Tag Archives: featured1

Panda Security

They can remotely access and control my computer?

Leave a comment

trojans panda security

We are always talking about ransomware and the importance of keeping your corporate network protected, and we want to warn our readers about the popular Trojan attacks that are going after small and medium sized businesses. But how do you know when it’s a Trojan? How can you secure yourself against Trojans?

5 Things You Should Know

  1. They are malicious software programs designed to rob information or take control of the computer. These attacks target businesses that manage top-secret information.
  2. Trojans are the most popular type of malware and have been for years. Running closely behind them is Ransomware.
  3. Trojans seem harmless but as soon as they are executed they will damage systems and steal information.
  4. Most of them create backdoors and give unauthorized users remote access and control over your system…but they go unnoticed!
  5. Trojan horse: The professional trickster. It disguises itself as something its not.

trojans infographicTrojans: Topping the Charts

Trojans make up the majority of the 227,000 malware samples that are detected daily by PandaLabs. Month after month, they continue to be in first place as the most created malware.

Increasing since the second quarter of 2016, Trojans currently make up 66.81% of the new malware samples created this quarter. Viruses make up 15.98% (Worms 11.01%, PUPs 4.22% and Adware/Spyware at 1.98%).

What do their creators want to achieve?

  • Steal personal and corporate information: bank information, passwords, security codes, etc.
  • Take photos with webcams, if there are any!
  • Erase the hard-drive.
  • Capture incoming and outgoing text messages.
  • Seize the call registry.
  • Access (consult, eliminate and modify) the address book.
  • Make calls and send SMS messages.
  • Use the GPS to figure out the geographic location of the device.

How can we protect ourselves from Trojans?

 Avoid downloading content from unfamiliar websites or sites with dubious reputations.

– Monitor downloads from p2p applications.

– Keep your advanced security solution updated. Install one of the Panda Solutions for Companies that best adapts to you and protect yourself from these dangers.

– Analyze your computer for free and make sure it’s Trojan free.

The post They can remotely access and control my computer? appeared first on Panda Security Mediacenter.

Panda Security

Want to be a top tech company? Use a centralized management tool.

Leave a comment

systems-managementThe ship of single-device users sailed long ago. Our desks are covered with technology: desktop PCs, laptops, phones, smartphones, etc. and our technological needs have also changed (in fact, they keep changing!). We can’t just think about what we need to do: we need to take action. But despite this, it is challenging to develop an integrated strategy that that protects multiple devices while adapting to user behavior. Businesses cannot afford to fall behind (and fall victim to cyberattacks!) because they did not implement the right tools and practices for their IT infrastructure.

We use a variety of channels and network-connected devices (and that number is growing exponentially) to communicate in the workplace.  Now, we also have to think about a new group that may affect our business’s security that includes both BYOD (Bring Your Own Device) and the Internet of Things (IoT), and they require proper protection, management and control.

Microsoft and Apple Take Control

The growth of connected devices has led to a computer security revolution. IT teams in companies are adapting to new security requirements by implementing monitoring software and management software to control the devices that makeup the IT infrastructure. If the service is hosted in the Cloud, the better. It’s no longer necessary for an additional superstructure since a network connection and console access via browser is sufficient enough.

In 2011, Apple realized the benefit of Cloud-based management, and amplified all of their devices, including mobile phones and tablets, to fit this model. Cloud management reduces support and operation costs. Realizing the benefits of an easy-to-use system that can be used on mobile devices too, the tech giant Microsoft has decided to adopt this strategy with their Windows 10 operating system. , Microsoft is taking advantage of this new system that offers unified management for a variety of devices, whatever they may be.

There is a high rate of protection and remote monitoring for these Cloud-based systems which has also reduced support and operational costs, increased efficiency in the IT infrastructure, and improved employee productivity. To achieve this, proper management of the company’s IT infrastructure is fundamental.

Businesses can easily monitor and offer remote support to all of their corporate devices, regardless of their location, with Panda Systems Management. This tool makes it possible to manage the IT infrastructure and its maintenance from a centralized platform.

Want to be like Microsoft and Apple? Adopt their philosophy and use a centralized management system! Manage your devices with Panda Systems Management, an easy-to-use tool that allows you to yield great benefits with minimal investment.

