Category Archives: Panda Security

Panda Security

Panda Security

#XMASPANDA contest winners!

Christmas contest

We finally can communicate our #XMASPANDA contest winners.

If you are one of our Twitter winners, send us a Direct Message. Then if you are the one from Facebook , you can send us a Private Message too.

We need the following details:

  1. Name
  2. Address
  3. Mobile Phone
  4. Email Address

Panda Mobile Security License

  • Ramon Jarque Anton
  • Diana de Felipe Tenorio
  • Adrian Aguilera Quesada
  • Robert Mcdonald
  • Liz Schneider
  • Carol Foxx
  • Rob Diggle
  • Aleksey Apasov
  • Tomas Domingo Catalan
  • Francisco Dominguez Moreno
  • @javiermargarit
  • @nabil_freedom
  • @markes5d
  • @glenhilts
  • @p_sandhal
  • @_utdfan
  • @mnvikes40
  • @cathleen_ming
  • @avenue25
  • @hilbournetony

Panda Security Cup

  • Jesús Montes
  • Oscar Luis Maiso Pavia
  • David Escobar
  • Gayle L Johnson
  • Paulo Bispo
  • Iñaky Aion
  • Conceiçäo Carvalho
  • Victor Jiménez Rodríguez
  • Jamie RollerGirl Garland
  • Lisa Middleton
  • Joey Harden
  • @mariasedeo1
  • @travellermind1
  • @tannis91
  • @novairt
  • @ilorcisoft
  • @fabin_ferreira
  • @fer_cantillo
  • @iwantyourstuff
  • @dlrcorn

Panda Security Headphones

  • Ele Velasco Sastre
  • Carlos Martinez Rivero
  • Tina Loucks
  • Christine Gordon
  • Brad Belden
  • @carlosdefuentes
  • @elgrangeniofamy
  • @ybarralde
  • @aprilhaddock
  • @gasteiztarrabat

Thanks for taking part of our Christmas contest! :)

The post #XMASPANDA contest winners! appeared first on MediaCenter Panda Security.

Panda Security

Be careful if you use Linux in your company: It is not immune

linux malware

The most common open operating systems are often seen, and not without its reasons, as a good option for companies. Unlike Windows, installation is free or costs very little and they do not need constant upgrading.

Another benefit is security. Viruses often target Windows computers and there is no place for them on devices running this software. Therefore, many IT departments choose open operating systems. However, despite their many strong points, they are not immune (if anyone thought otherwise).

2014 was not a good year for Linux. During the year, different types of malware and vulnerabilities affecting this software were detected, ending its reputation as unbreachable and giving its followers something else to worry about; from now on, they will have to pay more attention to the security of their computers.

Linux

One of these concerns comes in the form of Turla, malicious software that is also known as Snake or Ouroboros. It is believed to have come from Russia but it has been infecting Windows computers worldwide for years. Recently, a version of this Trojan targeting Linux was also detected.

Turla uses a backdoor to give cyber-criminals access to the computer, as if they were just another user, without needing to use the ‘root’ account (the account that has all rights and permissions). As a result, the restrictions that the operating system puts on this type of entry are bypassed.

Home users, in principle, do not need to worry, but the same does not apply to companies. Those who use the aforementioned malware usually do so for corporate espionage or surveillance, not for stealing credit card numbers.

In addition, X.org, a server on which open-source graphic interfaces can be run (including Linux), is also vulnerable. Several vulnerabilities have been published that make its users an easy target for cybercriminals.

Another security flaw that has been on the operating system for years is Shellshock, which does not affect Windows. The bug lies in the program that parses the open software commands (Bash). When a Linux device connects to an insecure Wi-Fi network, this window allows a Trojan to get into the device without any problems. Fortunately, the security patches released have fixed the hole.

But security flaws and malware are not the only headaches of open operating system users. It is not always easy to get the security patches prepared by developers. Whereas access to modifications to search engines and other important programs is guaranteed, the same does not occur with other components.

Linux-firefox

An example is what happened with Owncloud, an application for storing files online in open format (an alternative to the well-known Dropbox). When installed under Ubuntu, one of the most popular Linux distributions, it did not execute any security updates. The developer had stopped working on the tool, leaving it at the mercy of cyber-criminals.

Something similar happens with other open-source programs that are not widely used or distributed, such as the user interface Manjaro, which has not received any security modification for a long time either.

Do you use Linux at home or on your computer at work?

The post Be careful if you use Linux in your company: It is not immune appeared first on MediaCenter Panda Security.

