Category Archives: Panda Security

Panda Security

Panda Security

The Home Depot confirms hacker attack. 56 million credit and debit cards compromised

Leave a comment

the home depot

The Home Depot, the home improvement retailer, has confirmed that its servers have been attacked and that 56 million credit and debit card details have been compromised.

According to the The Wall Street Journal, the company has also acknowledged that, in some cases, the accounts associated to the cards have been drained.

In addition, fraudulent transactions have appeared across the USA as the criminals use stolen card details to buy prepaid cards, electronic goods and even groceries.

This attack comes just months after a similar attack on Target Corp. and there could be a connection, as the same tool –BlackPOS- was used to exploit the vulnerability.

The security breach may have affected customers who shopped in any of the almost 4,000 stores that the company has in the U.S. and Canada between April and September.

Do you want to know how to prevent theft in your company?

The post The Home Depot confirms hacker attack. 56 million credit and debit cards compromised appeared first on MediaCenter Panda Security.

Panda Security

Twitter has joined the Bounty Programs. Now only Apple remains.

Leave a comment

In the technology world, it is now quite common for companies to reward the efforts of those advanced users who dedicate some of their time to uncovering security holes in their programs or platforms.

Although there are still some who are yet to be convinced of the effectiveness of such ‘bounty programs’, many firms apparently see them as being extremely useful, not just to discover new bugs that have gone undetected, but also to get these expert users on their side.

bounty programs - hackers

Such is the value of what is at stake, that most technology companies now have bounty programs in place. A while back, we described the world of bounty programs, and how rewards can fluctuate depending on the company and the importance of the security hole.

Twitter was still among those that had yet to take up the idea. The social network seemed reluctant to put its hand in its pocket to encourage experts to find bugs in its service. Now the company has announced that it’s offering a minimum reward of $140 (get it?) for those who find security holes in Twitter.com, ads.twitter, mobile Twitter, TweetDeck, apps.twitter, as well as in the apps for iOS and Android.

This sum is still way off what others are offering. Bounty programs at firms like Facebook or Google reward users that uncover vulnerabilities with amounts upwards of $500 and$1000 respectively.

bounty programs - facebook

And it’s not only the money that’s different, Twitter’s bounty program also uses a new platform which offers information to anyone who wants to see what each company is offering.

This platform, called HackerOne, is a kind of notice board on which companies announce new features of their bounty programs and where those looking to profit from their ability to sniff out vulnerabilities can easily discover whether it’s worth their while, depending on the money on offer.

This platform was set up in 2012 by several experts who had previously worked in IT security for companies like Facebook, Google or Microsoft. In their previous jobs they had been responsible for coordinating the implementation of bounty programs, so they had first-hand knowledge of the issue. They decided to offer different technology companies, no matter how big or small, the option to delegate the coordination of their bounty programs.

Companies that have taken up the offer include Yahoo!, Square, Automattic and 4chan. So even without offering the same amounts as other firms, there are many companies who, while saving on the costs of running bounty programs, are also addressing the concerns of users who want reassurance that there are no holes in the security of the companies’ platforms. Something that users have been demanding of Twitter for some time.

bounty programs - reward

Apple, still reluctant

The only leading technology company still to launch its own bounty program is none other than Apple. The company has so far taken no steps in this direction, despite the scandals that threatened to tarnish its image in early September when users, including celebrities, had leaked photos, which were hosted in iCloud, published on the Internet. Had there been a program for rewarding hackers that find security holes, perhaps one of those that did find the vulnerability might have warned security officials of the problem and enabled them to act in time. 

They say money can’t buy happiness, but it helps. That’s why, perhaps as a lesson to Apple, the Russian hacker who discovered such a hole in the company’s iCloud was quick to boast of his discovery. As Alexey Troshichev admitted, he would have warned the company about the flaw in the platform if there was a reward. But as there wasn’t, he decided to share the information on Github, where many other experts were able to exploit the hole maliciously, thereby highlighting the importance of bounty programs.

The post Twitter has joined the Bounty Programs. Now only Apple remains. appeared first on MediaCenter Panda Security.

