Tag Archives: featured1

Panda Security

How to Bolster Security for Your Online Store This Holiday Season

Leave a comment

tips-cybersecurity-panda-christmas

The gift giving season is just around the corner. With the frenzy of Black Friday and Cyber Monday already behind us, shops that conduct their sales online (and their clients) should be prepared for the most hectic weeks of the year still to come.

Unfortunately, this is also the busiest time of year for scammers that try their luck at fishing in frenzied waters. Cybercriminals are well aware of how many companies, regrettably, don’t invest enough in protecting their online sales platforms. Thus, cyberattacks and data breaches soar around the holidays. Luckily, if you run an e-commerce website, you’re still in time to follow these tips:

  • tips-online-salesDon’t cache your clients’ payment information. The best way to avoid problems is by thoroughly verifying that credit card numbers are never stored in your data base and never pass through your servers. It’s as easy as resorting to one of the many payment solutions on the market, such as PayPal or Braintree, which take it upon themselves to handle that sensitive data for you.
  • Make sure your website’s platform (Prestashop, Magento…) is up to date. Search the Internet for common vulnerabilities these tools may have and look for a way to remedy them. The same goes for plugins and extensions you may have installed.
  • Implement a secure SSL protocol. This is essential to your online store (especially when transmitting user information). In truth, it’s essential to any website, but customers perceive e-commerce platforms that don’t show the “http” in the address bar as insecure. And with good reason.
  • Be prepared for the flood of traffic. A large number of users will connect at the same time to make holiday purchases on your website. Check that your web hosting service is up to speed and can handle traffic peaks, that you are using a well-configured load balancing solution and a CDN to reduce the traffic that your server has to withstand. Not only will you avoid downtime, but also you will increase speeds and improve user experience.

From a vendor’s standpoint, these are some issues to be kept in mind to increase security for the holidays.

But there’s something else that businesses should keep in mind when it comes to protection at this time of year. Namely, that their employees, whether they like it or not, will be making purchases using company computers.

Among the precautionary measures that we would like to impart, these are especially pertinent. Before making a purchase, your employees should make sure:

  • That their system is up to date has the protection of a reliable advanced cybersecurity solution.
  • That they only make purchases on well-known websites that have a solid reputation, and that the webpage uses an SSL protocol with security certificates.
  • That they avoid bargains that seem implausible, especially if they appear in emails and the sender is not fully trustworthy.

With this advice and a bit of common sense, holiday preparations shouldn’t bring about any unpleasant surprises. Shopping online is quick, convenient, and easy, but we have to stay vigilant to avoid falling into scams.

 

The post How to Bolster Security for Your Online Store This Holiday Season appeared first on Panda Security Mediacenter.

Panda Security

Panda and Logtrust Stem Cyber-threats with Real-time Analytics

Leave a comment

‘ART’ Automatically Pinpoints Attacks and Anomalies at Endpoints

Panda Security, the world’s leader in advanced cybersecurity solutions, and Logtrust, the real-time Big Data-in-Motion firm, announced the availability of the Advanced Reporting Tool (ART), as an optional module of Panda Security’s Adaptive Defense, which automatically generates Security and IT intelligence that allows organizations to pinpoint attacks, unusual behaviors, and detect internal misuse of systems and networks.

ART’s unique capabilities enable calculations, graphical visualization and alerts on data monitored, collected and correlated by Panda Adaptive Defense on companies’ endpoints. ART allows those companies to control the risks in the workplace and take security and resources management actions on end-points, including those associated with IoT networks and devices.

“Malware volume has grown exponentially, and the number of potentially vulnerable endpoints within an organization has proliferated, including data streams coming from IoT networks which may compose one of the most serious threats companies face,” said Pedro Castillo, CEO, Logtrust. “The combined capabilities of Panda and Logtrust allowed Panda to create a tool that applies real-time big data analytics to pinpoint attacks, unusual behaviors as well as detecting internal misuse of the corporate systems and network.”

Security Analytics that Border on Prescience

Panda Adaptive Defense represents a new security model that correlates data from multiple sources, bringing the capabilities of Big Data and machine learning to detect, analyze and prevent advanced threats. By partnering with Logtrust, Panda was able to leverage a cloud-based platform capable of both collecting a wide range of data and rapidly analyzing large volumes of data in machine real-time.

