Tag Archives: featured1

Panda Security

How kids’ toys are becoming a tool for cybercriminals

girl tablet

Until recently it would have been unthinkable to imagine that a simple Barbie doll could pose a threat to data security and information relating to minors, however, more and more toys aimed at children are now connected to the Internet of Things which leaves them vulnerable to attack.

A current example is the new Hello Barbie, recently released by Mattel, which can speak to children – it has up to 8,000 recorded phrases, allowing it to communicate with its owners.

The toy needs to be connected to a Wi-Fi network to send the audio to the servers of ToyTalk (the company responsible for the voice recognition technology), where it is analyzed and a suitable response is chosen. The users, which in this case would be the parents, have to download an application and open an account with ToyTalk to enable the doll to speak.

hello barbie

Mattel claims that the microphone will only activate itself once the related button is pressed, adding that “parents and guardians have control over their children’s information and can manage it via the account”. However, as is the case with other devices, the servers are exposed to a possible cyberattack.

An example of this type of technology’s vulnerability is the recent data leak suffered by VTech, manufacturers of electronic toys for children. The Chinese company sells tablets, mobiles, and baby monitors.

The cybercriminals managed to get data belonging to five million parents and 200,000 children from the company’s servers. This information included names, email addresses, passwords, postal addresses, and thousands of photographs of minors, and even included recordings of the conversations between the toys and their children.

With the growth in electronic toys comes a growth in possible leaks, which has led to national governments taking measures to counteract this. A recent document released by the British government stipulates the areas in which technological fields intelligence and security agencies can investigate, and each of their respective obligations.

child tablet

According to a report from the BBC, Antony Walker from techUK (an organization that represents more than 850 companies in the UK) has claimed that any device connected to the Internet is at risk of being used as a spying tool.

Walker also raised concern with regards to the danger posed by toys that come equipped with cameras and microphones. “In theory, the manufacturer of those products could be the subject of a warrant to enable equipment interference with those devices”, he added.

The aim of these warnings isn’t to cause panic, nor to put people off purchasing these toys, but rather to raise awareness of the growing risk attached to this type of gift.

The post How kids’ toys are becoming a tool for cybercriminals appeared first on MediaCenter Panda Security.

Avast

Protect your phone while traveling for the holidays

Traveling can be stressful, but even more so during the holiday season. AAA projects that the number of year-end holiday travelers in the U.S. will top 100 million for the first time on record. Nearly one in three Americans will travel this holiday season and more than 100.5 million are expected to travel than 50 miles or more from home.

Avast mobile apps help protect your smartphone when you are traveling

Avast mobile apps help protect your smartphone when you are traveling

The one thing you really want to make sure you protect while you travel is your smartphone. Not only may you have your boarding pass on your smartphone, but more importantly, the hardware is expensive and it most likely contains a plethora of personal data.

There are two main ways your phone could be compromised while traveling, especially during the holidays: physical device loss and network threats.

Have an anti-theft app installed

Airports and train stations will be bustling with people, you may have to dash to catch a flight or make a pit stop during a long car ride. In all of these situations, your phone is at risk –physical risk. Pickpockets prefer to work in high density areas, and it’s easy to lose things like your phone when you’re in a rush.

If you lose your phone, Avast Anti-Theft can help protect your data and help you find your phone.

With Anti-Theft, you can accomplish the following:

  • Remotely locate your phone on a map via GPS, Wi-Fi or mobile network
  • Remotely lock your phone
  • Be notified about a SIM card change — the new number and GPS location will be sent to your pre-selected friend
  • Remotely activate an alarm
  • Remotely wipe your phone
  • Remotely lock your phone’s settings app

Use a VPN when connecting to public Wi-Fi

Besides physical loss, your smartphone can be compromised when using public Wi-Fi. Using software that is readily available on the Internet, anyone can snoop on Wi-Fi traffic if they are connected to the same network as you are. This means they can see the websites you visit and, in some cases, even capture login information, which is why it is vital to use a VPN. VPN stands for virtual private network and serves as a private tunnel that encrypts your data while connected to open Wi-Fi and, thus, protects your data from being intercepted and read.

Avast SecureLine VPN is a great, affordable, one-click VPN. In addition to protecting your data, you can also choose which of the many Avast servers located around the world that you want to connect through. This allows you to circumvent geo-restrictions, so you can view content from your home country while traveling abroad.

Happy holidays and safe travels from Avast!

