Category Archives: Panda Security

Panda Security

WhatsApp. Beware of cyber-crooks and scams!

whatsapp app

 

This week, WhatsApp has announced that it now has 600 million active users.

The news was released by Jan Koum, the CEO and co-founder of WhatsApp, through his Twitter page. Koum made it very clear that this figure refers to the number of active, not registered, users, which means that WhatsApp’s user growth may actually be larger.

whatsapp

 

The term ‘active users’ refers to the number of users who have used the app at least once in the last month.

WhatsApp security

Despite the doubts raised a few months ago when Facebook bought WhatsApp, it seems that the messaging app continues to be as popular as ever. The figure of 600 million users affirms WhatsApp as the world’s most widely used instant-messaging application, well ahead of rivals like Line or Telegram.

But this success has also placed it in the crosshairs of cyber-criminals who, over the last few months, have come up with countless ways to exploit the app as a means to attack users.

Want to know how? Discover the most dangerous WhatsApp scams and beware of malicious messages!

The post WhatsApp. Beware of cyber-crooks and scams! appeared first on MediaCenter Panda Security.

Hackers reveal their secrets on Twitch, the gamers’ streaming platform

twitch

Twitch was set up in 2011 as a video streaming platform yet, unlike YouTube, it is mostly videos of games and playthroughs that are broadcast on the channel. Another distinguishing feature is that Twitch doesn’t use any copyright system to establish payments: it operates with voluntary donations to those who provide content and share their experiences with other Internet users.

With a view to complementing its offer with such content, Amazon has invested an incredible US$970 million (735 million euros) in purchasing the company. Google and Yahoo had also bid to take over the company, though in the end it was the online store that managed to take this highly-coveted asset.

This fierce competition over Twitch is not without motive. The channel already had 3.2 million active users in its first month of existence. It now has over 50 million users, each of whom spends an average of 106 minutes watching its content.

The website, founded by the American Justin Kan (also responsible for Justin.tv) was initially set up to broadcast conventional content. However, another of the site’s founders, Emmett Shear, who had a passion for computer games, decided to change focus go for another type of content.

The platform allows users to take part in the broadcasts and form a community, one of the keys to success on the Web, especially when it comes to online gaming: the channel’s now famous ‘eSports’, are real competitions between gaming professionals.

twitch games

Given its content, it’s hardly surprising that it’s mainly young people who visit the channel. Over half the users are under 25, although the average age of those taking part in competitions is somewhat higher, around 40 years old. However, all of them are keen Internet users.

So far, so good. But what happens when those who broadcast their online adventures are not just gamers, but also hackers?

George Hotz and Ricky Zhou, two renowned hackers, have started broadcasting the resolution to different challenges, which can last up to five hours. The first of these was largely aimed at overcoming certain levels of Vortex, a game designed for hackers. The challenges are resolved by commands written in code.

twitch code

In the second challenge, dubbed ‘The Great CVE Race‘ (CVE stands for Common Vulnerabilities and Exposures), the participants tried to exploit a security hole in the Firefox browser. The CVE database is maintained by MITRE, a US NGO, and contains all the known bugs or vulnerabilities for many software programs.

After selecting the security flaw, the hackers design an exploit: a tool or technique that takes advantage of the software error to prevent the program from running properly or to allow third party access to the service. This can include anything from a computer virus to alterations to the software’s code, for example, a set of instructions to run the program in a different way.

Client-side exploits are strategies aimed at vulnerabilities in applications normally used on any operating system, such as a Web browser. The tool is applied to a file that the program has to open, such as an email.

When this modified file is run by the user and there is no antivirus security control, the hacker can access the user’s information. This is exactly what Hotz and Zhoy are showing in their videos: how to create an exploit for Firefox.

twitch security

If hackers were to follow their instructions, they would learn how to take control of the program or change some aspects of one version of Firefox without the developer’s consent.

Although Twitch doesn’t monitor content and gives free rein to those who broadcast videos, the creation of such tools can even be illegal, as they don’t have the administrator’s authorization and they interfere with the activity of third parties. The platform may have to think about keeping a closer eye on what is published on the site.

