Tag Archives: Cybersecurity

How is Internet privacy upheld in the ‘digital afterlife’?

How do you account for someone’s digital presence after they’re no longer with us in the physical world?

The ‘digital afterlife’ is a concept that has been receiving increased attention from tech giants like Facebook and Google. Their aim is to make the passing of a loved one or relative easier, while also playing a role in celebrating people’s lives after they have passed away.

Internet Privacy

The issue of Internet privacy is, of course, a touchy one and this is magnified immensely in the difficult period after someone has passed away.

Whereas it used to be less clearly defined, Facebook recently felt the need to clarify the process that it adheres to after a user has passed away. If the social media giant is made aware of a user’s passing, there are two options; the account is memorialized or deleted. The account cannot remain active.

There’s an important reason for this, and that is the curious cyber security risks that come with leaving the page of a social media page unaccounted for after a user has passed away.

Unfortunately, the growing digital graveyard left by people’s data footprints as they lived their lives is not treated with the same reverence as its equivalent is in the physical world.

Cyber Security risks for a social media account

There are tangible cyber security risks for a social media account that isn’t being used, with reported incidents of deceased users’ accounts being hacked and taken over by spambots. These accounts are often used for advertising, with some users having reported seeing their deceased relative or friend’s account starting to like pages on the social media website months, or even years after that person has passed away.

People’s social media pages have also even been hacked after their deaths and distasteful messages left on their page as status updates.

These risks are the main reason that Facebook has recently clarified its policy on changes to a user’s account once they have passed away. In a recent statement, the tech company said, “if Facebook is made aware that a person has passed away, it’s our policy to memorialize the account.

Facebook though, has had issues with processing memorialization requests; there have been reported cases of it taking up to 6 months for a request from a family member to be processed, and others of people receiving no response at all.

With over a billion users, and some estimates claiming that more than 8,000 Facebook users die every day, it’s no easy task dealing with so many accounts and companies like Facebook and Google usually outsource such extensive undertakings.

Whilst the policy is strict on what happens to deceased users’ accounts, the social media giants don’t want this to take away from the freedom of deceased users’ loved ones in having a say in their relative’s digital afterlife.

Facebook have released a statement saying “there is more we can do to support those who are grieving and those who want a say in what happens to their account after death.” Google, meanwhile, have highlighted the importance of allowing people to “plan [their] digital afterlife.” Both companies allow users to designate a contact who will have access to their memorialized account after they have passed away.

Facebook ‘legacy contacts’ and Google+ ‘trusted contacts’ are able to curate their loved one’s social media pages after they have passed, by posting pictures and leaving updates whilst those who are already friends can leave parting messages.

Allowing this form of contact decreases the risk of cyber security being an issue in the digital afterlife.

The post How is Internet privacy upheld in the ‘digital afterlife’? appeared first on Panda Security Mediacenter.

Anticipate the risk of your employees getting a new phone for Christmas

cybersecurity-mobile-panda

As we enter the Christmas period, many of your company’s employees will be deciding to change their phones in the coming months. Something as simple and seemingly harmless as a gift (or a purchase from the Black Friday sales) could actually be putting your business security at risk, especially if it encourages workers to use their own smartphones for work.

As such, the idea of BYOD (Bring Your Own Device), if not properly managed, can compromise the confidentiality of corporate information when any member of staff decides to change device. Not just because your employees’ new devices do not have adequate protection, but because of where their previous phones may end up, and the data they may have inside.

In fact, it is essential to make your company’s employees aware that they must completely wipe all information stored on their old phone before they get rid of it. Although it is not unusual to sell old devices when buying a new one, this operation involves certain risks that must be avoided.

Before selling a cell phone it is essential to completely delete all information stored on it.

After all, the device in question may have confidential documents stored in its memory or, worse still, could still enable access to the email accounts of its former owner, and allow a complete stranger to access company resources. In addition to all of this, of course, there is the personal and equally private information that an individual could have stored on the phone.

So not only is it important to ensure employees have adequate security on their phones, but also to explain how to handle the sale of an old one. To begin with, you need to back up everything stored on your phone and also remove the memory card and SIM.

Once this is done, both Android phones and iPhones offer a way to permanently delete everything stored on them. This is the option that lets you restore the factory settings, which you can find in the settings of both operating systems.

Any device that stores company data must be sold without any confidential information. This is the best way to prevent a simple Christmas gift from catching out the owner of the new phone (or the company that employs them). However, should anyone forget to delete this data, it is always possible to remove it remotely, thereby eliminating everything that the phone contains even if it has already been sold. Yet this should only be an emergency plan should all else fail.

The post Anticipate the risk of your employees getting a new phone for Christmas appeared first on Panda Security Mediacenter.

