Tag Archives: featured1

Panda Security

Cyber-criminals really “Like” Facebook

facebook-one

With 1,590 million active users per month, Facebook is the Social Network. In fact, they just posted their quarterly earnings and they are up 50%. Cyber-criminals are aware of their success.

These platforms are the ideal place to “phish” for information. 18% of companies infected by malware were infected through social networks. Attackers pass as part of a company’s customer service team in order to steal sensitive data from consumers.

A recent study was released by the RSA organization proving that cyber-crime on social networks is a “global epidemic”. The RSA organization was founded by the creators of the encryption algorithm that is used every time we make a bank operation online or digitally sign something.

Cyber-crime in social networks

is a “global epidemic”

These platforms are not only hot-spots for attacks but they have also become the perfect forum for scammers to communicate. According to the study, there are more than 500 online fraud related groups with more than 220,000 members. The majority of these groups are public and visible.

Uncovering Credit Card Data

Fraudsters share information like credit card numbers accompanied by personal information and authorization codes, cyber-crime tutorials and other malware tools.

Proving this, the investigation invites us to write our CVV or CVV2 numbers in the Facebook search bar (those verification numbers on the back of a credit card). The result will surely surprise you: it is easier to find data from a stolen credit card than find an old friend you are trying to reconnect with.

facebook-2

In total, the RSA detected some 15,000 compromised credit cards publicized on social networks in the six months that the study lasted. He also discovered that many of these criminal groups focus their attacks on shops, banks and accounts of consumers in their area.

In China and Russia, platforms QQ and VKontakte are preferred by the scammers, while in the rest of the countries, Facebook remains the favorite. Unfortunately for us, cyber-criminals really “Like” Facebook.

The post Cyber-criminals really “Like” Facebook appeared first on Panda Security Mediacenter.

Avast

Can your bad passwords cost you money and cause trouble?

From football stars to cheating spouses, using easy-to-crack passwords puts everything from your livelihood to your relationships at risk.

passwords should be long and strongChange your passwords regularly and don’t share them with others

A tweet showing top NFL draft pick Laremy Tunsil taking a hit off a bong through a gas mask cost him upwards of $13 million. Tunsil’s Twitter account was allegedly hacked at the worst time – just minutes before the draft began – making his fall from the first round to thirteenth swift, decisive, and oh, so costly. Minutes after that, his Instagram account was hacked to show screenshots of a text conversation implicating Ole Miss in NCAA rule-breaking that will likely end up in an investigation.

This mind-boggling turn of events in what should have been a night of triumph for Tunsil and his university has a lesson for the rest of us.

Panda Security

PandaLabs identifies 227,000 malware samples per day in the first quarter of 2016

pandalabs-2016-04PandaLabs, Panda Security’s laboratory, outlined in this report the main cyber-security developments over the first months in 2016, showing statistics of malware and cyber-attacks in the first quarter of 2016. The amount of malware created continues to break records, with more than 20 million new samples identified, an average of 227,000 per day.

Cyber-crime does not stop

Cyber-criminals continue attacking without giving sensitive infrastructures the chance to take a break, as seen in the attack suffered by 21st Century Holdings, a clinic specialized in cancer treatments with headquarters in Florida. The clinic had to alert their 2.2 million patients and workers that their personal data might have been compromised.

The Rosen Hotels & Resort chain has been the victim of an attack that occurred between September 2014 and February 2016. The company alerted their clients who may have used a credit or debit card in their establishments over this time period that their data could have been stolen by the attackers.

Even the world’s most powerful governments haven’t been spared, such as the United States, where the Department of Defense has presented a rewards program called “Hack the Pentagon” in which rewards are offered to hackers who find security holes in the Pentagon’s web pages, applications and networks.

Smartphones are another easy target for cyber-criminals. SNAP is the name of a vulnerability that affects the LG G3 phones. The problem is due to an error in the implementation of LG notifications called Smart Notice, which allows JavaScript to be executed.

The growing sector, the Internet of Things, is also affected by this year’s criminal activity. In this area, we can see how something as innocent as a doorbell can be attacked. Manufacturers are becoming more aware of their product’s safety, in fact, General Motors just launched a new rewards program for hackers who are able to find vulnerabilities in their vehicles.

Q1 in numbers

The PandaLabs study shows that Trojans continue to be in the lead of all malware samples. Out all malware samples created in 2016, Trojans are number one with 66.81% of the total (an increase compared to last year), followed by viruses (15.98%), worms (11.01%), PUPs (4.22%) and aware/Spyware (1.98%):

pandalabs1

 

When we analyze the infections caused by malware worldwide, we find Trojans in the lead again. This is normal if we take into account the rise in ransomware infections, including the rise of Trojans, which is also one of the most popular attacks cyber-criminals use because it allows them to obtain money easily and securely. There are more and more companies whose networks are falling victim to these cyber-criminals and who are paying millions of euros to rescue their stolen information:

pandalabs2

According to PandaLabs, Asia and Latin America are the most affected regions

In this study we can find a table showing the countries with the highest and lowest infection rates in Q1 of 2016: Asia and Latin America (China leads the ranking with 51.35% of infections) are the most affected countries; while the Scandinavian countries have the lowest infection rates with (Sweden at the lowest at 19.80%).

