Stop apps with one tap, speed up your device and save battery life with Avast Battery Saver.
You spoke and we listened! The all-new Avast Battery Saver 2.0 is here and includes a collection of exciting new features. Along with its fresh-faced design, the latest version of Avast Battery Saver is easy to use and more powerful than ever.
Human error accounts for an estimated 95 percent of security incidents.
Being aware of a few simple things about security in the workplace can help prevent attacks, which is not only important to the financial bottom line, but it’s also important to customer and employee privacy.
Classic tricks never go out of style. A favorite trick in the cyber-crime world is done by infecting USB flash drives (or whatever method of storage that is used at the time… remember floppy disks and CD-ROMs?) to cast a malicious program onto the victim’s computer by taking advantage of our biggest human weakness: curiosity.
Maybe you think that there are only few who would fall into these traps, but the truth is that it’s a common occurrence. A group of researchers from the University of Illinois tested people’s “curiosity” and came up with an interesting conclusion: almost half took the bait.
The study’s author spread 297 USB flash drives across campus to see what would happen. Almost half of the devices (48%) ended up in the USB port of someone else’s computer. Most of them later claimed that they plugged-in the USB in order to find its rightful owner and return it to them (68%). 18% admitted they did it out of curiosity.
The most alarming is not the number of people who fell into the temptation to look at what was stored on the device, but that they would look without taking proper precautions. Only ten people analyzed the USB stick using an antivirus.
Only ten people used an antivirus while
examining the contents of the USB stick
The five most naive victims admitted that they completely trusted their perating system, which unfortunately, was too hopeful. As the prestigious security expert Bruce Schneier stated, “the problem isn’t that people are idiots […] The problem is that operating systems trust random USB sticks.”
The post If you find a USB stick, resist the temptation to open it appeared first on Panda Security Mediacenter.
Today, April 23rd, we celebrate World Book Day. Literature has evolved greatly in recent times, both in the way we enjoy it and the way we consume it. How we read, in the digital realm, has changed. In today’s on-the-go society, it is becoming less and less common for people to use paperbacks or hardcovers, and is becoming more and more common that we use many different platforms to enjoy reading. Now we read from our smartphones, tablets, eBooks … Electronic ink has been imprinted in our lives. We read everything and anything from short stories to novels, the news to blogs… we turn them into trending topics. We even share excerpts from the books we read on social media. Stories become viral thanks to transmedia storytelling and techniques.
Not only are we seduced with words, but audiovisual content plays a very important role in grabbing our attention. New technology enriches our reading, using videos or photos to interact with the reader. We live in the era of Branded Content. Struggling brands position themselves in a way that seems “organic” in the minds of consumers by offering unique and high-quality content. Now we are fluent in a new language, digital language, and the language in which today’s literature is based on. We write simpler and add hyperlinks. Digital writing is intended to be enjoyed only on-screen, 100%.
We often forget that a computer virus in Windows can be passed to a smartphone whether it’s an iOS or Android, and a lot of these viruses can even infect our eReaders. To prevent malware from damaging our reading device, whatever it is, we must follow these guidelines:
1- Beware of USB ports: we must first analyze anything that can be inserted into a computer or electronic device. This is the simplest and most popular way cybercriminals can infect our devices.
2- Only buy or download eBooks from legitimate online stores or known editorial pages.
3- Beware of file size: if we introduce some eBook DRM we must be wary if it occupies more than 2Mb, as it could possibly be a virus that could damage the device.
4- Install an eBooks library manager: if the eBook is a virus or has one, the manager will alert us.
Like always, prevention continues to be the best option to help us enjoy our reading (or browsing) safely. Happy World Book Day!
The post Tips to help shield your reading devices appeared first on Panda Security Mediacenter.
Today is National Get to Know Your Customers Day, so we want to get to know our readers better!
Please answer the 10 questions in this survey to help us understand what kind of security-related articles and social posts are important to you. Or maybe you prefer videos? Podcasts, perhaps? That’s the kind of thiing we want to know, because we write these articles for YOU!
The survey should only take a few minutes of your time. It consists of nine questions plus an optional bonus question at the end. What’s more, you can take part in the survey for a chance to win a free license for Avast SecureLine VPN!
Click Read More to see the survey or you can also do the survey here. Thank you!
A classic piece of advice that helps keep email, social networks and other online services safe is by enabling something called two-step verification. This security mechanism makes it more difficult for a cyber-delinquent to access your account through two-step verification. When a different device from the “usual” one (different computer or smartphone) tries to access your account, they must enter a code that is sent to the mobile phone associated with the account in order to continue.