Malicious office printers could hijack employees’ cell phones

panda-security-printer

At first glance it is just another printer; one of those big machines that sits against the wall of thousands of offices around the country, turning blank sheets of paper into corporate documentation. And as inoffensive as it may seem, just another piece of office furniture, it can become a threat to your company’s confidentiality. While your printers and networks can become one your most vulnerable security holes, the one created by the ‘hacker’ Julian Oliver is quite simply a spy.

Every time you make a call on your cell phone, the device connects to the nearest phone antenna. What Oliver has managed to do is to camouflage a similar antenna inside an everyday office printer.

In this way, the device can intercept all calls made or received from an office, thereby allowing an attacker to spy on conversations or read SMS messages.

In this case, however, there is nothing to be afraid of. This has simply been an experiment through which Oliver has tried to draw attention to the importance of using communication tools with end-to-end encryption, such as the Signal messaging app recommended by Edward Snowden himself.

Yet the fact that is only a demo shouldn’t detract from the lesson to be learnt. In the strategy used by Oliver, every time a phone connects to the antenna camouflaged in the printer, the device sends an SMS. If the recipient responds to any of these messages from an unknown number, the printer prints the SMS message and the ‘victim’s’ phone number, thereby revealing the scam.

What’s more, the printer is programmed to make calls to the phones that connect to its antenna. If someone answers, all they will hear is a Stevie Wonder song. A practical joke that lasts some five minutes; after this time, the printer disconnects the phone from the antenna, allowing it to connect to the genuine mobile network. In the event of a real attack however, the consequences won’t be as entertaining, nor the scare so brief.

Oliver’s experiment serves to remind us of the fragility and vulnerability of the communication networks we use every day. A simple Raspberry Pi motherboard and two GSM antennas would be enough to enable an attacker to camouflage an antenna in a printer and spy on all of a company’s phone conversations and steal confidential corporate information.

The post Malicious office printers could hijack employees’ cell phones appeared first on Panda Security Mediacenter.

Be careful not to keep your invoices where your competitors can find them

invoices-panda-security

One of the most common and most sensitive documents that companies handle on a daily basis is invoices. Issuing and receiving them is a fundamental activity for every business, however, people are not always aware of how important they are even after being paid or collected.

Together or individually, they can expose critical information that can be very valuable to your competitors, such as customer lists, product and service descriptions, prices and promotions, or details of key agreements.

However, these files are so common in organizations that they are often treated carelessly or with a complete disregard for security by employees, to the point of being sent via email in unencrypted formats, through instant messaging applications, stored in virtual stores more or less accessible to the public, in physical devices such as pen drives, etc. In fact, it’s quite easy to overlook the importance of the information they can provide to a third party.

Invoices are so common that they are often treated carelessly.

Just do a couple of searches on Google and you’ll realize the extent of the problem.     Search for such simple, obvious terms as ‘invoice euros vat inc address tax number date total’ with a filter to show only PDF files, and you’ll find an endless number of sensitive documents that are accessible to the public without companies knowing.

Companies in the textile sector, integrated service companies, travel agencies, etc. The list is too long, especially if you consider how easy it is to protect invoices if you take the appropriate precautions.

First, these and other critical files should never be stored on Internet-facing servers. However, as this can be difficult in the day-to-day reality of the majority of companies, at least it should be checked that those servers are not accessible to the public in such evident places as Google.

In reality, the presence of these and other confidential files in the popular search engine is almost always due to the wrong configuration of corporate servers, or to the fact that these include directories that can be easily crawled by Google’s bots.

Being aware of this and taking the necessary steps to prevent it is one of those simple, effective protection measures that companies often forget about. However, it is very important to understand that invoices contain far more valuable information than may seem apparent at first glance.

The post Be careful not to keep your invoices where your competitors can find them appeared first on Panda Security Mediacenter.

Black Friday and Cyber Monday: how to shop online safely.

pandasecurity-black-friday-cyber-monday

How to safely shop online?

It’s not a secret about 70% of the adult US population shops online regularly. With Black Friday and Cyber Monday right around the corner tens of millions of people are preparing to get a bang for their buck. The deals are usually so good even people sceptical about online shopping, and without much experience, may feel tempted to participate in the online frenzy. Last year consumers spent more than $3 billion on Cyber Monday alone. The previous record was in 2015 when they spent “only” $2.75 billion.

Our economy seems stable right now, with that in mind we are pretty sure the deal-hungry buyers will beat last years’ numbers. There is nothing wrong with taking advantage of the great deals, as long as you do it safely. Panda Security has been combating cybercrime for more than 25 years and we can surely tell you a thing or two about how to safely shop online around the holidays.

Top 10 tips of how to safely shop online

Beware of phishing

With Thanksgiving just around the corner, you will begin receiving tons of email newsletters offering you great deals. We do not advise you click on the ones you are not familiar with. Try to stick to the ones you know, and if you don’t know the company that is approaching you, research them online before opening the emails you’ve received from them.