“Adaptive Defense, in combination with Advanced Reporting Tool (ART), is a leap forward in how companies approach cyber-security incidents, unusual behavior and resources misuse by both external factors and insiders, so it naturally requires tremendous speed and power to achieve its objectives,” said Iratxe Vazquez, Product Manager, Panda Security. “Logtrust’s Flat-Ultra-Low-Latency time-series data analytics platform, which processes over 150,000 events per second/per core, meets perfectly the performance and functionalities of our ART’s requirements.”

Additionally, Logtrust’s highly visual, customizable and intuitive interface affords the ability to:

  • Easily create and configure dashboards with key indicators and adaptive search options
  • Set default and custom alerts related to security incidents, risk situations, user access to critical information and application/network resource usage

A Penetrating, Holistic View of the Vulnerability Landscape

Panda Adaptive Defense relies on an innovative security model based on three principles: continuous monitoring of applications running on computers and servers, automatic classification using machine learning on Big Data platform in the cloud and security incidents experts analyze those applications that haven’t been classified automatically to be certain of the behavior of everything that is run on the company’s systems.

The massive amount of data, collected at endpoints and correlated in Panda Security’s Big Data platform is also cumulated at LogTrust Platform to provide security and IT managements insights, such as external and internal threats, diagnose critical vulnerabilities, and alert in real-time, so that businesses can immediately prevent or minimize Security and IT issues. Additional benefits of Advanced Reporting Tool (ART) Module working with Logtrust include the ability to:

  • Perform Forensic Analysis. Go back up to 12 months to correlate data from endpoints, identify the malware and pinpoint every place it has touched, and analyze the application’s vulnerabilities.
  • Completely Map All Vulnerabilities. Gain visibility into all machines, applications and elements running on any endpoint to assess vulnerability.
  • Monitoring and Policies. Monitor and control use of corporate resources to determine if it is normal and expected, or a matter that needs to be addressed.

About Panda Security

Founded in 1990, Panda Security is the world’s leading cloud-based security solutions company. Based in Spain, the company has a direct presence in over 80 countries, products translated into over 23 languages and more than 30 millions of users worldwide.

Throughout its history, Panda Security has established a series of innovative milestones that have been later adopted by the rest of the industry. In fact, Panda has been the first vendor to propose a new technological approach based on three strategic elements: Cloud Computing, Big Data and Behavioral Analysis. This brings a new security model that assures the complete classification of all active processes on the systems. By analyzing, categorizing and correlating all this data about cyber-threats, its platform can leverage contextual intelligence to reveal patterns of malicious behavior and initiate prevention, detection and remediation routines, to counter known and unknown threats. Assuring the maximum level of protection ever seen in the cybersecurity industry. Visit www.pandasecurity.com and www.pandasecurity.com/intelligence-platform/  for more information.

About Logtrust

Logtrust is a Real-Time Big Data-in-Motion platform offering Fast Data, Big Data analytics through a solution that enables real-time analytics for operations, fraud, security, marketing, IoT and other aspects of business. Recognized as a Gartner Cool Vendor 2016, Logtrust is intuitive, interactive, and collaborative, with no coding required, guided widgets, and out-of-the-box advanced interactive contextual dashboards. The platform provides a completely real-time experience, with new events always available for query and visualization, and pre-built queries always updated with the most recent events. The highly customizable solution works non-intrusively with your system, with agentless collectors and forwarders, platform remote APIs to check health, and all capabilities callable via REST APIs. Service is always on with cross-cloud region disaster recovery, and data is always hot and unmodified (to meet data reliability and integrity compliance requirements). Logtrust is located at the epicenter of Silicon Valley in Sunnyvale, CA, and further serves its global clients through offices in New York and Madrid. Visit www.logtrust.com for more information.

The post Panda and Logtrust Stem Cyber-threats with Real-time Analytics appeared first on Panda Security Mediacenter.

Avast

Tech’s power to promote good or evil depends on who controls it

Leave a comment

Originally published at The Parallax.

We often forget that technology is a double-edged sword. With the benefits of every advance comes the possibility that it will be used for destructive purposes. ISIS builds its own drones, botnets hijack appliances to bring down huge chunks of the Internet, and ubiquitous Web publishing has led to fake news outperforming real news on social media.

Panda Security

Hijacking and Theft: The Dangers of Virtual Reality for Businesses

Leave a comment

virtual reality panda

Tech giants such as Google, Facebook, or Samsung are betting heavily on virtual reality. As such, this technology has all the hallmarks of something that may soon revolutionize our lives. It may also revolutionize a multitude of business sectors. Tourism (traveling without getting up from the couch), education (seeing history instead of learning the bare facts or visiting the inside of the human body for your anatomy lesson), entertainment (movies starring you), and much more.

