Category Archives: Panda Security

Panda Security

Panda Security

WhatsApp: 6 scams you must pay attention to!

security on whatsapp

The success of WhatsApp has a downfall: while the instant messaging service reached 600 million active users last summer, the numbers of frauds emerging around the app are also growing steadily.

What are the most common scams in WhatsApp? What should we do so we don’t take the bait?

WhatsApp: 6 scams you must pay attention to!

  1. A fake invitation to WhatsApp voice calls

With the arrival of WhatsApp voice calls a new fraud has emerged. While millions of users are waiting for an invitation to access this new feature, cybercriminals are distributing the malware via a link, which automatically downloads the malware.

whatsapp voice calls

To avoid falling into the new WhatsApp fraud, you should keep in mind that voice calls are only available for Android phones.

  1. Frauds via browser

After WhatsApp launched their browser platform, fraudulent websites were created to steal your banking data.

This fake webpages use different types of scams:

  • Asking for the phone number of the gullible users and then, subscribing them to downloading premium services which charge special rates.
  • Making users download an application in their computers, but actually is a Trojan that will allow cybercriminals to obtain confidential information, such as banking information.

In this case, one thing to remember is that the only browser version of WhatsApp is free, and you don’t need to download anything to your computer to use it.

  1. How to disable the blue double check

Scammers also tried to take advantage of WhatsApp’s double check launch. Before the instant messaging service allowed disabling this feature, in social networks we could find advertisements of fraudulent services for getting rid of the darned double check.

doble check azul whatsapp

Getting some users to sign up for a premium SMS service without knowing it, which has a special rate. Remember: you can disable the double check feature from the app.

  1. WhatsApp Gold

The Spanish National Police and Civil Guard reported a couple of months ago the existence of a scam that can be expensive, actually, 36 euros per month.

The fraud starts with a message via social networks in which WhatsApp users are invited to click on a link to update their app to the inexistent Oro version (Gold version), including supposed new and exclusive features.  The link takes the user to a web page where, if he wants to use these improvements, he has to give his phone number.

In fact, all those who gave their number will subscribe to a premium SMS service: each text message that you receive will cost you 1.45 euros, until a maximum of 36.25 euro per month. If you ever cross paths with this message, remember there is only one official version of WhatsApp. Common sense is, as usual, your best ally.

  1. The fake voicemail of WhatsApp

In contrast to the ones before, this scam doesn’t take the advantage of a recently launched service, it just invents one. It starts when a user receives an email, in which they inform him that he has an unread voice message in the WhatsApp nonexistent voicemail.

When he hits “Play”, there is no message, but it downloads malicious software that the scammers introduce to your device. From that moment on, text messages with special rates or the theft of confidential information can cause the user a great deal of trouble. Remember: there is no WhatsApp voicemail.

  1. WhatsApp’s Spy

We are aware of the existence of WhatsApp Public, an application that allows you to spy your contacts in WhatsApp, but there is a scam that goes one step ahead and offers( with a similar name) a service which allows anyone to read conversations of others. But it is just another way of infecting with malware the gullible user’s phone.

whatsapp spy

Obviously, you can’t spy other people’s conversations and the only change it will bring it will come in your phone bill, which will increase considerably.

Remember that it is important to maintain your cellphone’s security. If you want, you can download free of charge our antivirus for Android.

The post WhatsApp: 6 scams you must pay attention to! appeared first on MediaCenter Panda Security.

Panda Security

A security breach has been detected in WordPress SEO by Yoast plugin!

wordpress

The search engine optimization, the well-known SEO, enables Google to show our webpage before than other hundreds of millions of sites. That’s the reason why editors of corporate and personal blogs worry so much about visibility.

If you use WordPress, you will probably have installed “WordPress SEO by Yoast”, the most famous plugin that handles this task and has over 14 million downloads. An essential tool for any blogger, it helps displaying the post’s keywords, a headline and intro making it easier for the search engine and the robot that index the sites to read.