The post Hackers reveal their secrets on Twitch, the gamers’ streaming platform appeared first on MediaCenter Panda Security.

UPS stores attacked in the USA

ups

UPS, the international courier service, may have been the victim of a cyber-attack using a virus detected in 51 of the company’s US stores.

A company spokesperson confirmed that the attack could have compromised confidential information, including customers’ names, card details and postal and email addresses. The earliest evidence of the presence of this malware at any location is January 20, 2014 and was eliminated as of August 11, 2014.

The attack has been traced back to the services that give employees remote access to the UPS system. Cyber-criminals exploited this to infect point-of-sale terminals and obtain information massively from the database.

UPS has informed customers of the stores that have been affected by the malware.

Attack on Target

This attack is similar to the one suffered by another US company, Target, which resulted in the theft of over 40 million credit card details.

Point-of-sale terminals are a highly-prized target for cyber-criminals. It’s not a question of chance, sooner or later someone will try to hack your terminals. To ensure protection you need a security solution that covers different aspects of the POS terminal and which can:

  • Restrict the running of software, only allowing trusted processes to run.
  • Identify vulnerable applications, warning you of any outdated software.
  • Enforce the behavior of permitted processes to prevent vulnerability exploits in trusted processes.
  • Traceability: If an incident occurs, your security solution should provide all the information needed to answer four basic questions: when the attack began; which users have been affected; what data has been accessed and what has happened to it; and how the attackers entered and from where.

These are not all the security measures that can be taken, although these four points at least must be covered.

The post UPS stores attacked in the USA appeared first on MediaCenter Panda Security.

Panda Security achieves the highest detection ratios in the industry’s leading tests

Panda Cloud Antivirus, the free cloud antivirus from Panda Security, offers the highest levels of protection according to the two leading industry product tests, those of AV-Comparatives and AV-TEST.

AV-Comparatives confirms a 99.9% detection ratio

During the more than 150,000 ‘real world’ proactive detection tests carried out from March to June this year by the AV-Comparatives independent laboratory, Panda Security’s free anti-malware solution managed to detect and block 99.9% of threats.

This comparative test of over 20 antivirus solutions highlights the great protection capacity of Panda Security’s solution, beating out other free products such as Avast, AVG or Microsoft’s antivirus; or pay solutions including Kaspersky, McAfee and Sophos.

For more details of the AV-Comparatives test, click here.

AV-Comparatives confirms a 99.9% detection ratio

AV-Comparatives

100% detection ratio, according to AV-TEST

Similarly, in the ‘Real-World Protection’ test carried out by AV-TEST in May and June, Panda Cloud Antivirus also racked up the maximum score, with a 100% detection ratio for the second consecutive month. Out of 23 products tested by the laboratory, only three achieved the maximum detection rate, and one of these was Panda Cloud Antivirus, the free solution from Panda Security.

In addition to these excellent detection results, it’s important to note that Panda Security has scored maximum points in the AV-TEST ‘Monthly Consumer Product Testing’ performance test in June.

For more details of the AV-TEST product tests, click here

100% detection ratio, according to AV-TEST

AV-TEST

New XMT Smart Engineering engine

The results from both these labs are based on tests carried out on products based on the new XMT (Extreme Malware Terminator) Smart Engineering engine from Panda Security. With XMT, different technologies interact with each other to achieve new levels of efficiency and greater detection and disinfection power to eradicate all threats. The new XMT engine will be included in the new 2015 consumer product line that Panda Security will be presenting in August.

“The best thing is that the platform and engine with which we’re achieving these results are the basis of all our endpoint protection products. Our aim is to continue integrating technologies in the platform to stay in pole position when it comes to detection and provide our users with maximum protection and minimum impact on their systems”, says Luis Corrons, Technical Director of PandaLabs at Panda Security.

