Tag Archives: featured1

Panda Security

200,000 Snapchat images leaked

snapchat

After Celebgate, the leaking of private photos and videos of Hollywood actresses and models such as Jennifer Lawrence, now users of Snapchat have seen the security of their files compromised.

Snapchat is a mobile app for sending images and messages that are automatically deleted between one and ten seconds after being read.

Although Snapchat does not store users’ images, another app, Snapsave, which is available for Android and iOS, does store them. This is what has enabled 200,000 photos to be stolen, according to Snapchat.

According to The Guardian (UK), these include some 100 MB of nude images. It is as yet unknown whether these might include images of children, and it is important to point out that downloading of nude images of children under 16 is a jailable offense under child pornography legislation.

Images from ‘The Snappening’, as this leak has been dubbed, are already available on some Internet portals.

The post 200,000 Snapchat images leaked appeared first on MediaCenter Panda Security.

Avast

Adobe gathers data from your eBook reader

Image from http://www.quickmeme.com

Security and privacy violations in Adobe’s Digital Editions eBook and PDF reader were discovered last week.

“This is a privacy and security breach so big that I am still trying to wrap my head around the technical aspects, much less the legal aspects,” researcher Nate Hoffelder wrote in The Digital Reader blog post.

If you check out eBooks from your local library and read from a digital reader like a Nook, Kobo, or other non-Amazon eBook reader, then you have probably used Adobe’s free Digital Editions software.

Hoffelder said that Adobe is gathering user data on the eBooks that have been opened, which pages were read, and in what order, as well as metadata such as title and publisher –and all of it is being sent to Adobe’s servers in plain text. That means anyone who is interested and has the means, say, the National Security Agency or your ISP, could be reading over your shoulder. That’s not good. In fact, it’s very bad, as well as illegal.

It is hoped that Adobe’s Tuesday update will include a plug for the Digital Editions leak, but more likely it will be next week. In a statement to the American Library Association, Adobe reports they “expect an update to be available no later than the week of October 20” in terms of transmission of reader data.”

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.

Avast

Big updates coming from Microsoft, Oracle and Adobe this Tuesday

Patch Tuesday Oct 2014

Pour yourself a cup of coffee; this could take a while.

One of the biggest “Patch Tuesday” fixes is happening October 14, when vital updates will be available from three companies at the same time.

We are all used to the monthly Patch Tuesdays from Microsoft and Adobe, but this month the quarterly updates from Oracle, the parent of problem child Java SE, coincide, making it a pretty big day for securing your system. Avast experts agree that one of the most important steps you can take to securing your data and devices is to make sure that you keep your software up-to-date.

Microsoft

Microsoft leads off the normal Patch Tuesday with the release of 9 security updates across products including a critical patch of Internet Explorer, all supported versions of Windows, and the .NET development framework.

Oracle

Oracle’s Critical Patch Update is a collection of patches for multiple security vulnerabilities. It contains 155 new security fixes across hundreds of Oracle products; 25 of them for Oracle Java SE. Oracle warns that “these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. “ That’s not good, if you were wondering.

“I would suggest removing Java if possible or at least turning it off in all your browsers,”  advises Jiri Sejtko, director of AVAST Virus Lab operations. Here are removal instructions for the most popular browsers: How do I disable Java in my browser?

Adobe

It is hoped that Adobe’s Tuesday update will include a plug for the big Digital Editions e-book and PDF reader hole, but more likely it will be next week. In a statement to the American Library Association, Adobe reports they “expect an update to be available no later than the week of October 20” in terms of transmission of reader data.

Tuesday’s patch will probably include a fix for bugs in Adobe Flash Player.

avast! Software Updater shows you an overview of all your outdated software applications, so you can keep them up to date and eliminate any security vulnerabilities.  All avast! security products inform you whenever any of your 3rd party applications are out-of-date and you can apply updates manually by clicking the ‘Fix now’ button next to each conflicting application. avast! Premier can be configured to perform these updates automatically.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.

Panda Security

Hospitals targeted by cyber-criminals

The last few months have witnessed a rise in attacks on hospital IT systems with a view to stealing sensitive data. So far in 2014 there has been a 600% increase in such crimes.