Panda Security

Who are the Guardians of Peace? A new hacker group is on the loose

Are you familiar with the name ‘Guardians of Peace’? This is a new hacker group that has been gaining notoriety over the last few weeks.

Everything began when the hacking group sent Sony a disturbing message threatening the company with leaking large amounts of confidential data unless a series of requests were met.

guardians of peace

Shortly after this, the Guardians of Peace started publishing all sorts of documents, files and confidential data belonging to Sony. Unreleased movies, information about executive salaries, emails from the company’s lawyers, employee workplace complaints, movie scripts and even the phone numbers of Hollywood celebrities were among the nearly 100 terabytes of data stolen by the hacker collective through a piece of malware called Destover.

The mystery has since grown larger…  Who is behind the Sony attack? Who are the so-called Guardians of Peace and what’s their reason for attacking Sony?

North Korea, prime suspect of the attack

US authorities believe the attacks originated from North Korea. One of the group’s demands was the cancellation of the planned release of the film ‘The Interview‘, a comedy about a plot to assassinate North Korean leader Kim Jong-un.

However, North Korea has repeatedly denied any involvement in the hack attack, and the Guardians of Peace have posted new messages mocking the FBI’s investigation.

Various theories are emerging surrounding the attack. Despite North Korea is still the prime suspect, there is also speculation linking the attack to a possible Sony insider, a group of disgruntled former employees or even a marketing campaign orchestrated by Sony itself to promote ‘The Interview’.

the-interview

Some theories even claim that this is nothing but a campaign designed by the US government to find itself a new enemy and thus justify the mass spy operations carried out through agencies such as the NSA

Incidents like this, combined with the alleged hack of the Play Station and Xbox online services during Christmas, and the constant rumors of Internet leaks, certainly make you wonder if we are not really in the middle of a cyber-war between powers…

Despite the mystery surrounding the attack, the truth is that Sony decided to cancel the premiere of ‘The Interview’ for security reasons (after receiving threats against the company’s employees and their families), and the cyber-attacks have exposed the frailties of the security measures implemented by one of the largest entertainment companies in the world.

The post Who are the Guardians of Peace? A new hacker group is on the loose appeared first on MediaCenter Panda Security.

Panda Security

Tools to change and remember your passwords, this will help you!

Every time you sign up to a Web service, social networking site or online platform you face the same problem: What password should I use? Your passwords should be easy to remember but strong at the same time. And not only that, sometimes you are even requested to mix upper and lower case letters, numbers, or even non-alphanumeric characters (punctuation) to make your password harder to guess by an attacker.

In fact, all these requests aim at forcing users to use a character combination strong enough to prevent it from being cracked by a hacker. However, users frequently prefer the convenience of using the same password for everything (with some variations depending on whether they need numbers or letters), which poses an important security risk.

password tools

First, avoid using passwords that are easy to figure out. It is true that memorizing more complex passwords can be more difficult, but it obviously can be done.

Better still, you don’t even need to do that! There are many applications out there that can give you a hand with managing your passwords.

That’s the case of Dashlane, a free app available for PC, Android and iOS that allows users to check the security of their passwords and store them in one place.

keyboard password

This way it is the app that remembers all passwords for you, while you only have to remember the master password that enables you to use Dashlane and its password repository.

Another excellent option, apart from memorizing all of your passwords or managing them through apps such as Dashlane, is to opt for the greater security level provided by suites such as Panda Global Protection 2015 or Panda Gold Protection 2015, which include a password manager that enables you to access all the Web services that you use by just remembering one master password. Additionally, both security suites increase computer protection with features such as file encryption and PC tuneup.

password

In any event, there are other aspects that must be taken into consideration when creating a password. Most of them are just common sense. Never write down passwords on a piece of paper; don’t use the same password over and over again; and don’t use passwords that are easy to guess, like your date of birth or your kid’s or pet’s names. Also, it is essential that you change your passwords regularly.

Why so much fuss about passwords? Well, it wouldn’t be the first time that the leak of data belonging to millions of user accounts compromises the security of popular services such as Gmail or Dropbox, for example. So, if you don’t want to be the victim of identity and data theft, we strongly recommend that you take the appropriate security measures and manage all your passwords as effectively as possible. As the saying goes, better safe than sorry!

The post Tools to change and remember your passwords, this will help you! appeared first on MediaCenter Panda Security.

Panda Security

Security forecast for 2015

Security forecast for 2015

Our colleagues at PandaLabs have been making their predictions about what will be happening in the world of IT security in 2015. Do you want to know what we will be up against next year?