However, it is still very much in the early stages of its development. We’re not hearing much about the cybersecurity risks that come along with it. We should be aware that virtual reality, as with any innovation, carries with it some new threats, as well as some old ones that can reinvent themselves in light of new technology.

Virtual Theft

Imagine you’re participating in a virtual reality contest that promises to give you the house of your dreams if you succeed in building it in 100 hours using Lego blocks. You toil away on your house to meet the requirements and in the end you succeed, at which point the organizers grant you the property of the living space that fascinates you so. However, there’s a cybercriminal on the prowl. He sneaks into the application’s servers and modifies the ownership of the property. Of course you’ve lost nothing physical, but you have lost valuable time. And the company behind the app has lost even more than that. At the very least, they’ve lost your trust, as well as that of the rest of their users.

Identity Theft

As worried as we are about the massive credential data breaches that companies increasingly suffer during cyberattacks, in the virtual world things may get worse. Intruders will be able to get their hands not only on usernames and passwords, but also on the user’s physical identity (the hyperrealist avatar generated after scanning their own body).

With all of their biometrics data in your possession, it may end up being easy to steal an actual person. Companies that safeguard such information may therefore face greater risks than those found in the age of credential theft.

Reality Modification

Attackers can figure out how to modify a given application’s code to manipulate (virtual) reality as they please. The number of scenarios is infinite. Accessing the virtual offices of a company that works remotely, modifying information to harm a business’s reputation, altering user experience… There’s a whole world of potential risks waiting to be discovered that will bring about new challenges for cybersecurity experts.

Headset Security

In much the same way that malware can affect computers and mobile devices, it can affect virtual reality headsets. Cybercriminals can attack these headsets with a diversity (and perversity) of intentions. Everything from a keylogger able to track user activity to a ransomware that blocks access to a specific virtual world until the user shells out a ransom may be implanted.

The post Hijacking and Theft: The Dangers of Virtual Reality for Businesses appeared first on Panda Security Mediacenter.

Panda Security

Don’t Let Yahoo Happen To You: How to Protect Your Business from Large-Scale Data Theft

Leave a comment

yahoo-data-theft

In 2016, the theft of passwords from internet titans is no longer an exception. Just when it seemed like the year was winding down, having left us with the surprising news of what until yesterday was considered the highest magnitude cyberattack in history suffered by Yahoo and reported three months ago, this same company returns to headlines after announcing the theft of data from 1 billion accounts.

This comes on the tail of some revealing figures. For example, massive data breaches have, amazingly, affected 97% of the 1000 largest companies in the world.

After admitting last September that in 2014 they had suffered a large-scale theft that affected 500 million users, Yahoo revealed today that in 2013 it suffered what is now considered the worst incident of information piracy in history with the theft of 1 billion accounts.

There’s a strong resemblance between this attack and the ones we’ve been analyzing over the past months. These recent attacks showcase the way cybercriminals gain access to names, email addresses, phone numbers, dates of birth, passwords, and in some cases clients’ encrypted and unencrypted security questions. The dimensions of the incident are truly staggering.

Yahoo disclosed that “an unauthorized third party” accessed the data and that at this time the culprit remains unnamed.

Economic repercussions aside, these incidents also call into question the issue of deteriorating user confidence. For example, Verizon’s initiative to integrate Yahoo into the AOL platform will certainly come under scrutiny.

How Should You Keep Your Business Safe?

There’s a legitimate reason to fear for your business’s confidential information. An outsider capable of getting the key to your company’s data, as happened at Yahoo, is a latent risk. Prevention has become the greatest asset in combating Black Hats and avoiding some of the dire consequences of these attacks.

To that end, we encourage you to turn to the advanced cybersecurity solution best suited to your company’s needs. Our Adaptive Defense 360 can offer you:

visbilidad- adVisibility: Traceability and visibility of every action taken by running applications.

 

deteccion- adDetection: Constant monitoring of all running processes and real-time blocking of targeted and zero-day attacks, and other advanced threats designed to slip past traditional antivirus solutions.

 

respuesta- adResponse: Providing forensic information for in-depth analysis of every attempted attack as well as remediation tools.

 

prevencion- adPrevention: Preventing future attacks by blocking programs that do not behave as goodware and using advanced anti-exploit technologies.

 

This is the only advanced cybersecurity system that combines latest generation protection and the latest detection and remediation technology with the ability to classify 100% of running processes.