Do research

We know that the deals around Thanksgiving are amazing but sometimes when something is too good to be true, it’s either fraudulent or a scam. Don’t be fooled by the Cyber Monday label, products still cost what they cost if the deal is too good to be true that’s probably because it’s not true. If you are in doubt, simply google the product and see if anyone else offers it for the same price. You may end up getting an even better deal!

Don’t be scared to buy from the ‘usual suspects’

Try to do your online shopping from websites and online retailers that you recognize and you have shopped from before. You shouldn’t worry much if you place an order with a well-known supplies superstore such as Home Depot for example.

Check the URLs

While you surf online you may get so excited by the good deals you’ve found that you may end up on a spoof website. If you are in doubt, check the URL link. If it feels awkward close the browser, open a search engine, type the name of the retailer you are trying to reach and place the order through the real website. Better safe than sorry!

Read the file product description as well as the terms and conditions

Sometimes it may seem as if you are buying a brand new device but you may end up getting a refurbished or reconditioned one. The fact that the deal is great, does not mean that the product will be great too. Always take your time to review the terms and conditions, warranty, insurance options, the return policy and the location of the product you are trying to purchase.

Do not use the debit card for your checking account

It may be tempting to pay directly from your checking account but checking accounts have less protection and it will be much harder for you to get your money back if you end up scammed by a phony website. Even if you have the money available in your checking account, better not share your debit card details with the world unless absolutely necessary. Put those expenses on your credit card statement instead!

Verify your order

It is not uncommon for consumer to select more than one item by mistake, or they put the wrong house number, or they check a shipping option that does not work for their needs. This is why we advise you to always double check the order before you make a payment. A few extra seconds won’t waste your day. You don’t want to buy a Christmas gift a week before Christmas to later find out that it ships from China in 3 weeks’ time.

Make sure the site is safe

Don’t buy anything online from a site that does not have SSL encryption. You will know if a site has SSL encryption if the URL starts with HTTPS:// (instead of just HTTP://).

Use antivirus software

It may sound trivial when you hear it from us, but staying protected is really important. Don’t wait until Thanksgiving to get protection. We’ve been combating cybercrime for nearly 3 decades, we can help you and your family stay safe around the holidays.

Use common sense

Last but not least, if you see a website that looks suspicious, just don’t order from there. There’s plenty of fish in the sea – you will find the same offer somewhere else. There is nothing wrong with calling the company directly during business hours to check their legitimacy. Remain vigilant, don’t just give away your hard earned cash!

Every year we spend billions of dollars around Thanksgiving and hackers are preying on us trying to get our card details, trying to steal our identity and personal information. Don’t let them ruin your holiday by simply following the suggestions listed above.

Happy shopping!

The post Black Friday and Cyber Monday: how to shop online safely. appeared first on Panda Security Mediacenter.

Camera drones: A flying spy is peeping into your window

panda-dron

Drones have conquered the world: they are used to hunt down tax evaders and illegal hunters, help suppress wildfires, find victims after natural disasters… They even serve as flying cameras to assist in filming movies and for aerial photography.

Online retail giant Amazon, for example, is planning on using drones for commercial delivery in order to fly purchases right to customers’ front doors. Despite being originally developed for military purposes, drones are slowly finding their place into our everyday lives.   However, just as with every other technology, these unmanned aerial vehicles can pose a serious threat if they fall into the wrong hands.

Among other things, drones can be used as highly effective spies. Their ability to get close to almost any place where confidential data is stored (for example, an office) without being seen, makes them the perfect spy. Not only because of their ability to carry cameras and capture images through windows, but also because they can make the perfect weapon to carry out sophisticated cyber-attacks.

Drones can be used by cyber-criminals to easily get their malicious tools close to their target without having to overcome the physical barriers that the potential victim may have in place (security guards, access control systems, biometric sensors, surveillance cameras, etc.).

A drone could hide, for example, a jammer, a malicious hotspot, a device to launch attacks via Bluetooth or NFC, etc. The number of ways in which these aerial devices can be used to spy on victims and steal confidential information is almost endless.

Such is the risk that there are countries such as Sweden that have ruled that camera drones qualify as surveillance cameras, banning their use unless the drone operator has the necessary permit.

However, a cyber-criminal that wanted to use a drone to carry out an attack would still have another option: to take control of someone else’s device. Unfortunately, many of today’s models have vulnerabilities that could allow a remote attacker to take control of them.

Drone manufacturers have the responsibility to increase the security of their aircrafts to mitigate the security and privacy concerns raised by them. As this technology becomes ever more present in our lives, it is clear that the notion of safety and security in IT systems cannot be limited to computers and smartphones, but should also reach other high-flying devices. In this respect, having the cyber-security protection that best adapts to your needs is absolutely essential.