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Panda Security

The security risks posed by working from home

working from home

It offers greater flexibility for employees and makes them more productive – the work from home revolution, which is being offered by more and more businesses, allows workers to complete their jobs from the comfort of their own home. According to Eurostat, 35% of European businesses currently offer their employees the option of working from home.

Although this percentage is lower in some countries (the EU average is 12%, while in the UK the figure rises to 25%), the trend is clear, and businesses that have yet to embrace it do so for fears over security.

If employees manipulate information from their homes, the companies don’t have any control over the security that is in place, which leads to fears over the loss or theft of data.

The fear is logical as a home environment could be much more vulnerable than a corporate one, where the software of the servers offers greater security guarantees.

The existing risks are, in reality, quite varied and extensive. Data loss can arise in various different forms such as a failure in the system that deletes files that haven’t got a secure copy, the theft of a password, or even the computer itself. This could all result in a thief getting is hands on your company’s confidential information.

That said, working from home doesn’t have to be synonymous with danger. For employers to permit their staff to work from home, they first need to put in place a protocol that establishes rules for working from home or outside of the office.

home office

However, there are some measure that workers can take to avoid any shocks. To start with, the use of remote desktops is a possible solution. With them, it is possible to avoid information theft as they allow the employee to connect directly to the company’s server where the information is stored and where there are automatic security copies made.

Passwords and encryptions

Another key point for making working from home safe is the concern over passwords. The theft of that which the employees uses for accessing the company’s network while working out of the office could end up being disastrous, practically handing a huge amount of data to a cybercriminal.

Beyond the corporate server’s passwords, teleworkers that carry out their tasks from home should keep in mind that, when using services and tools on the cloud, that they follow certain steps in creating secure passwords. These including avoiding the use of the same password over and over, making sure to change it frequently, and using a password manager.

That said, passwords aren’t always enough. Although a remote desktop is useful for avoiding the storage of corporate information on a home computer, sometimes it is unavoidable.

In this case, apart from using a safe password, it is important to encrypt confidential information. This way you can avoid a laptop theft resulting in the theft of information. Encrypting archives via the operating system or encrypting the hard drive removes all of this risk.

One way or another, working from home is growing at an unstoppable rate thanks to technology, but it should mean that security has to suffer – the correct technology offers tools so that information isn’t at risk while workers complete their jobs from home.

The post The security risks posed by working from home appeared first on MediaCenter Panda Security.

Avast

May the force, but not the malware, be with you!

Not very long ago, in a galaxy not far away, a group of cybercriminals decided to take advantage of the Star Wars effect to spread malware among the most impatient fans.

sw-fake-pirate

A lot of people cannot wait to see Star Wars: The Force Awakens, and that’s something cybercrooks know. That’s why a lot of links that theoretically allow the download of the new movie of the popular saga appeared. As many of you can imagine, those links do not include the films, the only thing they include is malware! An idea worthy of Darth Vader!

We can see those links in popular download sites, along with a lot of comments from users that warn about the true purpose of the links: To install malware on users’ devices.

SW-sith

Is easy to avoid falling victim of this type of scam; just avoid clicking on suspicious links and install an antivirus, like Avast 2016, and keep it updated.

As master Yoda said: “Patience you must have, my young Padawan”.

The power of the dark side is very tempting, but do not let cravings take over you. May the Force and Avast be with you!

Images via ADSLZone and Starwars.com

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

 

Panda Security

How to be a cybersecurity Jedi – 5 things we’ve learnt from Star Wars

While we await the premiere of the seventh installment in the famous series, Star Wars VII: The Force Awakens, we’ve decided to look back on the original trilogy to look for subtle security tips that are hidden in films.

Pop culture, especially when it concerns robots, spaceships, and technology, can show us a lot about data protection and strategies to prevent possible cyberattacks.

star wars

Hiding places can be found

In The New Hope, the original film, Princess Leia managed to record a message on R2-D2 in the hangar that she’d been held captive in. Later, the lovable robot escaped with his companion, C-3PO, and they made it to Tatooine.

There they found a young Luke Skywalker who, after playing around with some buttons, succeeded in unlocking the holograph message that the princess has left on the machine, which also included blue prints of the Death Star.