If you have it too, you should know that it has recently been discovered some vulnerabilities, which could be exploited by any attacker to get into your blog.  If you are thinking right now about uninstalling or changing the passwords, because you can’t figure anything else to do, don’t worry: they have already solved the problem. Now, of course you will have to download an update soon!

Security expert Ryan Dewhurst warned about the issue a few days ago. He works for WPScan, an open source security tool that allows security professionals and web administrators evaluate the vulnerabilities of WordPress.

Dewhurst found that a cyber-attacker could break the database’ security and obtain confidential information through a SQL injection attack in version 1.7.4. (version 1.5.3. for those who paid the premium subscription).  In addition, all the previous versions were also vulnerable.

wordpress seo by yoast

The security gap, in the simplest terms, would allow querying the blog’s database, which would compromise the stored information (authors and subscribers usernames and passwords, for example). Even, the vulnerability could be used to infect the site’s visitors through some malware.

This plugin’ security experts resolved the issue within 90 minutes after realizing it. They patched the vulnerability and offer an update, version 1.7.4. which comes without this damn security gap and you can download it manually from their website.

The people in charge of “WordPress SEO by Yoast” thanked Dewhurst for publishing his findings and asked users to download this update as soon as possible in order to keep themselves safe.

In addition, there is a much more comfortable way for updating all the versions without having to be on the look. If you have already installed WordPress version 3.7., or higher, you can order your plugins to automatically install updates so you don’t have to worry about them. You can do it by using the “Advanced Automatic Updates” option.

The post A security breach has been detected in WordPress SEO by Yoast plugin! appeared first on MediaCenter Panda Security.

Panda Security

Caution! New SMS scam!

We have seen many scams involving text messages, the most recent one in Spain a few days ago; crooks sent innocent users this SMS…

sms scam

“Hello! What are you doing? You have forgotten about me, eh? Do you know who I am, or not? LOL… You didn’t answer to my SMS, uh?  Are you alright? XOXO (Answer WHO and …)”

This is what reads in the captured SMSs.

Have you received this type of text message?

This is happening in Spain, where the National Police has alerted in their Twitter account about these types of messages.

What is the criminal’s benefit? It’s an economic profit, evidently. How? There are two possibilities:

  • Subscription to SMS Premium services, which will increase your telephone bill.
  • Exchanging messages with a machine for hours, paying important amounts of money for each message.

So, if you receive a SMS like this on your cellphone, just ignore it! No acquaintance of yours would contact you like this.

Even if you are not in Spain, we advise you to be careful! You never know where the cybercriminals may strike again!

 

The post Caution! New SMS scam! appeared first on MediaCenter Panda Security.

Panda Security

How to withdraw money safely without a credit card

We have been warned many times, advised to hide the hand while dialing our secret number when withdrawing money from an ATM. However, cloning credit cards or phishing is a criminal offense that doesn’t require the cybercriminal’s physical presence to access numbering scheme, expiration date and CVC number.

The methods used by criminals include, fake emails from the alleged entity asking to change the passwords or enter the pin, or hacked POS terminals which transfer the customers banking information. Once duplicated, card can also become a commodity between criminals, dealing with them in an online black market.

Neither the traditional magnetic stripe nor the latest chip installations have managed to slow down cloning. This latest technology seemed promising: it generates a unique code for each transaction, which hinders fraud.

credit card

Nevertheless, security experts at Cambridge University demonstrated that data phones and ATMs fail when producing random numbers. Actually, it can be predicted applying the needed methods.

Banks are looking for alternatives to protect their customers from possible attacks. The latest idea is eliminate credit cards (if something creates problems, what a better solution than to wipe it away) and replace them with mobile phones. If we are already able make transactions with our smartphone, why wouldn’t we be able to withdraw money?