Panda Cloud Antivirus 3.0

Panda Security presented Panda Cloud Antivirus version 3.0 last May, after a trial phase during which the product was downloaded more than 30,000 times across 130 countries. The new solution includes, in both the ‘Free’ and ‘Pro’ editions a new more modern and intuitive ‘look and feel’. The solution also delivers improved protection technologies against new threats and attacks that exploit software vulnerabilities and automatically vaccinates USB drives, a feature which is now available to all users of the product, and not just the Pro version, as in the past.

It also includes the highly useful Rescue Kit for dealing with emergencies caused by malware, as well as a more complete process monitor.

Panda Security launches Version 7.0 of its cross-platform corporate solution

?Panda Security, The Cloud Security Company, has announced major improvements in the new version 7.0 of Panda Cloud Office Protection (PCOP). Since the initial launch of Panda Cloud Office Protection, many companies have been able to enjoy the best possible cloud-based protection in a simple, agile and effective solution. Now, thanks to this latest release, customers will be able to act independently in the event of infections or problems with the protection deployed on their IT infrastructure. Similarly, customers now have easy access to all the information they need about their licenses, detections and the protections status.

Panda Security has included new dashboards in PCOP 7.0 with key information about licenses, detections and the protection status of computers

Panda Cloud Office Protection (PCOP)

?Benefits for organizations with more than 100 endpoints The latest release includes improvements aimed especially at customers with more than 100 endpoints. Panda Cloud Office Protection 7.0 includes major new technologies and features, including:

  • New dashboards. Offering key information about licenses, detections and the protection status of customers? computers.
  • Improved reports. Providing more detailed information about detections, reports are now easier to access and threat data is organized according to the level of risk, making it simpler to identify the most vulnerable systems.
  • Remediation. In the event of an infection, administrators can launch Panda Cloud Cleaner, Panda Security?s disinfection tool, remotely from the PCOP Web console. Administrators can also force reboots of computers from the console and find information on how to act should problems arise on the protection deployed on the company?s IT infrastructure. Similarly, FAQs are available detailing the steps to take to resolve such issues or if signature files are out-of-date.

?This latest version of Panda Cloud Office Protection responds to the needs and demands of our users. Many of the key improvements included will be particularly welcomed by customers with more than 100 endpoints. We have improved the reports process in PCOP 7.0 so our customers will now have more intuitive access to information about threats: where they?re located, where they came from, etc.,? says Manuel Santamar?a, Product Manager Director at Panda Security.

Panda Advanced Protection Service gets the backing of customers and partners alike

Panda Advanced Protection Service (PAPS) represents a disruptive offer to the market from Panda Security, The Cloud Security Company, to combat malware in general and specifically APTs (Advanced Persistent Threats), and gets the backing of customers, partners and industry analysts.

Customers including Eulen and Mecalux, and partners such as Indra have placed their trust in this unique solution to guarantee the security of all applications run on endpoints within an environment of multinational operations.

Real-time blocking and warnings

Mecalux is a multinational company specialized in the design and manufacturing of automated warehouses and other storage solutions. In a highly geographically disperse operative environment, Mecalux realized that its infrastructure -comprising thousands of endpoints and servers around the world- needed effective yet flexible protection, as well as secure access to services such as ERP (SAP), CRM, etc. By implementing PAPS, Mecalux can protect and supervise its extensive network thanks to the complete visibility of all applications run by users. This allows it to identify, classify and block potentially dangerous applications or those with potentially dangerous behavior.

“We are highly satisfied with the quality of the service provided by Panda Security over these months. Thanks to this innovative service for classifying applications, we can rest assured that we have real-time blocking and warnings that protect us against advanced cyber-threats such as meta-exploits, APTs in adware, PUPs, etc.,” Jorge Box, IT Systems & Infrastructure Manager.

“Mecalux needed optimum, real-time, forensic information on targeted attacks that could compromise its corporate servers and endpoints, and PAPS was the answer it was waiting for,” explains Josu Franco, VP Corporate Development at Panda Security.