All of this valuable information was protected by what is known in the real world as security through obscurity: a strategy that uses a secret in the design of a program to hide information. Its defenders don’t think it’s likely that anyone could discover what’s hidden but, without a good encryption, Darth Vader could have easily accessed the information saved on R2-D2 (if he had managed to capture the two friends).

death star

Small vulnerabilities, big problems

At the end of the film, Luke Skywalker is able to blow up the massive Death Star with just two shots: applied to the right spot, a small hit can cause huge damage.

Something similar happens in IT security. Sometimes it’s the small vulnerabilities in the most basic of software that serves as an entry point for cybercriminals, allowing them to carry out complex attacks, steal information, or take control of the entire network. The conclusion is that, in order not to wind up like the Death Star, be sure to look after the security of your devices, up to the smallest of details.

Hackers with Jedi abilities

We also see in The New Hope that Obi-Wan Kenobi shows his Jedi abilities to trick the imperial soldiers, playing with their minds to make them believe something different to the reality.

Cybercriminals use a similar trick to make programs miss certain details. Many types of malware include what is known as a rootkit, which hides in the operating system and stops the malware from being detected.

luke star wars

The importance of good training

In The Empire Strikes Back, Luke had to decide between sticking with his Jedi training or rescuing Han Solo and Princess Leia. Despite his masters advising him against it, he went with the latter. As a result of this, he couldn’t save any of his friends and ended up losing an arm. Perhaps if he had continued with his training he would’ve been better prepared.

Security professionals don’t have to rescue any princesses, but they also can’t afford to let their training be an afterthought. It’s important to always be prepared as cybercriminals are constantly developing new and more sophisticated strategies.

ewok

The secret of the Ewoks

Even the loveable Ewoks from The Return of the Jedi have something to show us: they may have only used simple weapons, such as wooden catapults, but that didn’t hold them back.

As a whole, simple security strategies are extremely useful. One of the most basic, the application of various security layers to protect devices, hasn’t lost its use despite ever more complex attacks. If you use different tools, they will each cover the deficiencies of the other.

The post How to be a cybersecurity Jedi – 5 things we’ve learnt from Star Wars appeared first on MediaCenter Panda Security.

Panda Security

Panda Security launches Small Business Protection, the cybersecurity solution for microbusinesses and freelancers

small business antivirus

Online threats don’t just affect private users and large corporations. Freelancers and microbusinesses, which in the USA account for nearly 80% of the business sector, are an easy target for cybercriminals.

To help them stay protected against the 230,000 malware samples that are created daily, Panda Security has launched Small Business Protection, the new antivirus for freelancers and microbusinesses that protects them against large threats. Now, these companies can rely on a solution that eliminates, in real-time, all types of viruses and threats on IT devices.

Amongst the main characteristics of Small Business Protection is its ability to protect against both known and unknown threats, thanks to a security model based on the supervision of processes and the control of applications that run on the company’s computers.

This allows Panda to offer these types of businesses a complete protection that also protects against online fraud, identity theft, phishing attacks, and other threats. What’s more, in no way will it affect the performance of the devices as it is a lightweight and responsive product.

Wi-Fi protection against hackers and intruders

One of the daily battles that microbusinesses face is keeping their corporate data free from threats via Wi-Fi connections. To combat this, Small Business Protection includes a security model that detects weaknesses on the Wi-Fi network and protects against intruders. Thanks to a bidirectional firewall, corporate users can browse on the network in peace, without interruptions, and protected against unwanted connections.

Furthermore, Panda Security has incorporated a series of periodic tips and recommendations in Small Business Protection so that its users can increase the security of their network without needing to be IT experts.

“With Small Business Protection we wanted to help freelancers and microbusinesses to protect their business. They need the same protection as a large organization and by using free antiviruses, or inappropriate solutions, they are putting their company’s security at risk,” claims Alejandro García, Panda Security’s Head of Global Strategy. “This solution is particularly relevant for the USA, where approximately 80% of businesses consist of 9 employees or less.”

Small Business Protection is a product designed so as to allow freelancers and SMEs to focus their attention on the correct development of their business, removing any barrier that gets in the way of this, including cybersecurity. An intuitive and simplexity version of Panda Security’s best protection just for them.

To get more information on Small Business Protection, enter here.

The post Panda Security launches Small Business Protection, the cybersecurity solution for microbusinesses and freelancers appeared first on MediaCenter Panda Security.

Avast

Retailer’s apps reveal your Christmas list to the public

By using some retailer’s apps to make your holiday wish list, more people than just Santa Claus can see your list. In fact, it may be accessible to anyone over the Internet!

