Tag Archives: featured1

Panda Security

The Worst WhatsApp Scams of 2016

Leave a comment

List of the worst WhatsApp scams for the year.

With 2016 coming to an end we wanted to put together a list of the worst WhatsApp scams for the year. As you may remember WhatsApp was acquired by Facebook back in 2014. The promising app which has been making a name for itself in recent years just got its 1 billionth customer. A quick Google search and we find out that there are nearly 2 billion smartphones in the world. With this in mind, we can easily conclude that every 2nd smartphone user in the world has WhatsApp installed on their cell phone.

This automatically gives cyber trouble makers an opportunity of having one more source they could use for tricking you into giving away personal information such as credit card details, social security number or bank details.

Here’s what you need to know to stay out of danger and not fall victim of WhatsApp scams.

Getting you to download an app

Getting a message from an unknown number that allows you a sneak peek into your friends’ WhatsApp conversations. The message may sound something like ‘All WhatsApp messages are now encrypted but this app beats the code. Find out what your best friend and your girlfriend are talking about.’

It may sound hilarious and easy to catch but you would be surprised by the number of people without antivirus protection who fall for this trick.

The Nigerian lawyer

Have you heard of the Nigerian inheritance scam? It is still out there and even in 2016 you may end up laundering money without even knowing it. People who fall for it very often give away their bank details too. It may sound very 2014 but this scam is still going on in 2016.

These guys have now migrated to sending their messages on WhatsApp. And they still send them because people still fall for it. It may be 1 in a hundred that does, or even 1 in a 1000 but people still do. Common sense and antivirus protection would save you from getting scammed.

Craigslist

Without going into details, every seller on Craigslist wishing that you communicate only via WhatsApp is a person not worth doing business with. No, you will not get that cute little labradoodle puppy if you use an archaic money transfer service to send cash to a third world country while communicating solely over WhatsApp.

The Lady from Thailand

The lady claiming to be from Thailand or the Philippines you’ve been chatting with since last month is now asking you to buy and send her the latest iPhone 7. Even though this may sound legit you can’t be sure of who she really is. Drop the chat and report it. Remember that if it is too good to be true, it most likely isn’t. Don’t be cyber prey.

The 60% off

It may be a voucher or just an invitation to fill out a survey that promises you a gift card. It sounds legit as it promises you a little prize at the end of the survey. You directly get a message that qualifies you for a huge discount on remarkably expensive watches or sunglasses.

In both cases the link forwards you to a website where you give away your name, home address, password and possibly credit card number and SSN. All you get in return are $0.20 or $0.14 transactions on your credit card statement followed by huge losses if these phishing transactions don’t get detected by your bank’s fraud department.
You may get a message about you having a voicemail, a message inviting you to download a premium app, an invitation to join a dating site with millions of single people. A website that is so secure that you are required to add your credit details to obtain membership. Just leave these scammers in 2016.

We hope you didn’t fall for any of these scams this year or simply had protection on your device to keep you away from the cyber criminals. Have a wicked 2017!

The post The Worst WhatsApp Scams of 2016 appeared first on Panda Security Mediacenter.

Panda Security

Can a Hacker Guess Your Password in Only 100 Attempts?

Leave a comment

Making sure that our employees use complex and diverse passwords, both in and out of the workplace, is of vital importance. Not least because multitudes of confidential data could be at risk because of flimsy credentials, ones that are obvious and oft-repeated.

To demonstrate the necessity of adequate protection that also allows for the handling of many distinct passwords, a group of researchers has created a software that is capable of guessing passwords with only a small number of attempts. Specifically, with a little bit of the victim’s personal information, the tool would be able to hit upon the correct password testing fewer than a hundred possibilities.

It’s called TarGuess and was created by researchers at the Universities of Beijing and Fujian in China, and the University of Lancaster in the UK. According to their study, an attacker with sufficient personal information (username, a pet, family members, date of birth, or the destination of their most recent vacations) has a one in five chance of guessing their password in fewer than a hundred attempts.

All they’ve done with TarGuess is to automate the process with a tool that scours social networks for personal information that could later be used in its attempts.