 

The post Want to be a top tech company? Use a centralized management tool. appeared first on Panda Security Mediacenter.

Panda Security

Tales from Ransomwhere: Macros & Ransomware(s)

Leave a comment

tales-ransomware-7

How does MW get into systems?

This ransomware’s initial infection vector occurs when it’s sent/received through Phishing campaigns.ransomware-macros-6

First, the user receives an email with the malicious file in zip format, giving the illusion it is a zip, but in this case, the user also receives some type of invoice; this varies depending on the message received or the name of the file. On this occasion, the received file has the following name: Receipt 80-5602.zip, as seen in the screen capture.

In this compromised file you will find a Microsoft Office document, or more specifically, an Excel with the extension “.xls” containing macros (codes are in Visual Basic Script)

How is this Code/Macro Executed?

By defect,  unless we have the macro execution forced in Excel, the damaged code will not automatically run, unless, an advertisement appears indicating that the document contains macros, as demonstrated in the second screen capture.

ransomware-macros-2

And…What is this Macro?

The basic feature of this macro is to use the “dropper”, what we mean is, download and execute the other binary file, in this case a file encrypter or ransomware; although it could have been another malicious program like RATs, backdoors, bots, etc.

In this case, as with droppers, the file (or payload) runs on a remote server when executed.

ransomware-macros-3

Once the macro is executed, it is now in charge of taking the next steps: downloading and deciphering the remote file that is encrypted, and afterwards, ejecting it.

If we look at the name of the file running from the macro, or its command-line execution, we will see that the ransomware comes by DLL format; this has become increasingly more common. In addition, it requires that an export is indicated to operate, in this case “qwerty”, as shown in the following screen shot:

ransomware-macros-6

Why do it this way? Simply because a lot of systems that update the malware analysis (sandboxes) have problems when they execute programs/codes/libraries that require parameters, that are sometimes unknown.

Once encrypted, this library’s MD5: 586aaaaf464be3a4598905b5f0587590

Finally, from PandaLabs we would like to give you the following advice: if you don’t want to have an unwanted surprise, when you receive Office documents from unknown senders do not click the button that says “activate macros”. Lastly, make sure your antivirus solutions and systems are always up-to-date!

The post Tales from Ransomwhere: Macros & Ransomware(s) appeared first on Panda Security Mediacenter.

Panda Security

Almost half of companies save employee passwords in Word documents

Leave a comment

passwordsThere is a growing awareness of cybersecurity within companies, but are these companies taking action to improve their security? As seen in a recent study, 750 IT security decision-makers worldwide were surveyed to see whether they are “learning and applying lessons from high-profile cyber-attacks”, and if it influences their security priorities and decisions.

The study examined the contradictory situation that is currently present in a number of global businesses. On a positive note, 79% of those surveyed said that they learned their lesson after seeing cyberattacks jeopardize the IT security in other companies, and 55% confirmed that they have changed the way they manage corporate accounts in order to adapt to the current cybersecurity climate and avoid unnecessary risks.

Nevertheless, the survey also exposes a very different reality. Far different from those who are complying with security procedures, 40% of the survey’s participants stated that they just use a Word document or worksheet to manage their company’s credentials and 28% stated that they use a shared server or a USB stick, for the same purpose. What is obvious is that IT security is absent in almost half of the 750 businesses in the survey.

Of course the previously mentioned storage methods are all susceptible of suffering a cyberattack, especially if they fall into the hands of someone with the right know-how, but they can also be leaked by the company’s own employees. A Word document makes private information accessible for any employee in the company.

To ensure that employees only use their own password, companies should use a password manager that will also protect their company’s devices. This will also help keep documents and devices, like a Word document or USB memory stick that stores passwords, safe from a cyberattack or infection.

In terms of cybersecurity, there is still a long way to go in the business environment. IT security should be a priority. Although, 95% of these organizations have a plan in place in case of IT emergencies, only 45% of them periodically check that they are functioning properly.

Despite their carelessness, 68 % of those surveyed claim that their greatest concern and challenge is the data theft of their customers (but this percentage does not correspond with the cybersecurity mechanisms implemented by IT security heads).