The post Don’t Let Yahoo Happen To You: How to Protect Your Business from Large-Scale Data Theft appeared first on Panda Security Mediacenter.

Panda Security

One billion and one reasons to change your password

Leave a comment

After another Yahoo’s data breach find out why you need to strengthen your security

Dear 2016, we want you to please be over already! PLEASE!

In a statement released by Yahoo yesterday they confirmed that there’s been another data breach. According to the press release the leaked information is associated with more than one billion Yahoo user accounts. The incident is different than the one reported few months ago. However, initial examinations suggest both attacks have been performed by the same hackers. There are a few things we recommend you to do right away to avoid becoming a victim of cybercrime. Don’t delay it!

When did this happen?

Yahoo confirmed the incident happened August 2013. Not to be mistaken with the data breach reported on September 22nd earlier this year.

What information was stolen?

No one really knows for sure, however the stolen information may have included personal information such as names, email addresses, telephone numbers, dates of birth, passwords and, in some cases, encrypted or unencrypted security questions and answers.

How is this affecting Yahoo?

In terms of branding and resonance, it’s the latest security blow against the former number one Internet giant. This kind of news won’t help user confidence in the company that has been heavily criticized by leading senators for taking two years to disclose the September 2014 breach. To make matters worse, this new one is from 2013. Yahoo was down more than 2.5 percent in after-hours trading on the Nasdaq in New York.

The company once valued at $125bn will not be sold for more than $5bn to Verizon. The price may go even lower. What make things really bad for Yahoo is that according to BBC, Yahoo knew about the hack but decided to keep quiet… not a smart move.

The good news

Even though your personal information has been circling the dark web for more than 2 years, you may not be affected at all. We are talking about 1 billion accounts – this is a lot of data to process. However, if you don’t change your passwords regularly or if you tend to keep using the same answers on security questions, you may be in danger.

Troublemakers might be able to use the information to get your bank details or commit identity fraud. It’s vital to be self-conscious and protect yourself. And if you do, you don’t have anything to worry about.
Even though Yahoo are working closely with law enforcement and they are doing their best to protect your data, changing your password regularly and installing an antivirus software is a must.

The post One billion and one reasons to change your password appeared first on Panda Security Mediacenter.

Avast

Win a new Google Pixel phone from Avast

Leave a comment

 Since we’re a security company, we are naturally at the front lines of online protection. In the last 30 days alone, Avast has saved the world from 2,368,767,045 virus attacks! But despite the constant stream of threats from cybercriminals, headline-making data breaches, and revelatory stories about government surveillance, we LOVE the Internet! Because we love it so much, all of us at Avast strive to protect it.

Panda Security

Google to punish repeat offenders by marking their websites insecure

Leave a comment

security warning google

 

Mountain View appears to be fully committed to web user security. In 2016, Google has already launched various initiatives to penalize poor website security practices (or, on the other hand, to reward users who follow their recommendations). Now they’ve proposed to clearly mark websites that not only pose a threat to web users, but are also repeat offenders.

In fact, both in Chrome (the company’s own browser) and in other browsers such as Firefox and Safari, the search engine will show a warning in front of websites that intentionally spread malware, as well as those that are, in reality, used as instruments of phishing.

This is actually something that Google does already. What’s new is that the company will begin to take decisive action against those who repeatedly attempt to skip over safety rules. Once a website is marked as dangerous, the admin can update the page to eliminate the infractions in question, at which point Google takes down the warning. If the search engine finds itself routinely notifying the admin to inspect the warning, in some cases their chance to have the warning removed will be rescinded for 30 days.

Specifically, the option to resolve these issues will be eliminated for websites that, after requesting a reappraisal, make a few changes to get up to code and then subsequently go back to carrying out practices that put users in danger. To combat these repeat offenders that modify their websites just for show, Google will crack down on them by keeping the warning message up for an entire month, with no possibility of turning over the ruling during this time.

This news is actually somewhat of a double-edged sword for companies. On the one hand, it’s undoubtedly beneficial that employees can know at a glance whether they are about to enter a website that could jeopardize the company’s security. But as the saying goes, all that glitters is not gold.

Google’s new measure cranks up the pressure on companies to make sure their corporate website does not pose a risk to users. Otherwise, the penalization issued by the good people at Mountain View could prove a real disaster for the business — beyond putting users at risk, it may end up scaring away future clients.

The post Google to punish repeat offenders by marking their websites insecure appeared first on Panda Security Mediacenter.