Despite the benefits for hospitals of sharing patient data, this trend is posing a serious security problem for the healthcare industry. The reason is simple, medical information can be highly valuable.

To give you some idea, while credit card details could be worth a few euros on the black market, someone’s medical records could fetch as much as 80 euros. That’s a big difference. The reason is that this information includes not just medical details but also detailed personal information (social security numbers, addresses, bank account details, etc.) that can be used for identity theft.

perfusion-pump

It’s also important to bear in mind that in the USA (where the problem is greatest) healthcare is expensive and is mostly run by publicly-traded firms. That’s why they have a general interest in suppressing concerns about this issue (albeit a difficult task).

This August saw one of the largest thefts of medical data so far recorded, though it certainly wasn’t the first, or probably not the last. The personal details of over four million patients from the Community Health Systems organization were compromised.

Now no hospitals or health centers or health departments or healthcare companies are safe. Anyone who had received treatment in any center related to this healthcare group could be affected.

For this reason the FBI has said that it would be “committing significant resources and efforts to target, disrupt, dismantle and arrest the perpetrators“. It has launched an investigation to determine where were the attacks originated: the cyber-criminals were apparently working from China and used sophisticated malware. They are experienced in spying on the healthcare industry, stealing formulas for medications and drugs, and have been active for over than four years, although their impact is now greater thanks to the technological modernization of the sector.

doctor-patients

The FBI also warned healthcare companies of the need to take all possible security measures. The agency has recently been releasing alerts to provide businesses with technical information they can use to either prevent or identify cyber-attacks.

What’s more, hospitals are rarely prepared for this kind of attack, much less when many of the devices they use every day are connected to the Internet. However, with the emergence of the ‘Internet of Things’, it is essential that they adapt to the new environment. According to Kristopher Kusche, an expert in medical IT services, there are currently about 20,000 healthcare devices in the country connected to the Web.

doctors-at-the-OR

For this reason he believes it is essential for organizations to carry out risk assessment audits for their facilities with Internet access. Nevertheless, the most difficult thing is to quickly train people in prevention to deal with the attacks that are already happening. One of the easiest ways to start however, is to install programs that can detect malware, which could in the short term help protect devices against infection.

In addition, these attacks are creating a great deal of insecurity in the medical environment, which goes beyond just data theft, as many of these devices are routinely used to care for patients. Doctors are concerned whether someone could hack devices in order to affect people’s health. It wouldn’t be the first time that someone managed to tamper with a pacemaker…

The post Hospitals targeted by cyber-criminals appeared first on MediaCenter Panda Security.

Panda Security

The Ebola virus becomes the latest bait used by fraudsters

The Spanish Civil Guard has warned via Twitter of a number of Ebola-related hoaxes that have appeared over recent days.

Once again, WhatsApp has become the main channel for such scams, which include bogus reports of new cases of Ebola or the canceling of classes at the CEU San Pablo University in Madrid due to a possible infection.

Spanish-Civil-Guard

Hackers often exploit such situations for financial gain, and it was never in doubt that the first confirmed case of Ebola in Spain would give rise to these types of scams.

The Spanish Civil Guard have asked users to help avoid generating panic by not distributing these messages. They also encourage people to get their information through what they refer to as “serious channels of communication.”

The post The Ebola virus becomes the latest bait used by fraudsters appeared first on MediaCenter Panda Security.

Panda Security

If Viruses existed in the Times of Columbus…

 

Columbus English

If you want to share this infographic, here you have the code:

The post If Viruses existed in the Times of Columbus… appeared first on MediaCenter Panda Security.

Panda Security

How cookies work?

Cookies

We all know the ‘Allow cookies?’ message. This option now appears in practically all websites. In fact, nowadays more people associate the term ‘cookies’ with its Internet use rather than with its edible origin.

Cookies are small data packets which Web pages load on to browsers for a whole range of reasons. Every time you return to the same URL, the computer sends back this little package of information to the server, which detects that you have returned to the page.

When you access your email account or Facebook profile, it is cookies that allow your user name and password to be saved, so the next time you won’t have to enter them again.

But apart from storing strings of digits and letters, webmasters can use these tools for monitoring the activity of Internet users.

These virtual spies collect information about your Internet habits: the pages you visit frequently and the topics that interest you. The problem is that they usually share this information with data analysis firms or those that design targeted marketing campaigns.