Security forecast for 2015

CryptoLocker

This type of malware has been in the spotlight in 2014, and these attacks are set to increase in 2015.

CryptoLocker operates in straightforward fashion: Once it gets into a computer, it encrypts all types of documents that could be valuable to the user (spreadsheets, documents, databases, photos, etc.) and blackmails the victim into paying a ransom to recover the files.

Payment is always demanded in bitcoins, so that it cannot be traced by the police, making this type of attack very attractive to cyber-criminals, as many users decide to pay in order to recover the hijacked information.

Targeted attacks

A small percentage of the millions of new malware strains that appear every month are specifically created to attack previously defined targets. These attacks, known as targeted attacks, are becoming more common and will be highly significant during 2015.

One of the greatest risks to tackle is that many companies are unaware that they could be the target of such attacks and therefore do not have appropriate measures for detecting or stopping them, or at least for detecting any anomaly and mitigating any damage as soon as possible.

Point-of-sale terminals

In 2014 we have seen an increase in attacks on the POS terminals used by all stores to accept and process customer payments.

Point of sale terminals

Cyber-criminals are attacking these terminals and consequently stealing the credit card details of customers. As a result, an activity that users did not think of as a risk, such as paying at a supermarket, gas station, clothes store, etc., is starting to pose a potential threat to which hundreds of millions of people around the world have already fallen victim.

APTs

APTs (Advanced Persistent Threats) are a type of targeted attack aimed at companies or strategic institutions. Behind these attacks are usually countries that invest huge sums of money in ensuring that the targeted attack goes undetected for a long time.

Although we will not see mass APT attacks in 2015, new cases will be discovered that will have probably been around for years but will only just start coming to light.

Internet of Things

The number of Internet-enabled devices is increasing dramatically, and we are not just referring to computers or cell phones but other devices.

From IP cameras to printers, all of these ‘new’ devices that form part of the Internet share a feature that makes them a highly vulnerable target for cyber-criminals: They are devices that users do not pay much attention to and consequently, for example, they are rarely updated. As a result, as soon as a security flaw is found in the software on any one of these, compromising the device will be child’s play for any cyber-criminal. To make matters worse, these devices are connected to internal networks, home or corporate, making them ideal entry points for carrying out all types of wider attacks.

Smartphones

Smartphone attacks, or more specifically attacks on devices running Android, are going to reach new heights. Not only will the attacks increase but so will their complexity, with a single goal: to steal passwords.

We store a growing amount of data on our smartphones and cyber-criminals are going to try to get it at any cost.

Although malware on cell phones was somewhat anecdotal a couple of years ago, more malware for Android has appeared in 2014 than all of the malware targeting any mobile device ever.

It seems that in 2015 these threats will skyrocket, and the number of victims will also increase.Therefore it will be essential to use antivirus products for these devices.

You can download the full report here. :)

The post Security forecast for 2015 appeared first on MediaCenter Panda Security.

Panda Security

Can they spy on you through your smartphone microphone?

Smartphone spy App
Smartphone users are highly sensitive about privacy, not least because so much personal data is stored in just a few square centimeters. We shudder at the thought of what happened to Jennifer Lawrence and company, and that it may happen to us; someone spying on our most intimate data.

Yet that’s not all we should be wary of: There are some spy programs that can even remotely activate the microphone on your device and record you. One of the most infamous of these is StealthGenie, a spyware app that behaves like a Trojan and supports iOS, Android and Blackberry. It can geolocate the device, listen to conversations, capture messages and images and even activate the microphone, tracking all your actions throughout the day.

A company video claimed that the app had more than 100,000 satisfied customers, though it looks like the game is now up. Last October the company’s CEO was arrested in the USA for promoting and selling this phone monitoring app..

It is paradoxical at least that this arrest should have occurred in the United States, where it has been revealed, thanks to Edward Snowden, that the government has been spying on the phones of so many users around the world. Such revelations from the CIA’s ex security analyst revealed that the NSA was using all types of systems to spy on smartphones, even using apps such as Angry Birds. And you thought killing a few pigs from your cell phone wouldn’t have any consequences!

A simple search will return a host of apps that promise to enable you to spy on your neighbor’s phone. So next time you need to visit the bathroom, perhaps it’s best not to take your phone with you.

smartphone spy

Researchers at Stanford University have been analyzing these apps and the ease with which our phone mikes can be turned against us. For this purpose they have developed their own app, Gyrophone, which turns the phone gyroscope into a means for capturing acoustic signals between 80 and 250 Hz (e.g. the human voice). This demonstrates how easy it is to spy on users.