Using this tool, the researches successfully guessed 20% of passwords of those participating in the study with only one hundred attempts. More strikingly, the success rate increases proportionally with the number of guesses. So with a thousand attempts TarGuess is able to get 25% of passwords, and with a million the success rate can climb up to 50%.

Moving beyond the controversial data breaches of platforms such as Yahoo or Dropbox, the main conclusion that this study draws is that many users’ passwords are not robust enough to withstand this kind of attack. And as if that wasn’t enough, these breaches have brought to light another risk: TarGuess reportedly detected that many of these credentials are used in other services, or at best have many similarities (constituting what they call “sister passwords”).

This investigation demonstrates once again the necessity of controlling what kind of information is published on social networks. An employee that ‘shares’ every moment of their life may be inadvertently helping a cyber attacker to learn their password, putting corporate data at risk.

The post Can a Hacker Guess Your Password in Only 100 Attempts? appeared first on Panda Security Mediacenter.

Panda Security

An Oversight in Online Payments Allows Cards to be Hacked in Seconds

Leave a comment

The countdown to year’s end almost inevitably means an increase in online purchases. On the heels of Black Friday and Cyber Monday, a full-blown consumerist race kicks off the goes until January. This 2016 will continue to show consumers turning more and more to e-commerce for their gift giving needs.

However, the convenience of paying by credit card online comes hand in hand with a real risk to our wallets. A recent study by investigators at the University of Newcastle revealed that the existence of a multitude of online payment systems, with their corresponding security measures, isn’t enough to guarantee consumer protection.  It’s more like the opposite — often, as a result of so much variety, we end up with a chaotic jumble that generates major vulnerabilities.

After analyzing several different payment methods, researchers discovered a new type of attack that allows cybercriminals to hack a credit card in only six seconds.

This kind of attack, which takes advantage of a couple of vulnerabilities with Visa cards, is already being used. In fact, it is believed to be the system used to steal money from 20,000 accounts of Tesco’s clients.

Actually, the attack is not very complex. It uses sheer brute force. Specifically, it exploits two oversights in online payment platforms. On the one hand, these platforms do not detect multiple erroneous payment requests when coming from different websites. On the other hand, they allow up to twenty erroneous payments for each credit card on each page. And as if that wasn’t enough, the payment system doesn’t refresh to request different information from the buyer after each failed attempt.

Thus, the attacker needs only a credit card number to start randomly guessing the CVV (Card Verification Value) and expiration date until it arrives at the right combination through brute force. Investigators tested this kind of attack on the 400 most popular e-commerce websites. They demonstrated that if we trust a credit card’s security as the sole safety measure, theft becomes a real possibility.

Platforms which use the Verified by Visa system or even payments with Mastercard actually escape these vulnerabilities. This shows that online credit card security by itself may, paradoxically, pose a serious risk.

The post An Oversight in Online Payments Allows Cards to be Hacked in Seconds appeared first on Panda Security Mediacenter.

Panda Security

The Biggest Cyber-attacks of 2016

Leave a comment

The worst cyber attacks of this year.

Cyber threats have been around all year. It’s actually really hard to compile a list of the top 3 cyber-attacks as evaluating the damage caused by a single cyber thread is nearly impossible. However we have been monitoring the cyber space for the past year so we made it possible to highlight some of the really bad ones.

The US election and how the hackers decided the winner of the US presidential elections

With complete respect towards democracy and people’s choices, it is not a secret thay hackers managed to get to many of the emails sent from and to one of the presidential candidates and members of her team. Yes, Hillary Clinton was under fire because emails of hers and her staff members ended up in the wrong hands.

Of course the authenticity of the emails was never officially confirmed but those emails cast a big shadow on her campaign. According to many, fake news generators mixed with ‘food for thought’ type of email leaks ended up deciding the results of the US presidential election.

We are never going to know if state hackers were behind the attacks or simply groups such as Anonymous and WikiLeaks. Who knows, maybe they wanted to get back at the Democratic Party for Obama’s actions during the Edward Snowden and Julian Assange cases. I guess we will never know…

Yahoo data breach

Earlier this year Yahoo admitted to more than 500 million user accounts being stolen from them back in 2013. Yes, it is true – your username and password might have been on sale in databases offered on the Dark Web for the past few years. When this was officially announced Panda Security advised people who had interactions with Yahoo to change their passwords.

