Category Archives: Panda Security

Panda Security

Panda Security

Winners of the ‘Betatester 2015′ competition

Leave a comment

best antivirus

At last we can announce the names of the winners of the Panda Global Protection 2015 beta competition! :)

Our Betatester of the Year and winner of €600 is:

  • Saravana Kumar S., India

The winners of €200 are:

  • Anil Kumar E.S, India
  • Jayakrishnan P., India
  • Alex Molina, Spain
  • Binshad Shahul, India
  • HUANG JING-KAI, Taiwan
  • Andreas Ntonas, de Greece
  • Kevin Appel, Switzerland
  • Lauri Säde, Estonia
  • Saqiya Maghisla, India

We have also awarded another 250 prizes of a one-year Panda Global Protection 2015 licence for three devices.

Thank you very much to all those who entered for your comments and suggestions!

More | Maximum protection with Panda Security’s new 2015 consumer solutions

The post Winners of the ‘Betatester 2015′ competition appeared first on MediaCenter Panda Security.

Panda Security

5 million Gmail passwords leaked

Leave a comment

gmail

Do you have a Gmail account? This may interest you! A Russian cybersecurity forum has published a file containing more than 5 million Gmail accounts.

According to several experts, more than 60% of the username and password combinations were valid. However, Google says that the information is “outdated“, that is, these accounts have been suspended or the users no longer access them.

In a statement, Google said that it has no evidence that its systems have been compromised, but explains that “whenever we become aware that accounts may have been compromised, we take steps to help those users secure their accounts.“

The file published mainly contains British, Spanish and Russian accounts. If you want to know whether your account is on the list of those affected, you can do so here.

Panda Security recommends you increase the security of your passwords and use two-step verification of your Gmail account.

More | How to increase the privacy of your Gmail account

The post 5 million Gmail passwords leaked appeared first on MediaCenter Panda Security.

Panda Security

Facebook offers a new tool for configuring privacy

Leave a comment

privacy facebook

As Facebook is always changing, keeping your profile private and secure is a complicated and time consuming task. The social network therefore, aware that this could put many users off sharing their news with contacts, has developed a new tool to simplify the job.

With this new feature, a friendly blue dinosaur helps you to quickly and simply check which of your contacts can see your latest posts.

To access it you have to click the padlock symbol in the top right of the screen and select “Privacy checkup

facebook privacy check - up

A dialog box then opens with three simple steps.

How to configure privacy settings in Facebook

  1. The first option lets you control who can see your posts when you update your status from the news section or from the wall. As well as telling you the current settings, you can also change them to suit your preferences

facebook privacy check - up posts

  1. The next step displays a list of all the applications that can access your profile and information. Here you can also prevent this access if you no longer use the application in question. What’s more you can see which of your contacts can see posts that the applications publish ​​in your name.

facebook privacy check - up apps

  1. Finally, Facebook helps you check which personal information you’re sharing on your profile: your job, school and college background, where you live … you can add or delete data and restrict access to it.

facebook privacy check - up profile

Although none of these settings prevent Facebook from using your personal information for advertising, it can help you know which contacts can see which posts.

At present this help feature does not include settings for albums or photos as a profile or homepage, which you will have to check directly.

If after meeting Facebook’s new dinosaur you still have questions about the privacy settings of your profile, you can always check our guide.

More | Facebook Privacy Guide

 

The post Facebook offers a new tool for configuring privacy appeared first on MediaCenter Panda Security.

Panda Security

A website set up to shame the guilty: the list of companies that don’t protect customers’ data

Leave a comment

data company

There is an ever increasing amount of personal data circulating on the Internet, yet the security in place to safeguard this data is not evolving at the same rate. Many applications and Web services jeopardize user information by not employing any encryption system to protect it.

Given this situation, IT engineer Tony Webster has set up a website to draw attention to those who are reckless in their approach to safeguarding data. At HTTP Shaming you can find the names of the ‘guilty’ websites and how they are violating users’ privacy. If they abuse the trust of their users, it’s only fair that the users should know.

One of the names that appears on the website is Mashable. According to Webster, this news website enables users to connect using their social networks accounts and interact through them. The problem however is that all this activity is happening on an HTTP address, instead of the secure HTTPS internet protocol, which encrypts the information transmitted with the SSL (‘Secure Sockets Layer’) system.