Forensic analysis services on-demand

Indra is the leading consulting and technology multinational in Spain and Latin America. It provides solutions and services for sectors including Transport and Traffic, Energy and Industry, Public Administration and Healthcare, Financial Services, Security and Defense, etc. As part of its offer to key accounts, Indra has recently set up a major cyber-security center (i-CSOC) which brings together all available knowledge on cyber-security throughout the company, with the goal of making it a leading point of reference in this field.

“Panda Advanced Protection Service is a managed security solution that allows us to guarantee complete protection of our customers’ endpoints and servers, with granular monitoring and supervision of the behavior of each device. We can also offer forensic analysis services to customers on request,” explains Alfonso Martín Palma, Senior Manager of Indra’s Cybersecurity Unit (i-CSOC).

“Panda Advanced Protection Service enables us to provide guaranteed security against cyber-crime and targeted attacks, a key point which we were not convinced we would be able to achieve when we began to evaluate solutions,” concludes Ascensio Chazarra, Cyber-security Manager at Indra.

“Our partners represent a vital part of the strategy of PAPS, given that they address the global cyber-security needs of corporate customers. As such, we believe that PAPS offers them an excellent chance to satisfy the needs of all customers worried about the threat posed by targeted attacks to their data and intellectual assets. PAPS is the definitive answer to this demand for advanced security services. We are more than satisfied that PAPS will be a cornerstone of Indra’s cyber-security center (i-CSOC),” says Josu Franco, VP Corporate Development at Panda Security.

Advances security for a distributed infrastructure

The Eulen Group, a leading provider of business outsourcing services, required an advanced security solution for distributed infrastructure, with diverse software requirements across its numerous business units, a high degree of endpoint mobility, and an increasing level of cloud solutions implemented throughout the company. In such a context, Panda Advanced Protection Service has been highly valuable to Eulen, thanks to the monitoring, blocking and prevention of the most dangerous attacks.

“After the success of this project, and thanks to the quality of the services delivered, Eulen is now concentrating on the security of new operating systems such as Android, and as such is considering further collaboration with Panda Security,” Alejandro Las Heras, Technology Director at Eulen Group.

“Thanks to Panda Advanced Protection Service, Eulen now has a service that closes the window of opportunity for malware. It classifies everything that tries to run, and what can’t be classified is blocked. In short, it prevents malicious exploitation of anything run, and monitors data access,” explains Josu Franco, VP Corporate Development at Panda Security.

A unique, disruptive model

Panda Advanced Protection Service is positioned in the vanguard of new trends in cyber-security. As confirmed by the Gartner Group, in 2018, some 80% of endpoint protection platforms will include forensic analysis and user monitoring capabilities, against the 5% recorded in 2013⁽¹⁾.

Other Gartner sources predict that by 2017 over 50% of user devices will only allow the running of applications that have been previously classified in line with security and privacy criteria, in comparison with the current figure of 20%⁽²⁾.


(1) Source: “Designing an Adaptive Security Architecture for Protection From Advanced Attacks.” Published: February 12, 2014. Analysts: Neil MacDonald, Peter Firstbrook        
(2) Source: Magic Quadrant for Endpoint Protection Platforms. Published: January 8, 2014. Analysts: Peter Firstbrook, John Girard, Neil MacDonald.

Panda Security ensures security of all applications running on endpoints

Panda Security, The Cloud Security Company, today announced the launch of Panda Advanced Protection Service (PAPS), a new managed service for monitoring applications which uses a disruptive approach as opposed to the traditional system of detecting malware based on blacklists.

Designed for key accounts, Panda Advanced Protection Service proposes a new technological approach where every program that is run is automatically classified with maximum confidence. The solution identifies vulnerable applications, detects and blocks exploits against trusted applications, controls data access and provides complete traceability of all actions carried out on the system. PAPS neutralizes all malware that may have evaded detection by other security solutions as it classifies 100 percent of all executable files that attempt to run on protected endpoints. As malware creation grows unabated, endpoint security continues to be a problem for companies and a business opportunity for cyber-criminals.