BMO Harris Bank, one of the subsidiaries of Bank of Montreal Canadian, has launched the biggest ATMs network that uses this new system. In order to use them you don’t need to remember any password, or cover your hand while dialing the pin with the other one.

smartphone

The entity’s customers only have to take out their mobile phone, download and register in to the banking application Mobile Cash. What follows it is nothing like the traditional method, of pressing the machine’s keys or the screen.

The app asks the user the amount he wants to withdraw and only saves the banking details during the communication with the ATM, where he must select the option Mobile Cash.

Then the machine generates a QR code, like the ones airlines or concerts halls use. Simply hold the smartphone so it reads the QR code and automatically orders the withdrawal.

bank app

Those who are for this system, maintain that it will speed up transactions and it ensures safety, since the mobile tool doesn’t store any banking information on your phone permanently.

A cybercriminal has to access your mobile phone and get the password you use in the banking application to freely manage the money in your account. Although some banks believe this is not an easy process, the issue may raise a number of concerns.

Every day we discover new cases of apps that without the user’s permission access certain personal data, information stored on other features and smartphones vulnerabilities and backdoors. How can an application guarantee complete security?

Withdrawing money through our smartphone is still not available worldwide. But when the possibility arrives we will have to analyze the possible consequences it may carry. Convenience and speed in transactions are not the only things that matters.

The post How to withdraw money safely without a credit card appeared first on MediaCenter Panda Security.

Panda Security

Do you use uTorrent? Careful with what it installs in your computer!

pc with torrents

If you love downloading things of the Internet, probably you know uTorrent, one of the most famous clients of BitTorrent, which allows us to download files quickly and free. In spite of the annoying banners that constantly accost users. There are many webs where you can check how to eliminate these sponsored advertisements.

Nevertheless, Bit Torrent, with 150 millions of users per month, suffered strong reviews in the last few days because of their latest update design. As one user explained in the uTorrent forums, they had installed new software, without warning him. He only realized it when he saw that his processor was consuming more resources than it should.

In this particular case, the program that sneaked into his computer was EpicScale, a mining bitcoins software. To those who don’t know how the Cryptocurrency works, mining is the process that replaces currency issuance. Users offer part of their computer resources for the community’s benefit and then obtain some cryptocoins.

uTorrent

After the first message, many more users protested, ensuring that EpicScale was installed on their computers without them knowing it. Bit Torrent, uTorrent’s parent company, confirmed the service’s inclusion in the last update, but assures the users were notified. “We have reviewed the issue closely and can confirm there is no silent install happening…. Most likely these users accepted the offer during install,” the company explained.

Therefore, or users are mistaken or there is a lack of transparency in the system. After revising the whole process experts at Trusted Reviews concluded that because the system design, users were misinformed. Now, they don’t dismiss that the problem may be due to a faulty installation. So if you are uTorrent user check if it has also installed EpicScale and, if you want, remove it so it stops consuming your computers resources.

Some users stated that they couldn’t uninstall the program completely with the Control Panel feature “Add/ Remove Programs” nor erasing the program’s data. One of the recommendations already spreading through the Internet is to uninstall EpicScale with the help of CCleaner.

bitcoins

Another option is logically stop using uTorrent. Torrent Freak has already included a list of ten possible alternatives that you can use if you want to abandon this P2P client and continue downloading “torrents” safely: qBittorrent, BitTornado, Vuze or Tribler are some of the options available to continue downloading.

What can we draw from this? It is always advisable to read carefully all the steps in the installation wizard, just in case anyone tries to sneak a service partner, to consume your resources or for other purposes.

The post Do you use uTorrent? Careful with what it installs in your computer! appeared first on MediaCenter Panda Security.

Panda Security

How can we protect schools?

Protecting children online is one of parents’ biggest concerns. But have we stopped to think that is not only our computers at home that need protection? Kids also use computers at school.

frightened boy

In order to protect them, schools must have a centralized management solution that manages security and protects all their computers. This solution should be applied not only in schools but in study centers and colleges also.