 

pandalabs3pandalabs4If you want to know more about the specific attacks, be up to date with the latest research carried out by the FBI, and the latest news of the cyberwar, you can download the entire document here. We hope this is of interest to you!

The post PandaLabs identifies 227,000 malware samples per day in the first quarter of 2016 appeared first on Panda Security Mediacenter.

Avast

New fresh phishing campaign hits Facebook

A new phishing campaign takes advantage of Facebook’s security measures in order to appear legitimate. In this case, the creators of the campaign have created an app which is, in essence, a simple <iframe> that displays a fraudulent version of Facebook’s login page. Cybercriminals are abusing the Facebook application platform to carry out phishing campaigns against users which appear legitimate thanks to the fraudulent use of Facebook’s own Transport Layer Security (TLS) security certificates, a protocol used to help keep domains and user communication secure.

The phishing web site is hosted on hxxp://gator4207.hostgator.com/~labijuve/a2/, which leads to a identical yet fake copy of Facebook’s verification page.Despite the resemblance that the iframe bears to Facebook’s actual webpage, the differences between the two sites become obvious when they’re displayed next to one another.

Panda Security

Science is one step closer to reading your mind

electroencephalography

Fiction predicts Science

This past month, there was a giant development in science.  Once again, technology has caught up to what we thought was only imaginable. For the first time in history, a quadriplegic recovered mobility in one of his hands thanks to neuroprosthetics, which in this case, is the superhero combination of an implanted brain-chip and a sleeve made of electric bands.

Ian Burkhart, a 24-year-old American man, is paralyzed due to a spinal cord injury that was caused from a diving accident a few years ago.  What at first seemed like a hopeless predicament for him, has become a positive example for science and humanity.

Mind over Body

Burkhart continues to live a life of passion and purpose—coaching high schoolers, inspiring others through public speaking, and working towards his undergrad degree—while living by the quote “Success, it’s what you do with what you got”.

Swiping a credit-card or playing a bit of Guitar Hero are two simple things Burkhart thought he would never be able to do again.  He has been able to train his brain to exercise commands, which are later carried out using the implanted chip and electrode sleeve.  According to scientists, in a few years, many disabled and paralyzed people could be dressing and feeding themselves, completely independently.

DSC_0029

Work like a machine, or one day we could be controlled by one.

But, as always, with each new advancement comes challenges and opportunities for those who are looking to take advantage.  Which is why it is critical that we protect the sensitive data that has yet to be compromised: the information that is stored in our brains.

Expert Alfonso Muñoz, from Criptored, explained how EEG headbands are vulnerable to the same attacks as your smartphone or your computer, stating that “any type of attack can happen because, really, you are not copying waves, you are copying bits”. The security-risks associated with the possibility of registering brain waves are alarming. Muñoz warns about the future of “mental surveillance” and “brain hacking”.

Imagine that someone, somewhere could read your mind… spy on your thoughts. This fear has already been proven in rigorous academic studies. When it comes to this on-going marathon between humans and technology, even with the good, that we stay wary of possible intruders.  Like Muñoz said, “attacks have limitations“. However, “the truth is, the thought that it can be done, in a relatively simple way, is scary“.

Information from your brain can be removed without you knowing it

The post Science is one step closer to reading your mind appeared first on Panda Security Mediacenter.

Panda Security

Tips to help protect your professional Apps

international-workers-day

Smartphones have become vital to our existence, accompanying us in our day-to-day lives, both at work and at home. Since May 1st is International Workers’ Day, we are celebrating by reviewing some of the top applications we believe are most useful for our professional success.

“Top” Apps for professionals

These app icons saturate our phone screens, but with good reason. Today, there is an app for everything. Apps offer a wide range of possibilities and solutions, helping us organize our tasks and merge our professional and personal lives.

  • Evernote: Positioning itself as the office of the future, this app allows you to write, compile, find and submit documents in any electronic device working in a synchronized manner.
  • Google Drive: Through the app you can create and access shared information through any device, making long-distance teamwork both easy and efficient.
  • Dropbox: This mass storage tool is one of the more popular apps, allowing you to share information using multiple devices.
  • Skype: With more than 300 million users, the mobile app includes many of the same benefits as the desktop version like video calls, audio calls, and messaging. This program has become an important tool for those who have work relationships abroad.
  • Hootsuite: This platform allows you to access various social media accounts from one place. It has become one of the star tools to manage your online social life, both for social network experts and regular users.
  • Salesforce: We cannot lose sight of one of the best business tools for CRM. This important application provides an interface for task management and case management. It also has a customer portal area, with social media plugins and analysis tools, allowing us to foster relationships with our clients and develop new ones.