Panda Security

“The new iPhone 6 recharges with two minutes in the microwave”: A new urban myth about Apple

Leave a comment

Remember when some Apple users ‘lost’ their phones after believing stories about the iOS7 making the iPhone waterproof?

After the presentation of the latest new features in Apple devices and the new iOS8 operating system, the Internet is full of articles either in praise of or criticizing the company’s latest efforts. Users, eager to find all the latest information and the best tips on how to get the most from the new iPhone 6, scour forums and blogs to stay up-to-speed with everything about these new releases.

That’s why it’s no surprise to find these types of practical jokes doing the rounds on the Web, or to encounter some poor unsuspecting user, who perhaps expecting more than is reasonable from the new device, falls for the trick.

This story took the form of an advert, similar in style to the one launched by Apple on 4chan, announcing the new ‘Wave’ feature of iPhone, which could supposedly recharge the phone in the microwave.

wave iphone 6 apple

So do you believe everything you read on the Internet?

More | iOS 8. Apple increases user privacy

The post “The new iPhone 6 recharges with two minutes in the microwave”: A new urban myth about Apple appeared first on MediaCenter Panda Security.

Panda Security

Panda Security launches new 2015 Consumer Line with XMT Smart Engineering Engine #Panda2015

Leave a comment
  • Panda Security’s new consumer product line is now available. New solutions are lighter, safer and easier to use than ever before, and are based on the new XMT Smart Engineering architecture, a new engine for a new technological era
  •  Panda Global Protection 2015, Panda Internet Security 2015, Panda Antivirus Pro 2015, Panda Mobile Security and Panda Gold Protection leverage the power of cloud computing to combat maware threats

Madrid, August 13, 2014

Panda Security, The Cloud Security Company, today announced the launch of its new line of consumer solutions. Panda Global Protection 2015, Panda Internet Security 2015, Panda Antivirus Pro 2015, Panda Mobile Security 2.0 and Panda Gold Protection are the five products included in the security company’s 2015 consumer line which this year boasts the new XMT Smart Engineering engine as its main new feature.

The results of the latest comparative tests conducted by independent laboratories such as AV-Comparatives, AV-TEST and Virus Bulletin, where Panda Security achieved the best scores in detection, protection and resource use, showcase the excellent capabilities of the new XMT engine. With XMT, different technologies interact with each other to achieve new levels of efficiency and greater detection and disinfection power to eradicate all threats.

“In a context in which 160,000 new malware samples are created every day, as reported by PandaLabs’ Q2 report, we are very much aware that we have to provide users with the best protection. And the best thing is that the engine with which we’re achieving the highest detection ratios in the industry’s leading tests is the basis of all our endpoint protection products,” said Álvaro Elorriaga, Global Retail Director at Panda Security. “Our aim is to continue integrating technologies in the platform to stay in pole position when it comes to detection, and provide our users with maximum protection and minimum impact on their systems”.

Minimum impact on performance

Designed to provide complete protection with minimal performance impact, Panda Security’s new 2015 Consumer solutions harness the power of cloud computing to combat the myriad security threats users face today: viruses, hackers, online fraud, identity theft and all other known and unknown threats.

new antivirus

“The new 2015 Consumer line is based on four pillars that have allowed us to further improve our security solutions, adjusting them to our customers’ needs: protection, lightness, flexibility and stability”, explained Hervé Lambert, Retail Product Marketing Manager at Panda Security.  

Cross-Platform Protection

In addition to the new XMT engine, one of the most noteworthy features of Panda Security’s new 2015 solutions is the cross-platform protection provided by Panda Global Protection 2015 for Mac environments and even mobile devices. Furthermore, advanced users will find an additional layer of protection with Data Shield, a new module to protect user data against malware such as ransomware that tries to access sensitive information with malicious purposes (theft, deletion and encryption).

Additionally, the 2015 versions of Panda Internet Security and Panda Antivirus Pro include improved protection capabilities against viruses, hackers and Wi-Fi intrusions thanks to a Wi-Fi monitor that provides full visibility into all the devices connected to the wireless network. Along with these features, Panda Internet Security 2015 helps protect users’ children, identity and data with parental control, application control and online backup functionalities. “Despite Panda Antivirus Pro is the most basic solution in the entire line –it protects Windows environments only–, the truth is that it is much more than a simple antivirus. Besides providing fast and intuitive protection, it also includes other features such as a firewall, virtual keyboard, rescue kit and multimedia options”, explained Hervé Lambert.