The post Almost half of companies save employee passwords in Word documents appeared first on Panda Security Mediacenter.

Avast

Cybersecurity: SMBs At Greater Risk [infographic]

Leave a comment

banner_infographic_Your_Business_is_Vulnerable_1920x1000px_RGB.jpg

In Part 3 of our exploration of the state of cybersecurity — Part 1 examined the basics of business security, including the core functions (Identify, Protect, Detect, Respond and Recover), while Part 2 addressed the growing and evolving threat environment — we find that the size of your organization doesn’t matter when it comes to risks. The ugly truth is that all organizations are vulnerable, particularly small and medium businesses, which do not offer the financial potential of larger organizations, but also have neither the skills nor resources of wealthier targets. 

Panda Security

This is why you should “tether” your work phone

Leave a comment

3g-4g

The tablets or smartphones at your office connect to either 3G or 4G (which is better than WiFi). When tablets and other connected devices (like smartphones or smartwatches) become essential to an employee’s work, then it is essential these employees are properly trained on using them safely. Surely, workers think that connecting an office device to their data is much safer than using a WiFi Network.

Whether you connect with 3G or 4G, Regardless of how you connect to the net, your tablets and phones will all connect to the internet in the same way, whether you use 3G or 4G: the internet provider has the power in giving us access to the internet. What’s interesting about this? Well, in the case of WiFi connection, the provider always sends encrypted data.

Although there is no confirmation that the internet you connect to on your mobile devices is 100% secure, what we do know is that the possibility of a cyberattack through a 3G or 4G connection is much lower than through a WiFi network. However, Spanish cybersecurity experts recently demonstrated how it is possible to attack a 3G or 4G connected device, but its still in the proof of concept phase.

Fortunately, in order for cybercriminals to perform these 3G attacks, the resources are excessive. This makes it the safer option. Especially if the device in question is protected by a solution consistent with the company and its private information.

In fact, this is your better option, even for a laptop. It is safer to use your Smartphone or Tablet as a sharing point than connect to an unsecure public network—this is called “tethering”. With tethering, you can connect your computer to your mobile device’s data. Here’s another great option that’s a little easier and does the same thing: a 3G USB Flash Drive.

In the end, protecting your business’s private information is the most important, and most of it is managed using these same tablets or smartphones. It is recommended that businesses choose an internet connection with a powerful data plan: any WiFi network (even some private ones) are less secure than the 3G or 4G one we enjoy on our smartphones. Encrypted business information is worth the price of a great data plan with GBs and GBs of internet.

The post This is why you should “tether” your work phone appeared first on Panda Security Mediacenter.

Panda Security

Android malware surges again

Leave a comment

panda-security-android-malware

For most people, their smartphone has become the most important gateway to the internet. We use our phones to check facts on the move, plan journeys, update shopping lists and check our bank balance.

Simple-to-use apps have put information and services at our fingertips. In fact, the world now uses smartphones and tablets online more than any traditional computers and laptops.

So it’s no surprise that hackers and cybercriminals have turned their attentions to attacking your smartphone.

The Android factor

The relatively low cost of Android-powered smartphones, has helped the mobile operating system establish a significant majority of the mobile market. Android handsets outnumber iPhones by nearly 9 to 1 for instance.

This, coupled with the relative ease of crafting malware for the Android platform, has seen a massive increase in mobile attacks. In July this year, an estimated 10 million Android phones were infected with malware that spied on their owners for instance.

The problem has become steadily worse over time. In January 2013, AV-TEST database of malicious Android apps contained less than 500,000 examples. By August 2016, the total topped 16 million as the number of new malware variants released continues to grow.

pandasecurity-av-test

The open nature of Android that allows anyone to create software and access key system resources – seen by many as one of the operating system’s strengths – makes it even easier for hackers to create malware and infect phones. This problem is compounded by the infrequency of software updates to patch these vulnerabilities, leaving Android users at risks for months.

Protecting your Android handset against malware

Just like your PC, you have the responsibility for keeping malware from being installed on your phone. There are however a few easy steps to counter the most obvious risks.