If a cyber-criminal is trying to get into your account, who in theory cannot access your smartphone, this two-step process makes it very complicated for him. Or so we thought. A group of researchers from the Free University of Amsterdam showed us that this type of protection is becoming more and more flawed the better we communicate with each other using our different devices. This means that the more computers, smartphones or devices that have access to your account and passwords, the higher your chances are of getting an account hijacked by a cyber-criminal.
The two-step verification is one of
the most popular security measures
In other words, because we are able to synchronize applications between two devices, like your computer and smartphone (and what you do in one can affect the other), the effectiveness of two-step verification decreases.
The study’s authors have showed us the possibility of installing apps offered through Android onto your smartphone remotely through the computer (accessing Google Play with the browser) or installing remotely through iTunes.
In both of the above cases, following slightly different strategies, they have managed to intercept the verification code that websites send to your smartphone through SMS when there is a two-step verification, so it is very possible that a hypothetical cyber-criminal could access your Facebook, Google or Amazon accounts—to cite just a few.
The verification code that websites
send you through SMS can be intercepted
Just because you have found out about this vulnerability does not mean it is no longer advisable to activate this safety measure in all the services that offer it. There will always be a few obstacles that you can put between the attackers and your personal information.
The post your smartphone is no longer the “smartest” option appeared first on Panda Security Mediacenter.
Avast CEO, Vince Steckler, joined a panel of top security experts for a roundtable discussion about cybersecurity in our everyday lives.
What WhatsApp’s new end-to-end encryption means for youThe popular messaging app, WhatsApp, has improved its privacy by encrypting all the messages that are sent with their service. We explain what this means to you and how to make sure you and your friends benefit from the higher security standards.
A few days ago at PandaLabs, Panda Security’s anti-malware lab, we discovered a type of ransomware that we believe is extremely important to talk about, especially because of its novelty and its unique features. The name of this new ransomware is CryptoBit.
If we compare it to what we’ve learned thus far from other ransomware, we can say that CryptoBit is a one-of-a-kind specimen. It’s different from other ransomware for many reasons, one of the main differences being the message that appears instructing the victim to rescue their files. Its additional features will be revealed in this article.
This report focuses on the analysis of the following sample:
a67855dbd18652e99f13d29045b09391382bb8c817cda1e498cd01eb4a7bdf2c (sha256)
This sample is protected thanks to a “packer”, a trojan that disguises another type of malware. After “unpacking” it, we can notice that, in addition to a date of recent compilation (April 5, 2016 at 12:20:55 PM), there is a total lack of strings, evidence that the author of CryptoBit wished to hinder the analysis of your code, by any and all means.
After analyzing the data provided by Panda Security’s “collective intelligence systems”, it is possible to determine the vector that was used to distribute CryptoBit is being used by the “Exploits Kits” that affect different web browsers.
Once the sample’s behavior is unpacked and analyzed, we can more accurately determine the basic way CryptoBit works:
The first thing CryptoBit does is check the keyboard’s configured languages. If the keyboard is configured with one of the following codes: 0x1a7, 0x419 (Russian) or 0x43f (Kazakh), the program does not end up encrypting any file.
After making sure that the keyboard is not in their blacklist, CryptoBit goes to all local disk drives, network folders, and removable drives (USB), searching for files containing any of the intended extensions. What is its objective? To encrypt the entire contents of the file (another unusual feature) in order to request their rescue later on.
In particular, CryptoBit is interested in the following file extensions:
|
ods crp arj tar raw xlsm prproj der 7zip bpw dxf ppj tib nbf dot pps dbf qif nsf ifx cdr pdb kdbx tbl docx qbw accdb eml pptx kdb p12 tax xls pgp rar xml sql 4dd iso max ofx sdf dwg idx rtf dotx saj gdb wdb pfx docm dwk qba mpp 4db myo doc xlsx ppt gpg gho sdc odp psw psd cer mpd qbb dwfx dbx mdb crt sko nba jpg nv2 mdf ksd qbo key pdf aes 3ds qfx ppsx sxc gxk aep odt odb dotm accdt fdb csv txt zip |
Once the process of file encryption has begun, the user can see a window on their computer similar to the one show below:
In this message we see some details that draw our attention and which can be used to classify this new type of ransomware:
ID shown as “58903347”
In the number shown for the analyzed sample, this value is always the same. It does not matter if you run this Malware repeatedly, or if you do it on different devices. This suggests that we will find ourselves with an ID of ransomware rather than a particular user (or computer).
The number of bitcoins you have to pay
In general, the required amount of Bitcoins are fixed, or have a limit. In this specific example, we see that the author (or authors) are requesting a bailout that is a little excessive.
How to get in contact with “them”
The user is not able to contact the hacker through a web server accessible via a URL, and they do not ask the user for anything in particular, at least they don’t at this exact moment.