If, say, an ad for a food product appears on your screen after you visit a restaurant page, don’t be too surprised. Thanks to cookies, advertising can be tailored to consumers’ preferences.

Even though cookies are safe and won’t usually infect your computer with malware, it is not always clear in whose hands the collected data ends up or where it is stored.

A team of researchers from Queen Mary University, London, has managed to shed some light on this in one of its studies. They have basically been spying on the spies. They analyzed where the data of Internet users from around the world ended up in order to draw up a data circulation map.

The experts have focused on who is running cookies on user’s browsers. External companies (such as those marketing and data analysis firms mentioned above) send these data packets from a domain different to the site so they can be detected when they do this. With this methodology they were able to analyze the 500 most popular pages in 28 countries.

The results have shown that this practice extends across the world. You can also see in the image the areas of the planet where Internet user privacy is most compromised.

cookies map

While in Europe, South America and Oceania the amount of local companies accessing user data is quite similar, the number is greater in Turkey and Israel. The origin of the snoopers is also interesting: most come from Russia or Germany. Those based in the USA often end up on browsers in the Middle East.

Scientists believe that this distribution reflects Internet privacy legislation in different countries. In most European countries, where there are laws regulating third-party access to user data, there aren’t so many ‘spies’ as in China or Turkey, where such rules are scarce. But spies are everywhere, so experts continue to call for tougher measures to combat the trafficking of personal information.

 

The post How cookies work? appeared first on MediaCenter Panda Security.

Redhat

The Source of Vulnerabilities, How Red Hat finds out about vulnerabilities.

Red Hat Product Security track lots of data about every vulnerability affecting every Red Hat product. We make all this data available on our Measurement page and from time to time write various blog posts and reports about interesting metrics or trends.

One metric we’ve not written about since 2009 is the source of the vulnerabilities we fix. We want to answer the question of how did Red Hat Product Security first hear about each vulnerability?

Every vulnerability that affects a Red Hat product is given a master tracking bug in Red Hat bugzilla. This bug contains a whiteboard field with a comma separated list of metadata including the dates we found out about the issue, and the source. You can get a file containing all this information already gathered for every CVE. A few months ago we updated our ‘daysofrisk’ command line tool to parse the source information allowing anyone to quickly create reports like this one.

So let’s take a look at some example views of recent data: every vulnerability fixed in every Red Hat product in the 12 months up to 30th August 2014 (a total of 1012 vulnerabilities).

Firstly a chart just giving the breakdown of how we first found out about each issue: Sources of issues

  • CERT: Issues reported to us from a national cert like CERT/CC or CPNI, generally in advance of public disclosure
  • Individual: Issues reported to Red Hat Product Security directly by a customer or researcher, generally in advance of public disclosure
  • Red Hat: Issues found by Red Hat employees
  • Relationship: Issues reported to us by upstream projects, generally in advance of public disclosure
  • Peer vendors: Issues reported to us by other OS distributions, through relationships
    or a shared private forum
  • Internet: For issues not disclosed in advance we monitor a number of mailing lists and security web pages of upstream projects
  • CVE: If we’ve not found out about an issue any other way, we can catch it from the list of public assigned CVE names from Mitre

Next a breakdown of if we knew about the issue in advance. For the purposes of our reports we count knowing the same day of an issue as not knowing in advance, even though we might have had a few hours notice: Known in advanceThere are few interesting observations from this data:

  • Red Hat employees find a lot of vulnerabilities. We don’t just sit back and wait for others to find flaws for us to fix, we actively look for issues ourselves and these are found by engineering, quality assurance, as well as our security teams. 17% of all the issues we fixed in the year were found by Red Hat employees. The issues we find are shared back in advance where possible to upstream and other peer vendors (generally via the ‘distros’ shared private forum).
  • Relationships matter. When you are fixing vulnerabilities in third party software, having a relationship with the upstream makes a big difference. But
    it’s really important to note here that this should never be a one-way street, if an upstream is willing to give Red Hat information about flaws in advance,
    then we need to be willing to add value to that notification by sanity checking the draft advisory, checking the patches, and feeding back the
    results from our quality testing. A recent good example of this is the OpenSSL CCS Injection flaw; our relationship with OpenSSL gave us advance
    notice of the issue and we found a mistake in the advisory as well as a mistake in the patch which otherwise would have caused OpenSSL to have to have
    done a secondary fix after release. Only two of the dozens of companies prenotified about those OpenSSL issues actually added value back to OpenSSL.
  • Red Hat can influence the way this metric looks; without a dedicated security team a vendor could just watch what another vendor does and copy them,
    or rely on public feeds such as the list of assigned CVE names from Mitre. We can make the choice to invest to find more issues and build upstream relationships.
Avast

Protégez les appareils mobiles de vos ados grâce à Avast.