1. Always use an official app store

The Google Play app store is the largest, and most trustworthy source of apps for your phone. All of the apps available there have been checked to ensure they do not contain malware, so you should be safe installing them.

Other app stores or websites are not so stringent, so there is a much higher risk of infection when using them.

2. Treat email with caution

Email has been a particularly effective way of installing malware on PCs, so cybercriminals use many of the same techniques on your phone. Always treat email attachments with caution, and never open anything that looks suspicious.

And if you are prompted to download software unexpectedly, there’s a reasonable chance that someone is trying to trick you into installing malware.

3. Consider installing an ad blocker

Malware can sometimes be downloaded and installed without warning via infected banner ads. Installing an ad blocker app can help prevent compromised banner ads from being displayed – which also stops malware from being downloaded.

4. Install an antivirus app

Your home PC is protected by antivirus software – and your Android smartphone needs the same level of protection. Leaving your phone open to malware installation is a serious risk – and cybercriminals will take advantage eventually.

Panda Mobile Security (also available in the trusted Google Play store) offers maximum protection against malware along with a number of useful tools should your phone be stolen. You are protected against Android viruses and information theft at all times.

Get protected now

These practical steps will help to improve your device security – and stop the most common malware attacks. And because they are simple and straightforward, you can get started right now.

To learn more about protecting your Android smartphone, please check out this guide.

The post Android malware surges again appeared first on Panda Security Mediacenter.

Panda Security

New WhatsApp updates: how to keep your privacy.

Leave a comment

pandasecurity-whatsapp-updates-privacy

As the World’s most popular messaging application, WhatsApp is constantly adding new features designed to delight their 1 billion registered users. And the latest update contains a number of goodies that will delight fans of picture messaging.

This all looks very familiar…
For anyone who uses the Snapchat app, the new WhatsApp features will seem very familiar. In fact, you might say that they are identical.

WhatsApp users can now take a photo, and quickly add a sketch or some text, before sending it as a message – just like Snapchat. Or they can add emojis – that look exactly the same as those in Snapchat. There’s even several navigation gestures (zooming in an out, or switching between cameras) that are exactly the same as those used in the Snapchat app.

The reason WhatsApp have borrowed so much from Snapchat is simple – to keep people engaged with their platform. The more that people use the platform, the better able WhatsApp (and their parent company Facebook) is to profile them for advertising purposes.

And obviously people want entertaining picture messaging services – so these new features are sure to be incredibly popular

Is there a potential security risk with the new WhatsApp app?

Because of its popularity, WhatsApp has been targeted by cybercriminals many times over the years. Several times researchers and hackers have uncovered flaws in the software that allow accounts to be compromised.

Every one of these breaches has the potential to expose personal information – or to give criminals useful information for identity theft.

WhatsApp has made significant efforts to improve security, although privacy still remains doubtful because of the new data sharing agreement with Facebook. However end-to-end encryption of messages – including the new photo options – should prevent people from “listening in”.

Better safe than sorry

No matter how trusted the developer may be, you should always treat each new app (or update) with some caution. Installing an antivirus and security tool will help you see what is going on behind the scenes, how the app is using your personal data.

The WhatsApp service is known to take a copy of your entire address book and upload it to their servers for instance. WhatsApp are relatively transparent about this (they can better identify your friends who are also using their service) – but other developers are not. You should always use a tool like Panda Mobile Security to monitor exactly what’s happening on your phone.

Otherwise you might be installing software that accesses much more personal data than you expect.

You can prevent data stored on your handset from being accessed by thieves too. Panda Mobile Security allows you to lock each app with a PIN, so if you don’t enter the right code, the app cannot be opened. If someone steals your phone, they cannot view your messages and pictures.

No less secure, but a useful reminder

Because the latest update is still very new, no one has yet exposed any new WhatsApp security vulnerabilities. And even if there aren’t any problems, the release is a useful reminder of the importance of scanning new apps from malware, loopholes and suspicious data access permissions.

Download your free copy of Panda Mobile Security now – then go get creative with the new WhatsApp picture features. Have fun!

The post New WhatsApp updates: how to keep your privacy. appeared first on Panda Security Mediacenter.