They ask the user to contact them with using an email address that seems untrustworthy (ex. [email protected]). If the victim does not receive a response, they can also contact the hacker using an application called “Bitmessage”, a branch of another application that can be found in “GitHub”.
Additionally, if this message is not enough to convince them that their files have been encrypted, each time that this folder is accessed with one of these (now) indecipherable files, the user will discover a couple of extra files that were created intentionally:
OKSOWATHAPPENDTOYOURFILES.TXT
If we take a look at this file we will find the same message (this time in text format) that is shown to the user after their files are encrypted.
sekretzbel0ngt0us.KEY
In this second file we see a hexadecimal sequence with a length of 1024 which, once decoded, will correspond to a binary sequence of 512 bytes (or 4096-bits).
Later, in the “encrypted” section, it will show us the meaning of the file called “sekretzbel0ngt0us.KEY“, where encryption has been used to encrypt other files.
Another CryptoBit action that is visible to the user is an HTTP request that looks like:
http://videodrome69.net/knock.php?id=58903347
Notice: the requested script “knock.php” does not exist, what it’s doing is ignoring the intentions of the last action.
Encrypting files to encrypt other files, in each run, CryptoBit generates the algorithm AES, or “Advanced Encryption Standard” (a random key of length 32 bytes or 256 bits), making it practically impossible to decrypt files unless this information known.
In order for us to not lose this key which allows us to decrypt files if the ransom was paid, the author of this ransomware, stores the AES key generated with an encryption using the RSA algorithm.
A public key that is chosen is a length of 4096 bits and we find it “hardcoded” within the analyzed sample.
Once encrypted with a RSA AES key, it will be stored in the files named “sekretzbel0ngt0us.KEY“, making it only comprehensible if there are corresponding RSA “private keys” (which in theory, would only be in the possession of the cypher’s author.)
In this section, we notice a specific detail: the absence of calls to the native libraries that encrypt files using the RSA algorithm. CryptoBit uses a series of statically compiled routines that allow you to operate with large numbers (“big numbers”), making it possible to reproduce the RSA encryption algorithm.
As we can see, this newly discovered ransomware phenomenon is not going out of style. We are finding new samples every day that still surprise us. In this specific case, we aren’t as shocked by the use of “serious cryptography” (AES + RSA), something that is more and more standardized, but we are amazed by the ambition behind it and can appreciate its good design and interesting ideas.
As always, keep your antivirus updated and make sure to back up your important files.
Analysis of CryptoBit by: Alberto Moro, Abel Valero and Daniel Garcia
The post Be careful with CryptoBit, the latest threat detected appeared first on Panda Security Mediacenter.
Sending out your resume into the net’s black hole can make the job application process feel hopeless. Where do our resumes end up? Do recruiters even read them? The recipe for landing a job is already a difficult task in itself, but now we have to squeeze a little more fear into it. Every time we apply for jobs, we could be falling prey to one of these new cyber-attacks that use ransomware to hold your computer hostage.
Digital-age criminals are posing as hiring companies on various job-posting websites. The cyber-criminals are tricking both candidates and recruiters, asking them for too much information, like, credentials and economic information. Know anyone on the job hunt? Are you familiar with LinkedIn? Like we’ve stated before, these are becoming some of the best resources for cyber-criminals.
We’ve also seen these wrong-doers capture innocent job-searchers by “pretending” to be hiring managers from important companies, where they post false job advertisements so they can phish for credentials and other sensitive information. In addition to phishing, we have been advised of another type of attack: a variant of malware that black-hats are using to infect company computer systems when their recruiters download, what they think to be, a candidate’s CV.
This type of malware, called Petya, spreads via email. Here’s the process of infection:
The only way to regain control of your device and sensitive information is to pay a ransom. Currently, the approximate cost to release a system and files is around 0.99 bitcoins which exchanges to approximately €431,379 (bitcoins: the first digital currency. Although it has been said that this form of payment could be used for “legitimate” reasons, it’s more commonly used on the deep web as a form of payment for theft and the black market.)
It’s easy to be a victim in this scenario when there’s always someone looking to prey upon the desperate. In the summer of 2015, a group of security experts identified a number of emails sent to companies with resumes, and in this case, in a ZIP compressed file containing a malicious code.
Despite the uncertainty and fear that comes with an attack of this type, don’t give into the pressure! Paying the ransom does not guarantee that they are to unlock the infected computer (it might even motivate the perp to ask for an even larger sum instead.)
As they say, prevention is always better than the cure.
The post Linked Out: how job-search platforms are being used for ransomware appeared first on Panda Security Mediacenter.