PAPS classifies everything that attempts to run

Current endpoint security solutions are focused on integrating a growing number of detection technologies which, despite being increasingly sophisticated, are bypassed by malware writers in increasingly shorter times.

Diego Navarrete, CEO Panda Security

Diego Navarrete, CEO Panda Security

“In this context, Panda Security proposes a disruptive approach in which everything that attempts to run is classified with maximum confidence. This is a revolutionary step forward from a security model almost entirely based on detection techniques aimed at identifying malicious or suspicious items, to an approach aimed at classifying and securing everything that is run, even if no alert is triggered by the detection algorithms. With Panda Advanced Protection Service (PAPS), Panda Security presents a service that virtually eliminates the likelihood of malware going undetected. It classifies everything that attempts to run, continuously monitoring all actions performed by applications to prevent vulnerability exploits targeting trusted applications”, explained Diego Navarrete, CEO at Panda Security.

“In short, Panda Advanced Protection Service provides continuous classification and monitoring of all application activity on endpoints, allowing for complete traceability. As far as we know, no other security software vendor has a similar offering”, explained Josu Franco, VP Corporate Development at Panda Security.Adapted to customer needs

One important aspect that differentiates PAPS is that it is a service that adapts to the specific needs of each customer, profiling applications and behavior and identifying new attack patterns. “More than 20 years of experience in malware detection, together with the accumulated knowledge of our Collective Intelligence system, has enabled us to identify over 1,200 million application components and classify them as malware or goodware. This, along with the use of behavioral analysis, allows us to accurately predict the reliability of any applications running on endpoints”, concluded Panda Security’s VP Corporate Development.

Panda Security rewards Beta Tester of the Year with up to €600

Panda Security,The Cloud Security Company, today announced the beta release of Panda Global Protection 2015, its comprehensive anti-malware solution for protecting the information and digital life of home computer users. The new version has more features and is lighter, more secure and more complete than ever before.

This year, everything is new   

Panda Global Protection 2015 Beta is the most comprehensive solution in Panda Security’s new retail product line, and includes key improvements from the product’s 2014 version:

  • New, more straightforward interface.
  • New technological platform that harnesses the power of Panda’s cloud.
  • Wi-Fi protection thanks to its firewall and intrusion detection system.
  • Parental controls to monitor kids’ browsing habits, giving them the freedom they need with the protection that parents demand.
  • Data Shield module to keep confidential documents safe from viruses designed to steal or hijack them.
  • New Tuneup module to keep users’ computers clean and tidy. Users won’t see the difference, but they will notice it.

Beta-en

 

Beta Tester Challenge: exclusive prizes for the community

Along with the release of the beta, Panda Security also announced the launch of a competition with exclusive prizes to reward its beta testers:€ 600 for the ‘beta tester of the year’, 9 prizes of € 200, and 250 one-year subscriptions to Panda Global Protection 2015 (for 3 devices).

“Beta versions help us ensure our products include every feature demanded by our user community and everything works as requested. Users’ opinions are key to making our products even better, so we listen to and interact with them to make sure our solutions are perfectly suited to their needs”, explained Hervé Lambert, Retail Product Marketing Manager at Panda Security.

“This year’s version has been developed from scratch. Everything is new, and we can safely say that Panda Global Protection 2015 is lighter, more secure and more complete than ever before. In a word, it is clearly better. This is our opinion, and we expect our beta testers to confirm it”, concluded Lambert.

Beta testers who want to submit suggestions, questions and comments to Panda Security can do so through the company’s Beta Forum or via the following email address: [email protected].

 

 

Panda Security launches Panda GateDefender eSeries 5.5, now with Application Control

Panda Security, The Cloud Security Company, today announced the inclusion of new and enhanced features in version 5.50 of Panda GateDefender eSeries, the company’s unified perimeter security device that protects against all types of threats. The new version includes a new, improved configuration wizard, next-generation VPN technologies, a new firewall for application control and real-time monitoring of corporate networks.
Panda GateDefender eSeries enables mid-size and large companies to protect their corporate network and increase their productivity, and is available in three different versions -hardware, software and virtual- to suit the needs of every type of organization. In addition, its Web interface allows centralized and flexible management from a single console, accessible from the cloud at any time.