Les ados passent une grande partie de leur temps sur leurs smartphones ou leurs tablettes. Aidez-les à se protéger grâce à Avast Free Mobile Security et Avast Antivol.

 

Teenagers_FR

 

Une étude réalisée par l’UNAF (Union Nationale des Associations Familiales) auprès de 500 élèves de 12 à 17 ans révèle que 73 % d’entre eux possèdent un téléphone portable et que 47 % l’utilisent en classe. Ils utilisent en général leurs smartphones pour surfer sur Internet et accéder aux réseaux sociaux, mais aussi pour s’orienter ou prévenir un proche en cas d’urgence. Beaucoup de parents considèrent le téléphone portable comme un outil de sécurité leur permettant de garder le contact avec leur ado peu importe où ils se trouvent.

La première chose à faire après avoir acheté un smartphone à votre ado. 

La plupart des jeunes utilisent un appareil Android sans protection intégrée. La première chose à faire est de télécharger une application de sécurité afin de protéger l’appareil de votre ados et leurs données.La nouvelle version gratuite d’Avast Mobile Security & Antivirus est enfin disponible. Son interface utilisateur améliorée et simplifiée vous permettra de protéger instantanément votre enfant contre les logiciels espions et les malwares, l’empêchera de télécharger des applications suspectes, sauvegardera ses contacts, ses photos et ses historiques d’appels et de sms.

Téléchargez Avast Mobile Security and Antivirus à partir du Google Play store.

La seconde chose à faire après avoir acheté un smartphone à votre ado.

Les ados sont très actifs et les chances qu’ils perdent leur portable sont élevées. Avast Antivol est une application à installer indépendamment d’Avast Mobile Security. Vous pouvez utiliser la fonctionnalité de localisation afin de retrouver un appareil perdu ou volé, le contrôler à distance et le verrouiller.

Téléchargez Avast Antivol à partir du Google Play store.

Autres conseils : 

  • Protégez le smartphone de votre enfant avec un mot de passe. C’est très facile et cela empêchera les curieux et les hackeurs d’accéder à leurs données.
  • Ajoutez les numéros importants à la liste de contacts. Ajoutez votre numéro de portable, celui de votre travail, des grands-parents, de l’établissement scolaire, des urgences etc.
  • Informez-vous des règles de l’établissement scolaire. Il est important de savoir si l’utilisation du portable y est interdite durant les heures de cours ou durant les pauses.
  • Informez vos enfants sur l’importance de la confidentialité. Cela inclut des sujets comme la publication de photos, le sexting et le comportement à adopter sur les réseaux sociaux.

 

Merci d’utiliser Avast Antivirus et de nous recommander à vos amis et votre famille. Pour toutes les dernières nouvelles, n’oubliez pas de nous suivre sur Facebook, Twitter et Google+.

 

 

Panda Security

WhatsApp Oro, a new scam related to the world famous messaging app

whatsapp oro

 

Be careful! The Spanish National Police have reported a new type of scam related to WhatsApp. That’s right, another one! We’re beginning to lose count of how many times we’ve reported these types of stories.

It appears that cyber-criminals have invented a new version of the messaging app: WhatsApp Oro (WhatsApp Gold). As you can probably imagine, there is no ‘Gold’ version of WhatsApp, and it’s really just another fraud to subscribe you to Premium SMS services.

Seemingly, criminals have been advertising this service on Twitter and more than a few users have fallen for it.

As you know, the success of WhatsApp has made it a prime target for criminals, so take care and don’t fall into the trap!

The post WhatsApp Oro, a new scam related to the world famous messaging app appeared first on MediaCenter Panda Security.