Users are advised to change their passwords every 3 months nevertheless most people won’t change them. Clearly this is a personal choice. However if you don’t change your passwords regularly, your login details may still be circulating in the dark web and you are still under danger of being hacked. Just so you understand how high the stakes are here, because of this hack, when Verizon acquired Yahoo earlier this year they were able to negotiate a better deal.

DDoS Attacks

A massive cyber-attack against US DNS service provider Dyn knocked out major websites across the Internet earlier this year. The attack affected several websites, including Netflix, Twitter, Amazon and The New York Times.

The Internet service was disrupted for almost 11 hours, affecting more than one billion customers around the world. This attack added to the list of those suffered by a number of tech giants in 2016, such as the hack of 60 million Dropbox user IDs and 100 million LinkedIn passwords.

What’s next?

It surely has been a hell of a year so far, and it is not over yet. A few weeks ago Google was reportedly sending a new batch of warning emails to users, informing them that government-backed attackers might be trying to steal their passwords. The story is still unfolding. According to Wired, Russian hackers are targeting Germany’s elections. Would they succeed?

In 2017 we anticipate the unravelling of the Juliane Assange and Edward Snowden cases. Hopefully DDoS attacks will become harder to execute as regulations for connected consumer electronics are being strengthened. Would government supported hackers continue to change the political landscapes across the globe? We will also keep an eye on voice interactions with consumer electronics as they keep on growing.

Stay tuned!

The post The Biggest Cyber-attacks of 2016 appeared first on Panda Security Mediacenter.

Panda Security

Artificial Intelligence: the Future of Fighting Cybercrime

Leave a comment

The future of corporate security lies in artificial intelligence. In fact, for better or worse, algorithms will turn out to be crucial to the protection of corporate data. These two faces of the same coin will be nothing less than malware capable of mimicking human behavior and, on the flip side, solutions that can predict which threats will endanger your company’s networks.

To date, there are already algorithms capable of imitating writing styles, and this is precisely the key to the future of cyberattacks. Just imagine, for example, an employee who receives an email supposedly sent by a superior asking him to make a money transfer. The sender doesn’t arouse suspicion because the ill-intentioned algorithm has very believably mimic the superior in question’s writing style. This is a situation we are already seeing today.

According to the FBI, this sort of attack is not science fiction. There are already plenty of businesses that have fallen prey to these attacks, which have entailed losses of $23 million. As artificial intelligence makes headway and gains the ability to analyze more and more data of the person it plans to impersonate, so-called CEO fraud will become increasingly sophisticated and difficult to combat.

The Counterattack

However, all is not lost. As difficult as it may seem to counter these methods, businesses should take comfort in the upsides of artificial intelligence.

Indeed, the cybersecurity systems of tomorrow will come by way of algorithms that can prophesize future threats. To do this, they must first identify corporate system vulnerabilities that could give way to malicious software. The goal is for A.I. to be able to detect anomalies on company networks before it is too late.

For better or worse, companies will need to keep up with advances in A.I. to keep their confidential data confidential. It will be both the problem and the solution all at once. A new starting signal in the cybersecurity race that calls for the adequate protection of your company.

The post Artificial Intelligence: the Future of Fighting Cybercrime appeared first on Panda Security Mediacenter.

Avast

How to provide better Windows 10 security

Leave a comment

Microsoft’s latest operating system, Windows 10, is off to the fastest adoption of any version of Windows ever, and is already in use (33 percent), or being piloted, by more than 96 percent of enterprises. However, while security was a major focus of Microsoft in designing the software – Windows Defender and Windows Firewall –  the huge success of the OS and the vast Windows installed base, which includes enterprise, SMB, public sector, and consumer, has made it a major focus of cybercriminals, too. CVE currently lists 166 Windows 10 vulnerabilities, and in an average week Avast prevents more than 2.3 million virus attacks on Windows 10 PCs.

Panda Security

Did you know your eReader can be hacked?

Leave a comment

Could be your eReader a potential target for attack?

Most people think that hackers only target PCs and laptops. Some may also be aware that cybercriminals are now targeting smartphones too. But did you know that virtually any device – including your eReader – could be a potential target for attack?