SSL system
An SSL certificate, which guarantees the security of Internet communications, works by assigning keys to files exchanged between a client computer and the server of the company providing the service, so that only the company can access the file content.

If however you use the service offered by Mashable while connected to an open WiFi network, as with many public sites, your email address, alias and passwords could be stolen by cyber-criminals (those you use for Mashable as well as the social networks you use to access the page).

mashable
The TripIt travel planning site, where you can manage bookings, check timetables and flight schedules, and share all of this with other users, is another similar case.

In both the Tripit versions for smartphones and for websites, users are first asked to enter an email address and password. Webster highlighted this site as it does not encrypt the information displayed to others through the calendar feature. As is the case with Mashable, a criminal could discover your full name, phone number, email address and the last four digits of your credit card.

Those responsible for the website have reported this summer that the problem is now fixed and that security measures are now applied to all communications.

Such poor security practices also occur on other e-commerce sites where companies and customers exchange more sensitive information. Research by the IT security consultants High-Tech Bridge showed that 73% of the top 100 online stores don’t use the HTTPS protocol for data they consider less sensitive, and only two of them apply it in all cases.

The same applies to apps running on mobile devices. In a recent study by HP, a group of IT experts analyzed the security measures in place on 2,107 apps and found that 75% of them do not encrypt stored data. Some 18% didn’t even encrypt data exchanged across the Internet.

Webster’s list of shame now has 19 names, many of these put forward by others who wanted to take part in the project. These names include Creative Cloud, VLC and Adobe Flash Player. Even the Tumblr microblogging site, where the HTTP Shaming page is hosted, doesn’t have a secure protocol. In the worst cases, the IT engineer has directly contacted companies to let them know the error of their ways.

tumblr
Webster fails to understand why some companies are subjecting customers to unnecessary risks, as there is no reason not to use HTTPS, which is available to anyone offering services on the Internet.

The post A website set up to shame the guilty: the list of companies that don’t protect customers’ data appeared first on MediaCenter Panda Security.

Panda Security

Fernando Andrés appointed Global PAPS General Manager at Panda Security

Leave a comment

Panda Security today announced that Fernando Andrés has been appointed as the company’s new Global PAPS General Manager. Andrés’ mission will be to lead the global development of the PAPS business line, one of the flagships in the security vendor’s corporate strategy.

During his professional career, spanning over 20 years in companies such asSaleforce.com and Microsoft, Andrés has held key executive positions in the sales management, business development and channel development areas in the cloud computing, Internet services and applications sectors.

Fernando Andrés holds a Bachelor’s Degree in Computer Science from the University of Castilla La Mancha (Spain), and completed the IESE Business School’s Advanced Management Program in Business Administration.

Global PAPS General Manager at Panda Security

Fernando Andrés

Extensive experience in the IT sector

From 2009 to 2014, Andrés held a number of management positions at Salesforce.com, including Corporate Sales Director for South Europe at Salesforce.com EMEA and Director of Channel Business Development at Salesforce.com Spain.

Prior to that, he held different positions at Microsoft for more than a decade, ultimately serving as SaaS Sales Director from 2004 to 2009.

Prior to joining Microsoft, Andrés was employed at ICL Fujitsu and Kodak.

“PAPS (Panda Advanced Protection Service) is a revolutionary product in the industry. It is a next-generation security solution with a completely new, disruptive approach that ensures maximum malware detection and security through an integrated management service. It is very exciting to be part of such an innovative, effective and successful project which will represent a huge leap forward not only for Panda Security, but also for the entire IT security sector,” said Fernando Andrés.

The post Fernando Andrés appointed Global PAPS General Manager at Panda Security appeared first on MediaCenter Panda Security.

Panda Security

WhatsApp could confirm when messages have been read

Leave a comment

 

whatsapp doble check

The dream of some and the nightmare of others may soon come true. WhatsApp is apparently considering a system for notifying users when the messages they have sent have been read.

When the app first came out, many thought that the double check symbol meant the message had been read. However, it was made clear that the only thing that the two ticks represent is that the message has been delivered successfully.

The news was leaked after WhatsApp asked a user to translate some terms into Italian. These included: «reproduced by», «sent by», «delivered» and «birthday», though suspicions were raised by the phrase «read by» which has led to all sorts of speculation.

whatsapp read by

This feature is similar to the D (Delivered) and R (Read) messages in BlackBerry Messenger although it appears it is still in trial phase.

