Ransomware has been a hot topic recently. The latest PC ransomware, Locky, made its rounds in late February and multiple hospitals were infected with ransomware, which forced an online shutdown. Not only is ransomware continually attacking PCs, but this nasty form of malware is becoming increasingly more sophisticated and common in the mobile space as well.
Remember that bullying is never your fault, and it can happen to anyone. Bullying may make you feel embarrassed and like you’re all alone. But you’re not alone and it’s important to find someone who can help you through the situation. Reaching out to someone you trust.
~reminds Facebook
Facebook and other social channels are space for communication, sharing, and connecting with others. Unfortunately, it is also a space where cyberbullying takes place. Research provided by different organizations in the USA and UK shows scary numbers, and we are definitely witnesses of a new form of bullying on a massive scale. The psychological consequences can be very dramatic, therefore education is crucial for prevention and fighting this new phenomenon.
Read on to learn what to do if you or a friend is the victime of a cyberbully on Facebook.
There’s something every Instagrammer wants to know: who is looking at my photos? We live in a show-and-tell world, with I-see-I-do-I-post-mindsets, comments, and “likes”. No one wants to disappear at fault of a #boring photo.
Instagram makes it easy to play pretend, but what happens when someone else pretends to be you? In theory, social media sites like Facebook make it so that third parties can’t access your “secret information” but without our knowledge, hackers are taking advantage of us: robbing personal data (even those super-complicated-and-thoroughly-though-out passwords) and gaining full access to our profiles.
For Turker Bayram, hacking into social media profiles is his specialty. On multiple occasions, this sadly popular yet elusive malware developer has been able to place his malicious “apps” in the top charts on Google Play and the App Store. Soon after he creates them and uploads them, there are massive numbers of downloads. By the time someone figures out what’s going on, and after hundreds of thousands (potentially millions) of users are robbed of their personal information, Google and Apple finally delete the apps. This has happened at least twice.
Just a few weeks ago, an independent developer named David Layer-Reiss warned us on his blog about Bayram’s new malicious “software”. The iOS version was called “Who Cares With Me – InstaDetector”, and in Android, “InstaCare — Who Cares With Me”. These “apps” discovered by Layer-Reiss have already been eliminated and, in November 2015, both Apple and Google withdrew Bayram’s original platform, InstaAgent. It is not the first time malware takes over a popular site (i.e. Instagram, WhatsApp, Facebook) in order to massively rob user profiles… and it won’t be the last.
These “apps” always return to the top of the charts and sometimes under the umbrella of the same developer. In the case of “InstaDetector”, the victim innocently enters their credentials, unaware that the confidential data is sent to the attacker’s server. Instead of discovering “who has been looking at your Instagram?”, the cyber-attacker seamlessly accesses the account as if it were their own and posts spam photos on the owner’s behalf.
From telegrams to Instagrams, the more technically sophisticated we become the more important it is to trust the communication source, or in this case, the “app”. “InstaDetector” is just one of the many scams designed to take advantage of the enormous interest generated by social networks. The most worrisome thing about them is their popularity, always massive and immediate, that by the time Google or Apple are involved it’s too late for thousands of users. Combat these threats by staying alert, ignoring false promises, and installing a tough antivirus on all of your devices.
The post We know “who’s viewed your Instagram” and it’s not who you think appeared first on Panda Security Mediacenter.
Murphy’s Law states,
If anything can go wrong, it will.
(Image via Enterprise Security Today)
Last summer, it was nearly impossible to avoid the news about the Stagefright vulnerability. At the time of its unveiling, security researchers believed Stagefright to be the worst Android vulnerability to be discovered. Nearly a year after its discovery, Metaphor is the most recent embodiment of the vulnerability to rear its ugly head.
Social engineering, a popular technique used to lure victims into becoming infected with malware, can also play a key role in encouraging victims to open web pages that allow the exploit to take place and for Metaphor to be fully effective.
This whole FBI-Apple debate has the technology world up in a frenzy about national security vs. personal security. Apple’s refusal to give up classified information to a government agency tells us something about the current state of our online safety, and lots of tech companies are stepping up to fight for our privacy.
Recently, Google conducted a study to see if the most-popular websites follow something called HTTPS Protocol. HTTPS (the added ‘S’ for secure) provides authentication of a website, ensuring its credibility for its users by encrypting the communication on its server. This makes it so that important data like our usernames, passwords, or personal messages cannot be intercepted; kind of like having our own online-bodyguard who lets us know when we are browsing a trusted site.
The results of the study could not be more discouraging.