New Panda Mobile Security Now Available on Google Play

Additionally, the new Panda Mobile Security 2.0 is now available on Google Play. This solution, designed to protect Android devices, includes features such as geolocation and anti-theft to remotely locate, lock and wipe lost or stolen devices. The new version is much more intuitive and user-friendly than before thanks to a brand new look and feel.

Panda Gold Protection
Panda Gold Protection

Panda Security’s 2015 Consumer product line also includes Panda Gold Protection, a complete solution designed to protect users’ data regardless of the device they are using: PC, Mac, and Android smartphones, tablets and Smart TVs. Panda Gold Protection is the only product in the entire 2015 line that features Panda Cloud Drive, an online backup and sync service with 20 GB of free space that allows users to store files securely in the cloud and access them from any computer, mobile device or Web browser at any time.

Users who want to take a free trial of Panda Security’s new 2015 solutions can go to http://www.pandasecurity.com/homeusers/

Also, users who want to buy Panda Security’s products can do so online on the company’s website or at the usual points of sale (retailers, dealers, shopping malls, etc).

Main features of Panda Security’s 2015 Consumer solutions

 

new consumer 2015 range

About Panda Security

Founded in 1990, Panda Security is the world’s leading provider of cloud-based security solutions, with products available in more than 14 languages and millions of users located in 195 countries around the world. Panda Security was the first IT security company to harness the power of cloud computing with its Collective Intelligence technology. This innovative security model can automatically analyze and classify thousands of new malware samples every day, guaranteeing corporate customers and home users the most effective protection against Internet threats with minimum impact on system performance. Panda Security has 80 offices throughout the globe with US headquarters in Florida and European headquarters in Spain

Panda Security collaborates with The Stella Project, a program aimed at promoting the incorporation into the community and workplace of people with Down syndrome and other intellectual disabilities, as part of its Corporate Social Responsibility policy.

For more information, please visit www.pandasecurity.com/

 

The post Panda Security launches new 2015 Consumer Line with XMT Smart Engineering Engine #Panda2015 appeared first on MediaCenter Panda Security.

Panda Security

Presentation of the 2015 Consumer Antivirus Solutions

Leave a comment

Today is not just another Monday! Aching muscles, photos in red jumpsuits, exciting stories… What are we talking about? About the presentation of our 2015 product line, of course!

Unashamedly proud of our new XMT scan engine, on Friday we decided to launch the new range in style at Carlos Sainz Karts in Madrid. We brought together representatives from the media to present our new antivirus and explain all the new features they would find in this new product line.

But before we tell you all about them, let’s tell you their names: Panda Global Protection 2015 Multi-Device, Panda Internet Security 2015 Multi-Device, Panda Antivirus Pro 2015 and Panda Mobile Security 2.0.

New Antivirus Panda 2015

What better place to talk about engines than a go-kart track? So we had our Global Retail Director, Alvaro Elorriaga, tell everyone about the revolutionary power of our new XMT™ engine. “Threats have changed and this means we have to change the way we scan, detect and disinfect.”

Panda 2015 Alvaro Elorriaga

The XMTâ„¢ engine, which is in all the new Panda products, includes a new protection system, new heuristic technologies, new behavior analysis features and new anti-exploit technologies.

What’s more, Herve Lambert, Product Marketing Manager, explains that “the latest independent industry tests”, carried out by AV-Comparatives, AV-TEST and Virus Bulletin, “demonstrate the power of the new engine included in Panda Security’s latest solutions.”

2015 Consumer Product Line Features

During the presentation, our colleague Herve explained in more depth our product features, including the Data Shield, a layer of data protection that prevents one of the fastest-growing threats: ransomware. This dangerous malware infects computers and locks them until the user (or company) pays a ransom.

Herve also talked about other new features, such as the Wi-Fi Monitor, which lets you know what devices are connected to your network; and Application Control, which lets you set run permissions for the programs installed on your computer.

Finally, Pablo Alonso, Consumer Sales Director for Spain, praised “the effort made by Panda Security in terms of pricing and licensing.”