What do you think? Would you be in favor of WhatsApp telling you if a message had been read? Or would that be infringing on your privacy?

The post WhatsApp could confirm when messages have been read appeared first on MediaCenter Panda Security.

Panda Security

Apple denies its services were hacked

Leave a comment

apple

 

“Celebgate” -as the theft and publication of private photos of more than 100 actresses and models has come to be known – is not only affecting the direct victims of the theft but also the companies that have been implicated in the affair.

Initially, it was thought that the leaks could be due to a potential security hole in iCloud, Apple’s virtual storage platform, but the company has announced that, after a 40-hour investigation, they have discovered that the accounts of these celebrities “were compromised by a very targeted attack on user names, passwords and security questions.” Adding that these attacks have “become all too common on the Internet.”

Apple denies that the hacking of the accounts of actresses such as Jennifer Lawrence, Kirsten Dunst and Kate Upton was the consequence of a vulnerability in its iCloud or ‘Find my iPhone‘ services. Although some of the victims have already had their say on the issue.

kirsten dunst twitter

The company has also announced that it continues to work with the police to help identify the criminals involved and encourages all users to choose a strong password and double check their security systems.

More | How to create strong passwords

The post Apple denies its services were hacked appeared first on MediaCenter Panda Security.

Panda Security

Teaching cyber-security from school age

Leave a comment

As the Internet increasingly becomes part of our everyday lives and we use new technologies in all areas of our life, there’s an ever greater need for professionals capable of guaranteeing our security in these areas.

However, in a field as new and complex as cyber-security there is still a lack of people prepared to work in it. As we saw recently, in the United States there is already a plan under way to tackle the situation: training army veterans to become cyber-warriors and consequently, helping them to adjust to civilian life again.

Yet this is only one of the solutions put forward, and there are others that take a longer view. To ensure the future of the profession, the only viable plan for the long term involves educating children in this area and stimulating their interest in computing in general and specifically in IT security.

Along such lines, countries like the USA and the UK have projects that will hopefully provide the cyber-warriors of the future.

cyber competition

The UK’s Cyber-Centurion challenge

In the UK in fact, an initiative called Cyber Centurion has been launched to get thousands of youngsters competing in teams in a cyber-security challenge.

The key to the initiative is that young people will be in direct contact with situations that a real cyber-security expert could encounter. In fact, the challenge, which is to be held in two rounds, involves downloading a virtual computer full of vulnerabilities that could present opportunities for a cyber-criminal. What the teams (comprising 4 to 6 youngsters and one adult) have to do is identify these vulnerabilities and patch them as soon as possible.

As this is the first edition of the challenge, there will first be a practice round in October before the two competition rounds. The top six teams will then battle it out in April 2015 in the Grand Final. The winners will be awarded a scholarship at Northrop Grumman, one of the largest defense contractors in the United States and maker of the B-2 stealth bomber who is funding this initiative with a view to uncovering future talents in IT security.

This however isn’t the only cyber-security initiative in the UK. The Cyber Centurion challenge is supported by Cyber Security Challenge UK , a platform funded by the British government that has organized other educational initiatives such as workshops and other challenges in schools, colleges and universities across the UK.

CyberPatriot

In fact, this exciting British initiative is really an adaptation of the US Cyber Patriot program, the National Youth Cyber Education Program. This program is now in its seventh edition and is also funded by Northrop Grumman, which claims to have already dramatically reduced America’s cyber-security talent shortage.

This search for US Cyber Patriots involves three programs:

  1. A competition among high school students similar to the one that will begin in a few months in the UK (where the teams have to identify and fix vulnerabilities in an operating system to prevent cyber-criminals from entering),
  2. A camp organized for the first time this summer and which aims to teach the principles of cyber-security in an entertaining way and
  3. An initiative that will take basic IT security knowledge to primary schools and teach children how to protect themselves on the Internet.

Internet competition

So why in the US and the UK is there so much interest in students learning firsthand what it takes to be a cyber-security professional and not any other job?

Basically, because the future (and the present) will require IT professionals dedicated to cyber-security. Moreover, international threats and attacks can now come across the Internet, so another profession of the (short-term) future will be cyber-warriors, who even now are being recruited by companies like Northrop Grumman. This will no doubt be the army of the future.

The post Teaching cyber-security from school age appeared first on MediaCenter Panda Security.

Panda Security

Jennifer Lawrence: Victim of a security hole in iCloud?