It is also becomes a great help facilitating students access to new technological tools and teachers to increase their teaching quality.

How to protect schools with Panda Cloud Fusion?

  1. Train your staff: teachers and educators should be the first to know how to protect the centers network. They must ensure that students use the Internet safely and react in case of emergency.
  2. Control the access to areas with computers and other connected devices.
  3. System centralized management: it is quite common that schools do not have large IT departments, so the system must be easy to manage.
  4. Remove security breaches with a protection system which includes: control network access and identity management features.

The post How can we protect schools? appeared first on MediaCenter Panda Security.

Panda Security

CSI: Cyber. A Fake Cyber Security TV Series?

csi

It was bound to happen. The latest episode in the popular CSI series had all the ingredients to be not very faithful to reality. If we already far from credible elements in the versions of Las Vegas, Miami, and New York, what can we expect from ‘CSI: Cyber’?

In this occasion, the characters are part of the FBI’s Cyber Crimes Division.

The series premiered on March 4, 2015 on USA, and a day later worldwide. The team, led by Oscar winner Patricia Arquette, work to solve computer-related cases.

The relationship between the franchise CSI and technology has never been good. After fifteen years of fiction, they still surprise us with some of the techniques used to solve crimes. Just think how do they are able to expand images and still get spectacular resolution, which in real life would be magical.

But introducing cybersecurity elements into CSI’s typical plot hasn’t improved things. As some experts in the subject had suspected, the series has enough details to pull our hairs out, and it is not very useful if you want to learn something about cybersecurity.

Just by watching the pilot episode we can verify how much ‘CSI: Cyber‘ distorts the industry reality. Spoiler alert: from here on, there might be some spoilers of the first episode!

In one of the scenes we can see two of the experts analyzing the code searching for something suspicious, and how they find it right away. No wonders: The code is written in green over a black screen except where the malware is (barely) hidden, that is in written in red.

In addition, everything happens at tremendous speed. They are able to discover the hacking of a baby monitor based on vulnerability in the manufacturer source code in just half an hour.

As if that wasn’t enough, cybercriminals have brilliant minds, and also, twisted. In the first chapter, they create such a complex encryption key that in order to remember it they had it tattooed! Typical, isn’t it?

This first chapter is peppered with many other details that drag computer security experts through the mud. For starters, the FBI’s Cyber Crimes Division is led by a psychologist (Patricia Arquette) who hunts cybercriminals driven by one bad experience she had years back.. Maybe no expert in this matter was able to lead this Division…

It is true that we have still the whole season to finally find out if ‘CSI: Cyber‘ deals with cyber security in a more realistic way than in the first episode. In the first episode the experts manage to geo-locate the suspects through just an IP address (something that maybe a good cybercriminal won’t allow), or hacking an Xbox, what else awaits us?

Something that we can actually learn from the series is the Internet of Things, something so useful that helps us monitor every aspect of our live, also carries certain risks. As soon as something is connected to the network, it is potentially vulnerable. Anything: your baby monitor, your home’s thermostat or your toothbrush.

The post CSI: Cyber. A Fake Cyber Security TV Series? appeared first on MediaCenter Panda Security.

Panda Security

WhatsApp calls available for Android!

whatsapp phone

Waiting is over! Calls via WhatsApp are available for Android users, but just for some users and only if they have the latest version installed. These calls can be made with an app beta version and also with the 2.12.5 update, launched already in Google Play.

Nevertheless, if you are an Android user and meet these requirements, but still aren’t able to use it, don’t despair. As before, WhatsApp hasn’t deployed it automatically yet.

How can you activate the calls in WhatsApp? For example, if you get a call from one of your contacts that already has it activated!

If not, just a bit of patience, and wait for your turn! Meanwhile, don’t fall for scams!

And if you want to protect your phone, download now our free Android antivirus.