The Panda Security race

Given that we were at the go-kart track, what other way to end the day than racing karts!? So, journalists and our Panda Security colleagues donned suits and helmets to organize our very own Grand Prix. Needless to say, some fared better than others. ;)

Karts Panda 2015

It was soon apparent who had driven a kart before and who was a first-timer. After some warm-up races and two semi-finals, the winner was our friend and colleague Pablo Alonso (thanks Pablo for flying the flag for Panda!).

Panda 2015 team

Many thanks to all of you who joined us on the day!

The post Presentation of the 2015 Consumer Antivirus Solutions appeared first on MediaCenter Panda Security.

Panda Security

iOS 8. Apple increases user privacy

Leave a comment

ios 8 privacy

 

No doubt if you have an Apple device, you’ll know that the new iOS 8 operating system is now available. What you might not know is that installing it will prevent Apple from accessing users’ devices without their consent.

This has been announced by the company, which says that “unlike their competitors” they will not access users’ systems without their permission. They claim that it is therefore not technically possible for them to comply with government orders to retrieve data from devices running iOS 8.

So how is privacy enhanced with iOS 8? To prevent itself from accessing these devices, Apple has modified its encryption system which is applied automatically when users select their password.

This way, Apple’s new operating system has taken a step forward in increasing privacy, as all the information stored on users’ iPads or iPhones (photos, emails, files, etc.) will be protected not only from Apple, but also from governments.

This is clearly how Apple has responded to accusations of collaboration with the National Security Agency (NSA) by handing over its customers personal data. Similarly, the company has also assured that it only provided the data of “less than 0.00385%” of Apple device users. ”

We remind you that it’s important to scan your iPhone or iPad for malware that could affect the functionality of your device. For your peace of mind, try our antivirus for Mac.

More | Cyber-espionage. Can you avoid it?

The post iOS 8. Apple increases user privacy appeared first on MediaCenter Panda Security.

Panda Security

What is Phishing?  

Leave a comment

No doubt you have wondered and asked yourself on more than one occasion, what is phishing and how can it affect you.

All of us know that it is some type of scam, although perhaps there are many who don’t know exactly what it is or the techniques used by hackers and cyber-criminals.

So, exactly what is phishing? Basically, also known as email phishing, it involves sending emails, which appear to come from trusted sources, such as banks etc, though really they are aimed at stealing confidential information from users.

These emails usually include a link which when clicked, takes you to a spoof Web page. These pages appear genuine though they are really like a mirror that hides the criminals whose sole aim is to steal your personal data.

The problem is that users think they are in a trusted site and therefore enter the requested data. However, this confidential data will fall straight into the hands of the scammers and can then be used for some type of fraud.

That’s why it is always best to access web pages by typing the address directly in the browser.

what is phishing

How to recognize a phishing message

It’s not always easy to recognize phishing messages, particularly if you are a client of the company from which the message has supposedly been sent.

  • Even though the ‘From:’ field of the message shows the address of the company, it is not difficult for a criminal to alter the source address of the email in any mail client.
  • The email may have the logos and trademarks of the organization, yet these can easily be lifted from the company’s website.
  • The link in the email seems to point to the company’s website, though really it takes you to a fake page which will ask you for your user name, password, etc.
  • Very often these messages contain spelling or grammatical errors that you would not normally expect in official communications from the genuine company.

It’s also important to bear in mind that although phishing has traditionally used email, now, with the increasing popularity of smartphones and social networks, there are new channels of attack.

Another thing to be aware of is that although we normally talk about phishing in the context of banks, cyber-criminals often use any popular website or platform (Ebay, Facebook, Paypal, etc) as bait for stealing personal data.

But remember, no company will ever ask you to send them your personal details via email. If they do, be very suspicious!

Moreover, as a stich in time saves nine, you can always add an extra layer of protection by installing one of our new 2015 antivirus solutions. To do this, all you have to do is visit our free antivirus page and select the one that best adapts to your ideal level of protection.

The post What is Phishing?   appeared first on MediaCenter Panda Security.

Panda Security

4 steps to avoid viruses

Leave a comment

security

Protecting your computer is, very often, much easier than you might think. If you follow these four steps to prevent viruses, your computer won’t become infected again.