By using this app, they have shown that it is possible to identify both the person speaking as well as what they are saying by measuring the acoustic signals in the vicinity of the phone. The researchers have already demonstrated this on Android devices and are now working on iPhone.

Other universities are also concerned about smartphone spying. Researchers at Citizen Lab at the University of Toronto have analyzed the Italian ‘Hacking team’ spyware. They have worked out how it manages to store all user information, take screen grabs, record audio conversations, use the GPS tracker or activate the microphone when users are connected to a public Wi-Fi network.

The researchers have also uncovered the existence of 350 servers in 40 countries around the world storing data from this tool. Are governments around the world using these tools to monitor our every move?

So if you thought that tapping phones in hotel rooms, with a group of police or high-tech criminals monitoring all conversations belonged only in spy movies, you were wrong. Be aware that your smartphone, which you always keep within arm’s length so as not to feel lonely, is potentially a tool for spying on every sound you make. All you can do is be more careful with your phone security and pray that your life is so boring that nobody wants to spy on you.

More | 10 Reasons to install an Antivirus on your phone or Android Tablet

The post Can they spy on you through your smartphone microphone? appeared first on MediaCenter Panda Security.

Panda Security

Why has Twitter logged me out?

Twitter outage
You may have woken up this morning to find a Twitter notice asking you to re-enter your Twitter account details. Has your password been stolen? Was this a case of identity theft?

Relax! Just follow a few simple steps and your Twitter account will remain perfectly safe.

The popular micro-blogging network suffered a worldwide outage last night that prevented many users from accessing the service normally for a few hours.

According to Twitter’s information service, Twitter Status, the problem started early morning (CET) and although it is now resolved, some users may still have problems accessing their accounts.

Accounts that appear to have been closed, old messages appearing as recent on timelines… these are some of the effects of the bug that hit the social network.

Have you been affected by this incident?

The post Why has Twitter logged me out? appeared first on MediaCenter Panda Security.

Panda Security

Major security attacks in 2014 – Part 2

Major security attacks in 2014 – Part 2
A few days ago we published a summary of six of the most important security attacks in 2014.

Today we continue this list with some other notable attacks, which stood out not just because of the stature of the companies attacked, but also because of the volume of compromised data.

Major security attacks in 2014 – Part 2

  1. KCB and the theft of 106 million accounts
    banking corea

    banking corea

     

    The Korean financial agency, Korea Credit Bureau (KCB), was the victim of an attack that exposed more than 105,8million user accounts, including credit card details, first names and last names, phone numbers, addresses and even passport numbers.

    In this case however, no malware was used. The thief worked for KCB -ironically in the company’s anti-fraud department- and for 11 months had been copying the data before selling it to the highest bidder.

    Had the information been adequately encrypted, the damage could have been far less, yet this wasn’t the case.

  2. Orange: The importance of storing passwords on a secure server

    In February, a vulnerability on the website of the French telecom firm Orange allowed hackers to access the data of hundreds of thousands of customers, including names, addresses and phone numbers.

    Fortunately, and despite the security hole, Orange’s systems were sufficiently well set up as to prevent passwords from being compromised, thereby greatly reducing the damage to the 800,000 users affected.

    It appears that these passwords were stored on a separate, more secure server.

  3. SEA compromises Forbes’ security

    Also in February, the Syrian Electronic Army (SEA) managed to compromise the website of Forbes. This resulted in the theft of data of more than a million users, including company employees.

    Stolen data included names and email addresses, as well as (encrypted) passwords. Worse still, the SEA published the data on the Internet.

  4. Data of 650,000 customers stolen from Domino’s Pizza

    In June this year, the Domino’s Pizza fast-food chain was attacked by a group called “Rex Mundi”, and the data of some 650,000 French and Belgian customers was stolen.

    In this case, the criminals demanded a ransom for the information, though the company’s chiefs said they were not willing to give in to blackmail.

  5. Attack on DIY giant Home Depot

    the home depot

    In September, Home Depot, the home improvements retailer, confirmed there had been an attack on its servers, compromising the data of 56 million credit and debit cards.

    Moreover, according to the The Wall Street Journal, some of the accounts associated to these cards had been emptied.

  6. Sony

    To end 2014, we have witnessed one of the most significant targeted attacks on a company.

    Many details of the attack are still unclear, but the effects on Sony have been tremendous: a week without being able to connect to computers, massive deletion of data, theft of internal company information…

    The attackers have published five unreleased films and are threatening to leak confidential data.

