. An option that is gaining popularity among platforms where you can share content with our friends and family. If, for example, you were to be subscribed to Wuaki.tv, you can give access to your cousin one night without having to worry about changing the password the next day. The password will change depending on what we have done that day, something our cousin would not know, unless you told him.

Passwords that change every day. A method of discouraging those who want to access others accounts, but also a challenge to the absentminded. Would we be able to remember the first thing we did with our phone?

The post Your likes in Facebook can be the passwords of the future appeared first on MediaCenter Panda Security.