Take care with Java, Adobe Flash and Acrobat Reader

As we have seen in practically all the PandaLabs reports, these programs are a key target for cyber-criminals. That’s why it’s best to ensure they are always up-to-date or, if you don’t use them, uninstalled.

Viruses and malware can slip past antivirus programs and infect PCs by exploiting programs that haven’t been kept up-to-date.

Take care which programs you install

It is essential to be aware of what you’re installing or running on your computer. Virus creators earn a lot of money from programs or applications which, at first glance, seem harmless but can infect your computer when they are run. That’s why you should:

  • Never open messages from unknown sources.
  • Avoid non-secure web pages. You can recognize secure pages as the address begins with ‘https://’ and they display a padlock icon.
  • Use secure passwords.
  • Not provide confidential information via email.

Keep your Windows operating system up-to-date

Malware and viruses exploit security holes in outdated versions of Windows. To prevent this, you must install the latest security patches.

Windows makes this easy for you, so you can enable automatic updates so you don’t have to worry about it.

Use a good antivirus

A good antivirus can do much more than keep your computer virus-free. It can protect your identity and that of your business and can also prevent fraud when you shop online.

Find out what is the best antivirus for your needs from our new 2014 product range.

What’s more, if you have an antivirus with parental control, you can protect your children from danger on the Internet.

The post 4 steps to avoid viruses appeared first on MediaCenter Panda Security.

Panda Security

Fed up with CAPTCHA? How to avoid it?

Leave a comment

avoid captcha

It is always annoying. You enter a website and suddenly, a CAPTCHA assaults you in doubt over whether you are human or a robot with, generally, malicious intentions. Some crossed out or distorted characters that you must decipher so that the system is sure that you do not have the slightest intention of exploiting the website’s resources beyond your possibilities. However, it is extremely tiresome because it is not easy to make out the combination of letters and numbers they show you in order to prove that you are not an intruder.

At last, after many years someone has set out to implement new methods that are not so much hassle. However, we will not be able to get away with not proving that we are made of flesh and bone and do not have any bad intentions but they thought that it would be better to do it in a more fun and entertaining way than wasting time trying to decipher completely illegible letters and numbers.

With this goal in mind, a group of researchers at the University of Alabama at Birmingham got down to work. Tired of the pesky CAPTCHAs, they decided to create a new method so that the websites that considered it necessary could check whether a human or robot was on the other side of the screen. Their plans also included finding a system that was more entertaining for users who have good intentions and setting up more barriers for those who program a bot to act like a human.

Captcha

This is how what they called ‘dynamic cognitive game’ or DCG came about. The team, consisting of Manar Mohamed, Song Gao, Chengcui Zhang and led by Nitesh Saxena, have published a new way of checking whether someone is trying to enter a website to abuse the services it offers.

The new system challenges the user with a simple and good-natured game. A puzzle that, unlike CAPTCHA, will not try your patience getting it wrong time after time for not being able to clearly see the letters and numbers shown on screen. Now all you will have to do is select the object that is not a boat, for example. Or even easier, a straight-forward drag and drop task that involves dragging geometric figures to the space with the same shape.

As you can see, they are extremely easy actions for any Internet user but impede the action of bots programed to complete many CAPTCHA in the blink of any eye. Because while humans will just have to identify the object and drag it and can solve it first go, the programs used by spammers will need several attempts. So by trying so many times and getting it wrong, the mechanism will detect strange behavior and classify it as an intruder.

What’s more, this new method created by researchers at the University of Alabama at Birmingham, is also proposed as an alternative for dissuading those with malicious intentions who have moved from programs to new ways of exploiting website resources.

As crazy as it may seem, through extortion or money –usually a very small amount- there are people who work non-stop for someone who needs them to complete the forms on websites. These cognitive games will make it more difficult for them because this system is not as mechanical as the one used by the tiresome CAPTCHAs.

It’s not the first and it won’t be the last alternative

There have been many who, fed up with tedious verification processes of entering letters and numbers, have suggested alternatives to the system devised by Guatmalan Luis Von Ahn in 2000. A math puzzle, a task puzzle or even solving an audio message in which someone says something in a distorted voice.