Black Hats in your work environment?

 

Even though we do our best to make our Smartphones as secure as possible, sometimes there are vulnerabilities, like large amounts of malware waiting to take over your phone. As seen above, there are a variety of applications waiting to be downloaded and used to help you on your journey up the career ladder. However, we must keep in mind that there are some risks that come with installing anything downloaded off the internet.

Black Hats frequently use apps as keys to “get into” our phones. If you use them as work tools or to share sensitive and private data, you should think about downloading an antivirus.

We have some tips when downloading these applications. First of all, “avoid the black market” and download your apps in authorized stores that are reliable. Secondly, choose apps with official developers (these will always be more secure). Thirdly, pay attention to the number of downloads (if there are more than 1,000, we can consider it a popular app and reduce the possibilities of giving problems.) Lastly, review the feedback from other downloaders to make sure it is a good one.

Current Smartphone attacks have put device security and personal information in danger, which is especially hazardous when your devices are connected with your work-life. Prevention is the best possible thing you can do to guarantee your security.

Here at Panda Security, we hope you continue in the fight against cyber-threats and keep on protecting your work-life. Have a great weekend and a wonderful International Workers’ Day!

The post Tips to help protect your professional Apps appeared first on Panda Security Mediacenter.

Panda Security

The Hotel Sector: an easy target with juicy profits

video-cover-02 (002)Stealing information and then holding it for ransom is a trendy cyber-attack that has arrived to the hotel sector.  PandaLabs, Panda Security’s anti-malware laboratory, is launching a study called  The Hotel Hijackers (download our guide here); a document that reviews the increasing tendency of cyber-attacks directed towards large hotel chains.

Research showed us that 2015 was the year for these type of attacks and we have detailed information on this type of intrusion and how this sector was largely affected worldwide, in many famous hotels like the Trump, Hilton and Starwood hotels.

Why the hotel sector?

Hotels make billions of dollars from the millions of guests that pass through their doors everyday and hotels keep all of their guests’ sensitive data on file, just waiting to be compromised, and cyber-criminals know it.

If you want to take a look to the Hotel Hijakers download our infographic or video:


 

 

The post The Hotel Sector: an easy target with juicy profits appeared first on Panda Security Mediacenter.

Panda Security

It’s easy to fool CAPTCHA

robot-captchaCAPTCHA: humans vs. computers

On some websites, you may have noticed that you are prevented from continuing your visit or purchase until you solve a puzzle of obscure letters or pictures. After staring at a few squiggly lines, deciphering the words, and typing the correct word in a blank space, you may finally continue. This process is done to verify that we are, in fact, humans accessing the site.

This test is called CAPTCHA (Completely Automated Public Turing Test to Tell Humans and Computers Apart) and is used all over the web. The ticket sales website, Ticketmaster, is an excellent example of CAPTCHA-in-use; without the human-verification test, a “robot” could potentially buy millions of tickets before a concert or event sells out, and then reap the benefits of scalping them for much higher prices.

Having to guess a combination of letters and numbers each time we do something on the web is definitely annoying. And time-consuming. Each time you solve a CAPTCHA, you waste 10 seconds of your life. That’s why CAPTCHA has earned a bad reputation among Internet users, despite the fact that it was created to guarantee our safety.

CAPTCHA prevents a cyber-criminal from raiding the internet

Captcha cares!

Luis von Ahn, one of CAPTCHA’s original creators, continues to make strides with the test alongside Google, its new developer. It has been reborn into reCAPTCHA, an extension of Captcha that takes words from page scans of old books—words that are harder for a computer to detangle.  Protecting our safety while helping to “digitize text, annotate images, and build machine learning datasets“… now those 10-precious-seconds are being used for something worthwhile.

It’s great that we are helping digitalize books, but when it comes to internet security,
are CAPTCHAs effective?

 

captcha

 

Bypassing Google’s CAPTCHA is dangerously easy

A trio of researchers from Columbia University (New York) proved how easy it is to bypass some CAPTCHAs. Programs like this, make it more difficult for attackers to use programmed bots to collect e-mail addresses, automatically and massively, for spam campaigns. But they are not foolproof. Processes like this can be automated, and eventually, computers will be able to solve reCAPTCHAs, just like you or me.

 

More and more, we are being engulfed in technology. Computers are becoming less and less dependent on humans, and robots are becoming more and more programmable to do human-like things. Although it’s a cat-and-mouse game, Google continues to design and conduct tests, like CAPTCHA, to keep robots from doing something that should only be done by humans.

The post It’s easy to fool CAPTCHA appeared first on Panda Security Mediacenter.