Santa Claus

America’s most popular retailers collect more information about you via apps than you may be comfortable with.

Recently, the Avast Security Warriors began looking into shopping apps to see what your favorite retailers know about you. They found that these apps, like many other apps out there, collect data and request permissions that are unnecessary for their app to function properly.

Initially, we were curious to see what retailers wanted to know about their customers based on the data they collect. We randomly chose apps from the following retailers: Home Depot, J.C. Penney, Target, Macy’s, Safeway, Walgreens and Walmart. In this blog post, we focus on Target and Walgreens.

You’re making your list and Target is checking it twice!

If you created a Christmas wish list using the Target app, it might be accessible to more people than you want to actually receive gifts from. The Target app keeps a database of users’ wish lists, names, addresses, and email addresses. But your closest family and friends may not be the only ones who know you want a new suitcase for your upcoming cruise!

To our surprise, we discovered that the Target app’s Application Program Interface (API) is easily accessible over the Internet. An API is a set of conditions where if you ask a question it sends the answer. Also, the Target API does not require any authentication. The only thing you need in order to parse all of the data automatically is to figure out how the user ID is generated. Once you have that figured out, all the data is served to you on a silver platter in a JSON file.

The JSON file we requested from Target’s API contained interesting data, like users’ names, email addresses, shipping addresses, phone numbers, the type of registries, and the items on the registries. We did not store any personal information, but we did aggregate data from 5,000 inputs, enough for statistical analysis.

 

An example of the data that we were able to obtain via Target’s API

An example of the data that we were able to obtain via Target’s API

Target doesn’t know if you’re naughty or nice, but they do know who you are 

We took the 5,000 random inputs, and out of curiosity, looked at which brands appear on their registry the most, which states the Target app users are from, and what the most common names of people using Target’s app are.

The top 10 brands on Target app users’ registries

The top 10 brands on Target app users’ registries

 

Map showing where the 5,000 app users are from within the U.S.

Map showing where the 5,000 app users are from within the U.S.

There were more than 1,700 unique names in our sample – these are the top 20 names of Target app users.

Jasmine           162
Jamie               132
Jessica            79
Ashley              67
Jackie              67
Jordan              64
Amanda            58
Jennifer            55
Sarah               45
Jacqueline        41
John                 39
Megan              38
Dominique        36
Heather            34
Amber              33
Jade                 33
Melissa            32
Stephanie         32
Katie                31
Brittany            30

In addition to collecting personal data, the shopping apps we looked at also request a plethora of permissions.

The prize for the most unnecessary permissions requested by a retail app goes to…

Walgreens logoIf you want to choose a shopping app based on the amount of unnecessary permissions it collects then Walgreens is the app for you!

The Walgreens app not only requests permissions that are completely unnecessary for its app to function, but also requests more permissions than any of the other retail apps we looked at – see screenshot below. The Home Depot app came in close second in terms of unnecessary permissions requested.

Walgreens app

 

The Walgreens app has permission to change your audio settings, pair with blue tooth devices, control your flashlight, and run at startup – completely unnecessary for the app to function properly. On the bright side, these retail apps aren’t the most permission-hungry apps we have ever seen, in fact compared to other apps out there they are decent.

But, now imagine what could happen if this valuable customer data landed in the wrong hands. The ways this data could be misused are far and wide. It is, therefore, important that people are aware of how many permissions they grant the apps they use and understand what data the apps collect.

Stay tuned for more as we investigate the vulnerabilities of mobile apps and the need for mobile security.

Continue reading Retailer’s apps reveal your Christmas list to the public

Panda Security

5 memorable WhatsApp scams from 2015

Just like we saw in 2014, it has been a year full of scams, tricks, and swindles aimed at WhatsApp, the ever popular messaging service.

We don’t doubt for a moment that 2016 will be any different, so we’d like to remind you of how cybercriminals look for their potential victims by taking a look back on the main scams we’ve seen on WhatsApp this year.

Amazon-Gift: a virus in WhatsApp

The Trojan known as Amazon-Gift tell users through a WhatsApp message that both companies have joined and they are offering a gift-card. And if the user wants to obtain the check he must click on a link.

whatsapp virus

The prize is none other than a Trojan that will infect your mobile phone and add it to a network from which other cyber-attacks will be launched.

So, now you know if someone sends you an Amazon-Gift forget it and don’t click on the link!