However, it is going to be very difficult to completely do away with CAPTCHA. Not because the new systems are more or less reliable but because thanks to these and without having the slightest idea, we are working for Google. Without a contract or payment of any kind, whenever we complete a CAPTCHA or reCAPTCHA to prove that we are a human who wants to open a Gmail account, we are contributing to this company’s goal of digitalizing all of the books in the world. Did you know that?

The post Fed up with CAPTCHA? How to avoid it? appeared first on MediaCenter Panda Security.

Panda Security

How Twitter aims to prevent your timeline from filling up with spam

Leave a comment

As with so many of today’s technological tools, while many people use them to make their lives easier, or to keep in touch with friends and family, there are some that take advantage of them simply to annoy others.

So while most of us use social networks to chat with friends, meet new people and keep abreast of what’s happening in the world, there are those that saturate our accounts with messages that are not just of no interest, they are downright annoying: the infamous ‘spam’.

Now, tired of users having to endure this continuous bombardment of unwanted advertising, those responsible for several social networks have decided to go on the offensive. One of these is Twitter, which has taken action as spammers have been increasing their unhindered presence on users’ timelines and direct message inboxes. Finally, those in charge of the social network have said enough is enough.

twitter spam

As the company has revealed on its blog, over the last six months its developers have been working on the design of a system that can detect and block the actions of these annoying spammers. They have called it ‘BotMaker’ and its objective is to counter the actions of those who, whether for commercial reasons or otherwise, are dedicated to annoying other users of the social network.

The plan that Twitter has come up with to prevent these unwelcome users from doing whatever they please has three objectives.

  1. Firstly, it aims to reduce the options for spammers to create content.
  2. Secondly, it wants to restrict the visibility of spam messages launched on the social network.
  3. Finally, the most difficult objective is to reduce reaction times between spam attacks and the system’s ability to detect and stop them.

To achieve its aims, BotMaker has been designed to apply a series of rules that allow it to determine who is annoying other users with spam. When there is a suspicion that a tweet breaks the rules on spam, Twitter’s new platform will activate a protocol to ensure that either the message is deleted immediately or the user that sent it is vetoed to prevent them from further annoying users.

twitter no interest messages

Moreover, to prevent any unwanted messages from bothering other tweeters by trying to sell something, Twitter’s newly devised anti-spam system includes different bots that act at different stages of the hunt for spammers. The first to come into play is Scarecrow, which intervenes immediately in real time. Sniper comes next, eliminating any spam messages that have slipped past the previous filter. It also carries out a second appraisal and makes a record of suspicious users. If this weren’t enough, BotMaker also sets certain controls on users over long periods of time to prevent them from getting around the rules.

Nevertheless, the main advantage of Twitter’s new system is that it can detect spam even before the account in question can send junk mail to other users. This was the biggest challenge that the team at the social network faced because, whereas with email the delivery is delayed for a few seconds while Google or Microsoft robots check it to ensure it is not spam, with tweets this isn’t the case. These messages are sent and, theoretically, should arrive on your timeline immediately.

Users are also involved in the successful operation of BotMaker as they have the chance to identify those accounts that are flooding their timelines with spam. In this regard, the cookies that users have to accept to use Twitter also play an important role, by analyzing the traces left by tweeters. Despite this, BotMaker has no negative effects on users whatsoever. In fact, the system has been configured not to interfere with the bots that users install to automatically tweet on those topics that they have previously selected.

twitter unwanted messages

Trails carried out by the company with BotMaker have shown it to work efficiently. In the six months that Twitter tested its own invention, it managed to reduce by 40 percent the billions of unwanted messages aimed at selling or promoting products to other users of the social network.

Yet although these results may seem encouraging for those who regularly use Twitter, the truth is that all is not what it seems. Beyond its firm desire to counter the intentions of spammers, the social network is also striving to improve its own targeting of advertising.

As the epicenter of thousands upon thousands of comments about all types of events taking place around the world, the filters that BotMaker uses can also be used to select users who may be interested in advertising of one product or another.

More | How to protect your Twitter account

The post How Twitter aims to prevent your timeline from filling up with spam appeared first on MediaCenter Panda Security.