From the one hundred sites studied, 79 do not use HTTPS by default and 67 use an obsolete encryption technology, aka no security method at all. “According to our calculations, the list of web sites that we have presented constitute about 25% of all global traffic”, a Google spokesperson stated. Does this mean that these ultra-popular sites don’t worry about our online security? It sure seems that way.
What’s even more shocking is the prestige of these sites; among them are pages like The New York Times or CNN, e-commerce platforms like eBay or Aliexpress, and well-known industry leaders such as Softonic. Google has declared war with these non-users (it searches index sites that use HTTPS and crosses out the rest with a red x in the Chrome address bar) and offers tools so that any developer can easily implement this protocol. This Mountain View company believes in “[making] the Web a safer place not only for Google users, but for everyone in general.”
Implementing this technology to add that ‘additional layer’ of security is extremely easy. Maybe the reason companies aren’t using this protocol is due to a lack of interest rather than a technical issue. Until recently, it took time and effort to develop a site with HTTPS but now there are platforms that facilitate the necessary certificates, for free.
Thankfully we have Google leading the crusade in making the Internet a safer place. Let’s continue to do what we do from the comfort of our laptop, like filling up that online shopping cart or making that bank transfer, but make sure to protect yourself. Always check for that extra ‘S’ and use a dependable antivirus service, like Panda, who will help you do it safely and smoothly.
The post Your favorite sites don’t use a secure connection appeared first on Panda Security Mediacenter.
JQuery is a very popular JavaScript library. The basic aim of this library is to erase the differences between implementations of JavaScript in various web browsers. If you have ever tried web coding you know how tedious it can be to make the code do the same thing in different browsers. Sometimes it is a really big challenge. In such situations, this library can be very useful.
Of course it is only a matter of time until such a well-known library gets the attention of those who want to use it for different purposes other than web coding. Fake jQuery injections have been very popular among hackers. And that brings us to one of the most popular infections of the last couple of months – the attack that injects fake jQuery script into the head section of CML websites powered by WordPress and Joomla.
The script is located right before the tag </head> so as a normal visitor you can’t notice anything unless you look into source code
Fit-bracelets, smart-watches, and other wearable technology have joined the “Internet of Things”, everyday objects that collect and exchange information (think: vehicles, smart thermostat systems, and any other device with online capabilities). But did you know that there are much more advanced, health-monitoring, devices out there?
The high-tech pacemakers made today have a ton of benefits, especially for patients who require constant checks and intensive control of their health. These machines have connections that allow them to exchange information with the hospital staff and doctors, as well as the machine’s vendor. Although the pacemakers are not always active, these connections are used to configure and set the parameters of the devices, to remotely monitor its activity, and to transmit the data to its carrier. So, what could be the downside?
Well, with any connected device we need to consider if and how it may be hacked. Some researchers and ethical hackers have begun to work in this field to find potential vulnerabilities, but it hasn’t been easy. Manufacturers do not want to give details on the design nor on the specifications of the running software, making it difficult to follow through with research.
So what do we know so far? In 2008, a team of researchers from Archimedes Center for Medical Device Safety at the University of Michigan in the United States confirmed that these pacemakers can be hacked, making it possible to extract personal information from devices or modify its configuration, further putting the patient’s life in jeopardy.
It was rumored that a well-known hacker named Barnaby Jack developed software to hack pacemakers, making it possible to kill anyone wearing one (no matter the distance). He died shortly before he could prove it at the Black Hat conference in Las Vegas. If there is a possible way to control the pacemaker through an internet connection, regardless of distance, there is still no published research that confirms or disproves it.
The most recent research has been done by PhD research scientist and security expert Marie Moe. She has embarked on a new project to analyze the risks and weaknesses of these devices (pacemakers and other wearable technology in medicine) with the help of other professionals in the sector. Moe became very involved in the project after realizing the risks of her own pacemaker.
The aim of her project is to prove that these products are not always safe for patients, regardless of constant development. Moe hopes her research will help prevent future attacks and allow manufacturers to fix any possible security errors on their devices. Recently, the FDA has warned of vulnerabilities found in drug injection pumps, which administer controlled amounts of medicine at certain rates to patients. The cracks in its system allow for unauthorized firmware updates; in theory, a hacker could alter the software and configure the machine however they want, even if that means setting the drug doses to lethal levels.
Information is free, protecting yourself is cheap, but no one can afford to lose a loved one because of a damaged device.
The post The Internet of Things: Pacemakers appeared first on Panda Security Mediacenter.
says the slogan of the social giant. Millions of Facebook users of different ages, nationalities, and genders share their daily life with family members and friends, and interact with brands. Among them there is a large group of teenagers who can be especially vulnerable target for cyber criminals. In this article I will help you make sure that Facebook is a safe place.