The post WhatsApp calls available for Android! appeared first on MediaCenter Panda Security.

Panda Security

The Future Of Internet Dating – Infographic

the future of internet dating r5

The Future Of Internet Dating

The year is 2031. Internet dating is to thank (or blame) for a projected 50% of relationships globally.

Smart phones and tablets replaced quills and love-letters long ago. Things move fast.

The world is a jungle of off-the-shelf love, mixed intentions, tactical selfies and clinical alliances.

Vicious creatures wait to ambush you – technologically and romantically – on your way through the online dating undergrowth.

Who can you trust? Where will you be safe? How can you attempt to build your survival hut and thrive in these wild times?

You have delicate information that needs to be kept safe, protected, discreet and available only to those you choose. Those happy few.

Turn to the king of this new-age jungle.

Panda Security. Stay Protected

If you want to share this infographic, here it’s the code!

The post The Future Of Internet Dating – Infographic appeared first on MediaCenter Panda Security.

Panda Security

Hacking Hollande, Merkel and Cameron’s eyes through their photos in Google

eye

In Origins, a movie released last year, appears a worldwide biometric signature file different to the fingerprint’s one; an iris readings record. Although this disturbing reality is still unthinkable, there have been many steps in incorporating eye scanners as a method of personal identification.

This technology is already being used in some companies to control their employees’ entrance and exit, as well as in corporations with strict security measures. But, its daily use is getting closer. Mobile phones manufacturers like Samsung, Nokia and Fujitsu have announced that their upcoming models will have an iris scanner among its features.

Maybe in the future it would be enough to peer at the screen to unlock your mobile phone or access some of its features. If so, you’d better check the pictures you upload on the Internet. Jan Krissler, expert in computer security for Telekom Innovation Laboratories, proved that some of these biometric systems can be evaded simply using snapshots taken from Google Images.

Krissler had previously exposed the vulnerabilities of fingerprint readers. In December he copied none other than the German’s defense minister, Ursula Von der Leyen

eye scanner

On that occasion he used the Verifinger recognition program to read Von der Leyen’s fingerprint, that he had photographed himself in a public event. Then he printed the result on a transparent surface, applied latex and there it was a fingerprint clone! However, he wasn’t been able to do further verification or testing.

This time, Krissler claimed he can do something similar with eye scanners without using his own camera. As we mentioned, you just need to search with certain premises in Google Images. The first one is that the target’s eyes must have enough brightness, as the researcher used a system based on infrared light, Panasonic’s Authenticam BM-ET200 which is one of the most extended technologies.

You also need a high quality image; size and clarity are important, to a certain point. In his tests he succeeded to use iris with diameters that did not exceed 75 pixels. It’s easier to deceive an eye scanner than a fingerprint reader, you don’t even have to make a clone, just print the picture and show it to the device, and it will mix it up with the real one.

Surely we all have a picture with these qualities, but it will never surpass the amount there is of any famous person, including politicians. Just type Barack Obama or François Hollande on Google and thousands of snapshots will emerge, of all sizes and shapes.

angela merkel

Krissler searched the faces of Vladimir Putin, Hillary Clinton, and David Cameron among others, before choosing Angela’s Merkel to carry out his verification. He chose an iris with a 175 diameter of the German Chancellor which Panasonic’s scanner recognize without a problem.

However, in an actual attack, the process wouldn’t end here, and the remaining steps are complicated. Accessing the biometric readers which Merkel or other politicians would use is not as simple as getting their picture.

Furthermore, although Fujitsu’s technology is also based on infrared light there are other methods, and there is the possibility to apply protection filters to the pictures. Despite these obstacles and reservations, Krissler wants his findings to be a warning to manufactures so they implement safety measures to future developments and to future users so they watch what they post, never better said!

The post Hacking Hollande, Merkel and Cameron’s eyes through their photos in Google appeared first on MediaCenter Panda Security.