Nueva imagen

New Features
Panda GateDefender eSeries 5.50 includes robust, next-generation VPN technologies that enable very fast and highly scalable VPN connections, while managing granular access permissions to the network. Additionally, the solution includes a new application control feature capable of identifying and blocking more than 170 applications including Facebook, Skype, Spotify or WhatsApp to improve productivity. Also, the new Panda GateDefender eSeries includes an improved configuration wizard with a new network mode that allows the use of outgoing firewalls and application control in bridge mode.
The solution also allows real-time monitoring of corporate networks through an intuitive interface that enables organizations to generate extremely granular, customized reports.
These new features add to the many benefits already provided by the solution:
– Flexible, cloud-based management to centrally monitor, manage and update appliances quickly and easily, anywhere, anytime.
– Increased user productivity and optimized resource usage thanks to spam neutralization, restricted access to unproductive content and services, and bandwidth usage control.
– Complete protection against all types of infections and intrusion attempts right from the start. Faster response to new malware threats via automatic updates and queries to the cloud.
– High Internet availability. Its routing policies allow configuration of multiple high-availability lines, as well as installation of multiple appliances in parallel to deliver fault-tolerant, secure connectivity.
– Flexible, seamless integration with existing IT infrastructures thanks to the wide range of available versions: hardware, virtual and software appliances.

Malware creation breaks all records in the first quarter of 2014, with 160,000 new samples every day

Panda Security, The Cloud Security Company, has announced the latest findings of the PandaLabs quarterly report for Q1 2014. The main conclusions of the study include the fact that malware creation has broken all records during this period, with a figure of more than 15 million new samples, and more than 160,000 new samples appearing every day.

Trojans are still the most abundant type of new malware, accounting for 71.85% of new samples created during Q1. Similarly, infections by Trojans were once again the most common type of infection over this period, representing 79.90% of all cases.

In the area of mobile devices, there have been increasing attacks on Android environments. Many of these involve subscribing users to premium-rate SMS services without their knowledge, both through Google Play as well as ads on Facebook, using WhatsApp as bait.

Along these lines, social networks are still a favorite stalking ground for cyber-criminals, The Syrian Electronic Army group, for example, compromised accounts on Twitter and Facebook, and tried to gain control of the facebook.com domain in an attack that was foiled in time by MarkMonitor.

During the first three months of the year we have witnessed some of the biggest data thefts since the creation of the Internet, and as expected, Cryptolocker, the malicious file-encrypting ransomware which demands a ransom to unblock files, has continued to claim victims.

“Over these months, levels of cyber-crime have continued to rise. In fact, we have witnessed some of the biggest data thefts since the creation of the Internet, with millions of users affected”, explains Luis Corrons, Technical Director of PandaLabs in Panda Security.

 

Trojans, the malware of choice for hackers

So far in 2014, Trojans are still the malware most commonly used by cyber-criminals to infect users. According to data from PandaLabs, four out of five infections around the world were caused by Trojans, that’s 79.90% of the total. Viruses are in second place, accounting for 6.71% of infections, followed by worms, with a ratio of 6.06%.

 

Trojans, the most frequently created malware

Trojans also top the ranking of newly created malware, accounting for 71.85% of the total, followed by worms, at 12.25%, and viruses at 10.45%.

 

Infections by country

The global infection rate during the first three months of 2014 was 32.77%. China is once again the country with most infections, with a rate of 52.36%, followed by Turkey (43.59%) and Peru (42.14%). Although Spain is not in the top ten of this ranking, it is still above the global average with 33,57%.

European countries ranked high among the least infected countries, with the best figures coming from Sweden (21.03%), Norway (21.14%), Germany (24.18%) and Japan, which with a ratio of 24.21%, was the only non-European country in the top ten of this list.

The full report is available here.