Tablets as eReaders

With the exception of the Amazon Kindle, dedicated eReaders are now quite rare. Most people actually use cheap Android-powered tablets to read ebooks.

Obviously this is perfectly sensible – a reader that can be used to browse the web is really useful. But just like any other Android-powered tablet, there is a risk of security compromise.

These eReader tablets can install and run apps, just like Android smartphones – and this is there the problems arise. Malware infected apps are depressingly common; once installed they can steal personal information, access your passwords, allow criminals to commit identity theft and even use your tablet to attack other systems.

Malware is not just restricted to apps however. Determined hackers may disguise their apps as ebooks in the hope of tricking people into downloading them. Once loaded, these fake ebooks will install malware in the background, so you may not even know that there is something wrong.

The Internet of Things

Even if you never download apps to your eReader app, there is still a risk that cyber criminals could break in. WiFi connected devices are increasingly popular, allowing you to do all kinds of automated tasks. Remote light switches, connected thermostats, CCTV cameras and the like can all be joined to your home WiFi network to make your life easier through automation.

Known as the Internet of Things, these new technologies promise to change the way we live our lives at home. Unfortunately, every WiFi connected device also provides criminals with a range of potential targets to attack. Once in, they can then begin stealing data from the other devices attached to your network – including your eReader tablet.

Protecting your eReader

Because of these risks, you must protect your eReader in the same way you do your PC and smartphone. You should only ever download ebooks and apps from recognised, reputable stores like Amazon and Google Play for instance. This will help greatly reduce the risk of downloading an infected file.

You should also ensure that you have a suitable mobile security app installed on your eReader – like Panda Mobile Security. This will help prevent malicious apps from installing themselves, and alert you when there is a potential problem. You can then stop your information being stolen, or your device damaged.

If you suspect that your eReader has already been hacked, you should download Panama Mobile Security immediately. The longer an infection is left untreated, the greater the potential loss and damage caused.

For more help and advice on protecting your eReader, please get in touch.

The post Did you know your eReader can be hacked? appeared first on Panda Security Mediacenter.

Panda Security

How a Smart Toy Could Get Hacked

Leave a comment

Almost a decade has passed since the arrival of Furby, which made quite a splash on the children’s toys market. That was just the beginning. Now, Christmas serves as a time to usher in new companions that, of course, come with their respective apps and are able to have full conversations, as though they were alive. The Internet of Things has come to the toy store.

This new brand of entertainment carries along with it certain privacy risks for children. In fact, a recent study carried out by the Scandinavian consultancy Bouvet demonstrates how certain technologies included in modern toys connected to the Internet could present some danger.

According to the study, the Cayla doll and the robot i-Que, two American toys that are also available in a few European countries, are far from being the ideal entertainment for the kids.

For starters, they come with a voice recognition system enabling them to hold a conversation with their young owners. Built by the American company Nuance Communications, this system records the children’s speech at all times and sends it to the company, which stockpiles the audio data.

Apart from this unsettling surveillance of children, these toys pose another risk. According to the study, these products employ surreptitious advertising. Bouvet discovered that, over the course of conversations, the toys talk about other products, such as specific animation films.

As if that wasn’t enough, the investigators also discovered that the toys are able to be manipulated and that cybercriminals could hack them to cut into conversations with children or steal the conversations being recorded.

However, these aren’t the first incidents that have triggered alarms when it comes to smart toys. In fact, some companies have been adapting children’s entertainment to devices for over half a decade, not without certain risks. Just a year ago, the seventh installment of Star Wars came to toy stores with the BB-8, a friendly robot that you could control from a smartphone. Shortly after, it was revealed that this toy could be hacked and hijacked by a cyber assailant.

Last Christmas, even Barbie herself was accused of posing a danger to children. An interactive doll able to converse with humans and improve itself with automatic learning, the Hello Barbie continuously listened to what children were saying in an espionage fluke that parents and associations didn’t find very funny.

Santa Claus will have to double check the things he places under the tree this year. For starters, we should assume that to some degree all smart toys collect at least some data from our children. Before purchasing a toy connected to the Internet of Things, check consumer reports to see if there are any known vulnerabilities. And most of all, enjoy your holidays without worry.

The post How a Smart Toy Could Get Hacked appeared first on Panda Security Mediacenter.