Leave a comment

jennifer lawrence oscar

If you are on Twitter you may have noticed the actress Jennifer Lawrence has been ‘Trending Topic’ since yesterday afternoon.

jennifer lawrence twitter

 

The reason? The leak of nude photos of the 2013 Academy Award winner on the /b/ forum of 4Chan.

She has confirmed the story, although she is apparently not the only victim.

jennifer lawrence spokeman

 

Other models and actresses such as Kirsten Dunst, Kate Upton or Ariana Grande have also allegedly had pictures leaked, although not all these cases have been confirmed. Meanwhile, Mary E. Winstead has acknowledged the authenticity of the pictures that have been circulated, while Victoria Justice has denied that some photos allegedly of her are authentic.

It is still not clear how ‘Celebgate’ (as some are referring to this massive hacking) was carried out. Some sources have suggested a possible security breach in iCloud, Apple’s virtual data storage platform, though the company has yet to confirm this.

Until it is known how these images were stolen, the best anyone can do is apply common sense and ensure they use strong passwords to access their services. We also recommend that users check their Apple ID account.

 

 

 

The post Jennifer Lawrence: Victim of a security hole in iCloud? appeared first on MediaCenter Panda Security.

Panda Security

Malware still generated at a rate of 160,000 new samples a day in Q2 2014

Leave a comment
  • The second quarter of 2014 has seen the creation of 15 million new strains of malware
  • Trojans are still the most common type of malware, though they are losing ground thanks to the rise of PUPs (Potentially Unwanted Programs)
  • Smartphones, both Android and iOS, are still under attack
  • The global infection rate during this period was 36.87%, a significant increase on previous quarters, thanks in part to the increase in PUPs

 QReport

Panda Security, The Cloud Security Company, has announced the latest findings of the PandaLabs quarterly report for Q2 2014. The main conclusions of the study include the fact that malware is still being created at the record levels reached in the previous quarter: 15 million new samples were generated, at an average rate of 160,000 every day.

While Trojans are still the most common type of malware, accounting for 58.20% of new malware, this figure is significantly lower than the previous quarter (71.85%). This is not so much due to a drop in number of new Trojans, but more to a substantial increase in PUPs (Potentially Unwanted Programs) during this period.

Attacks on mobile devices have continued to gather momentum over this quarter, though this time they have also targeted the Apple iOS in addition to Android. In the case of the latter, the most notable cases have involved fake antivirus apps and ransomware.

There have also been many notable cases of hacking targeting major companies across different sectors, such as eBay, Spotify or Domino’s Pizza,as well as more attacks by the Syrian Electronic Army (SEA). A security flaw -dubbed Heartbleed– in the OpenSSL library used for encrypting communications made the headlines around the world in April.At the same time, Microsoft ceased to offer support for Windows XP, with serious security implications for users of this OS.

PUPs on the rise

While Trojans are still the most prevalent type of malware (58.20% of new threats), they are losing ground thanks to the rise of PUPs (Potentially Unwanted Programs). In fact, in recent months there has been a notable increase in software bundlers, which install PUPs -without the user’s consent- along with the programs that the user really wants to install.

Trojans are followed a long way behind in the ranking by worms (19.68%), adware/spyware (0.39%) and viruses (0.38%).

Trojans the cause of most infections

Trojans, once again, have accounted for more infections (62.8%) than any other type of malware, although this figure is lower than the previous quarter (79.90%). PUPs are in second place with 24.77% of infections, underlining how these techniques are now being used massively. A long way behind came adware/spyware (7.09%), viruses (2.68%) and worms (2.66%).

Infections by country

The global infection rate during the second quarter of 2014 was 36.87%, a significant rise on recent periods, thanks largely to the proliferation of PUPs. Country by country, China once again had the most infections, with a rate of 51.05%,followed by Peru (44.34%) and Turkey (44.12%).

It’s clear from this ranking that the regions with the highest levels of infections are Asia and Latin America. Spain also has an infection rate above the global average with 37.67%.

On the other hand, Europe is the area with the lowest infection rate, with nine countries ranked among the least infected countries. Sweden (22.13%), Norway (22.26%) and Germany (22.88%) had the lowest rates while Japan, with an infection rate of 24.21%, was the only non-European country in the top ten of this ranking.

 

The full report is available here.

The post Malware still generated at a rate of 160,000 new samples a day in Q2 2014 appeared first on MediaCenter Panda Security.