 

The post Camera drones: A flying spy is peeping into your window appeared first on Panda Security Mediacenter.

A phishing attack is launched every thirty seconds: 6 tips to protect yourself

Phishing continues to blight the Internet and is a thorn in the side of companies around the globe. Not only is it one of the most serious problems facing any company with even a minimal activity on the Web, it is also an ever-increasing threat.

phishing-tips- panda- securitySo much so, that a recent study has revealed that in the last year alone there have been more than a million attacks of this nature. This means that on average, a phishing attack is launched every thirty seconds with the aim of defrauding companies and home-users alike. In the case of businesses, the damage inflicted by this onslaught is nothing short of dramatic: the total cost to companies around the world is in excess of 9,000 million dollars, more than 8,000 million euros at today’s exchange rate.

The total cost to companies around the world is in excess of 9,000 million dollars.

Given this situation, in addition to having proper protection, it is more important than ever that companies follow a series of recommendations to prevent falling victim to an attack that could have grave financial consequences. Checking the source of each email you receive and not accessing bank websites from links included in emails are two of the basic precautions you can take to avoid falling into the traps set by cyber-criminals.

What makes these and other similar measures so essential is the dramatic increase in phishing attacks that has taken place over the last year. In the second quarter of 2016 alone, more than half a million unique attacks were identified, that’s a 115 percent increase on the previous quarter. Moreover, the increase with respect to the same period in 2015 is even more alarming: 308 percent.

In the second quarter of the year “Phishing” attacks have been incresing in a 115 %

To counter this situation, it is essential for companies to ensure that their employees are aware that they must only enter confidential data on trusted websites which, as with all secure pages, have an address starting with HTTPS. Phishing attacks are on the rise and they are also evolving. Now, for example, not only are they aimed at identity theft on social networks or taking money from current accounts, they are also being used to steal from e-Wallets.

 

The post A phishing attack is launched every thirty seconds: 6 tips to protect yourself appeared first on Panda Security Mediacenter.

Black Mirror – How much is already real?

pandasecurity-black-mirror-threats
Warning – the following article may contain spoilers

What it’s true of Black Mirror?

Charlton Brooker’s Black Mirror television series has become something of a phenomenon thanks to its almost prophetic predictions about society and technology. Set in the very near future, Black Mirror borrows technology stories from the media, and imagines the worst possible outcomes to create a bleak view of the world that we are creating today.

What makes Black Mirror so compelling is that the storylines are simultaneously outlandish and plausible. More impressive is the fact that some of the predictions have actually come true.

As the third season of Black Mirror airs on Netflix, it’s time to consider how close to reality the latest round of predictions really are.

Episode 3 – Shut up and dance

Hackers take control of a Kenny’s laptop, and use the webcam to secretly film him in a compromising situation. Kenny then receives a string of ransom texts to his phone, demanding he follow the supplied instructions or risk the embarrassing video being leaked to his friends, family and the rest of the world online.

The reality is that malware already exists to hack into computers, activating the web cam remotely. And like most malware, you probably won’t even notice anything is wrong until you receive a ransom demand or similar.

To prevent being spied on, some people take the extreme step of taping over their webcam – a method favoured by Facebook CEO Mark Zuckerberg.

Just as effective (and much easier to manage) is to protect your computer with a robust antivirus application like Panda Security that can detect and block malware before it can install itself.

Episode 6 – Hated in the nation

The Metropolitan Police investigate the brutal murder of a journalist in London. All the evidence seems to point to the woman’s husband, but of the detectives assigned to the case suspects that social media may also play a part.

As more deaths follow, it is discovered that a swarm of robot bees has been programmed to kill anyone trending online with the hashtag #DeathTo. The mob mentality of social media users is unwittingly singling out individuals for death.

The robot bees may not yet exist, but the vicious hashtags that accompany each attack in Black Mirror certainly do. Cyberbullying is widespread, and really does cause lasting damage to the victim, leading to stress, depression and, in extreme cases, suicide.

Online bots that respond to trending hashtags already exist, helping to spread viral messages, or trigger specific actions for companies that monitor social media. The artificial “intelligence” to drive a swarm of robot bees is ready, even if the technology is not.

To avoid attracting the attention of trolls online, parents should consider installing a comprehensive internet security package like Panda Gold Protection (you can download a free trial here). This will allow you to block access to sensitive sites – including social media – protecting your family against simple, unintentional mistakes becoming headline (life-threatening) news.

Horrifyingly close to reality

Black Mirror makes for uncomfortable viewing – mainly because it is so close to the reality we know. The dire outcomes of each episode are just realistic enough to create a terrifying view of the future. Fortunately you can avoid starting some of these chains of events with some effective internet security software.

For more help and advice about staying safe online, please get in touch.

The post Black Mirror – How much is already real? appeared first on Panda Security Mediacenter.