    There have also been reports of malware appearing with Sony’s digital signature, the passwords for which were stolen with the rest of the information.

 

The post Major security attacks in 2014 – Part 2 appeared first on MediaCenter Panda Security.

Panda Security

Prevention is better than cure: These eleven threats could compromise your corporate systems in 2015

Threats corporative systems

We don’t know what next year has in store for us, yet predictions are always useful to be better prepared for what might be around the corner. This also applies to IT security. If we analyze current trends in vulnerabilities and attacks, we may be able to forecast patterns for the future and avoid the dangers.

The Spanish government’s National Intelligence Center publishes annual reports detailing the main threats to businesses and organizations, and those that can be expected to be prevalent the following year.  Here we outline the eleven most notable dangers expected in 2015 so you can start to take measures before it’s too late.

  1. Cyber-espionage has been the single greatest threat in recent years and this can be expected to continue over the next few months. Cyber-criminals will continue working to improve methods to attack organizations and companies, as well as making them more difficult to detect.
    The simplest strategy is to choose targets with the least protection, such as contractors, suppliers or private computers. They often use social networks to gather basic information and then use the data on Web services and email.

    Threats corporative systems

  2. It is also important to keep a close eye on a factor that is often ignored: outdated operating systems. Microsoft stopped supporting Windows XP last April, so any vulnerabilities discovered since then won’t be patched, making it an easy target for criminals.
  3. Next year, just as we have witnessed in the last few months, there will be no shortage of ‘watering hole’ attacks. In this strategy, cyber-criminals observe the websites most visited often by an organization and then infect the pages with malware knowing that sooner or later some computers in the targeted organization will be infected.
  4. Something else to bear in mind when talking about threats to companies are mobile devices, as a lot of corporate data now passes through them. The best thing is to protect both smartphones and tablets with an antivirus for Android.
  5. Social networks also represent a possible entry point for cyber-criminals. The professional or personal profiles of employees on sites like LinkedIn or Facebook can be used to get to their email addresses. They are then sent malware via email in the hope of compromising the company’s systems.
  6. Many attacks target data stored in the cloud, as well as that stored on corporate networks. If the information is not properly protected, it can be easy to access files in the cloud. You can never take too many precautions when protecting data from threats.
  7. Another negative statistic is that studies indicate the increasingly sophisticated and damaging malicious code in circulation takes longer to detect. The same thing goes for the removal of malware from infected systems.
  8. Complex attacks on large companies with many systems and admin platforms can go undetected for long periods of time.
  9. However, attacks are no longer limited to computers. Many phone lines are associated to inter-communicating systems, such as alarms or dataphones. ‘Machine to machine’ or M2M communication is the basis for the ‘Internet of Things’.
  10. Home automation systems and devices, as well as industrial control systems, have begun to suffer from the first attacks by malicious software. Embedded systems in security cameras and monitors could be compromised if the program developer does not implement adequate protection measures.
  11. Cybercrime is constantly developing new strategies to evade ASLR mechanisms. This automatic process protects the security of operating systems by saving key program data on strategic areas of the hard disk to prevent hackers from deliberately accessing it.

We’ve given you a few pointers, it’s now in your hands to prevent these sorts of attacks. Keeping your computers protected with a corporate antivirus and updating your software are two key practices that you should encourage in your company.

The post Prevention is better than cure: These eleven threats could compromise your corporate systems in 2015 appeared first on MediaCenter Panda Security.

Panda Security

Christmas contest! – Help us to get a safe Christmas!

Christmas contest

As you have no doubt seen, these days we have been posting a series of articles to help ensure everyone enjoys a safe and happy Christmas! We want to help you to be able to shop online without any unpleasant surprises, and avoid falling for any of the typical Christmas scams that are doing the rounds at this time of year.

That’s why we have organized this competition, in order to reward you for helping our content to reach across the globe.

What can you win? Well, we’ve spoken to Santa and he’s going to leave various presents under the Panda Christmas tree. On December 23 and 29 and on January 2, we will reveal the prizes on offer each week to those who share our content.

How can you take part? It’s easy! Share on Facebook or RT on Twitter all the content we post with hashtag #xmaspanda. Prizes will be drawn among those who do this on the days included in the competition.

We will announce the winners on January 12 in this blog. So keep your eyes open!

Remember, Share or RT the posts with #xmaspanda and you could win great prizes.

The post Christmas contest! – Help us to get a safe Christmas! appeared first on MediaCenter Panda Security.