Voice messages for WhatsApp?

In this case, we were advised by email that we had a voice message waiting for us. The infection was unleashed once we downloaded this supposed message which one of our contacts was said to have left us.

whatsapp voice message

As we warned you in May, cybercriminals try to infect us by via emails in which they invite us to download a WhatsApp voice message.

Discount coupons

Neither McDonald’s nor Ikea are offering coupons for filling out surveys on WhatsApp, yet this method of social engineering was spotted in 2015, with the aim of stealing confidential information from victims.

ikea scam

It all starts with a link sent by one of your contacts. From there, the potential victims have to fill out a survey which is supposedly from the well-known brand. This is how the criminals get the private information and have used other famous names such as Zara, Lidl, and Starbucks to complete their scheme.

WhatsApp Trendy Blue

This is the latest scam that tries to trick users of the instant messaging service. This supposed new version of the app promised new personalization options but, in reality, the user was signing up to a premium rate tariff without realizing it…

whatsapp trendy blue

Don’t fall for these traps! Only trust the versions that are offered via the official store!

Spying on our contacts’ conversations 

This scam was launched in 2014 and reappeared again this year with the aim of taking advantage of the human desire for gossip. Like anyone else, we would all love to read the private messages of someone, whatever the motive!

whatsapp spy

This is why cybercriminals create fraudulent applications like this, claiming that by downloading it you will be able to spy on your contacts’ chats.

The post 5 memorable WhatsApp scams from 2015 appeared first on MediaCenter Panda Security.

Panda Security

10 tips to avoid unwanted surprises this Christmas

christmas gifts

Christmas is around the corner and with it comes the usual round of parties and celebrations. This means that our spare time is taken up more than usual, which has an effect on how we complete our gift shopping. The easiest way around this for most is to take to the Internet, avoiding the queues and stress of the stores, in search of those last minute presents.

However, the speed and efficiency of online shopping isn’t the only thing we may experience as this time of year is prime season for cybercriminals and scams, owing to the sheer quantity of activity taking place online. For this reason, we’ve got some tips to help you avoid any nasty surprises.

Also, because taking precautions shouldn’t just be confined to December, nor to online shopping, we’ve filled out the following list of recommendations with some tips regarding how to stay safe when using some of the new technology you might find under the tree this year.

10 tips to avoid unwanted surprises this Christmas

1. Be wary of your cards

Services like PayPal are highly recommended as they encrypt all transfers. If you use them in conjunction with a credit card, you will double your protection if you add in the antifraud used by banks. Anyway, if you only use a credit card, be sure to use just one so as to minimize any potential risks.

2. Pay attention to your browser

Despite always being advisable to surf on secure websites, it is even more important at this time of the year. Only make purchases on known platforms that use authorization services to complete transactions.

amazon

3. Manage your passwords

Make sure that your passwords are secure. During the days leading up to Black Friday, many Amazon users received emails that advised them that their passwords has been reset because someone has tried to access their accounts.

4. Bargains and scams

Don’t trust emails that arrive in your inbox claiming to offer you discounts and deals, especially if they come from unknown sources. The links might direct you towards fraudulent pages where a malware could install itself on your computer.

5. Games and privacy

Recently, a group of cybercriminals hacked the servers of VTech, a manufacturers of electronic games such as tablets, computers, and dolls). They stole information belonging to five million customers, including photographs of minors. Although the company assures us that the theft hasn’t affected credit card details, the hack serves as a reminder that we should be careful with information that kids and parents share on technological devices.

6. Drones

These remote controlled flying machines are all the rage at the moment and there’s a high chance of one being under the tree in your home. Where you give or receive one, keep in mind that just like any other electronic device, they too can be at risk. They are easily manipulated, which can cause them to veer off course, so it’s best to use them in places where there is no risk to third-parties.

7. Watch out when using public Wi-Fi

Don’t fall for the temptation to purchase online when you’re connected to public Wi-Fi. Avoid carrying out anything related to your bank as your device won’t be protected against any attacks – cybercriminals can follow your steps on the network and spy on communications carried out on different pages.

smartwatches

8. Time to take precautions

Smartwatches are another present that many of us will give or get this Christmas. The sensors that are built into them obtain user information which most of the time is stored on the cloud, not to mention the separate information that the applications store. Make sure that the model that you have allows you to block the screen, be sure to choose good passwords, and inform yourself of encryption measures that the brand uses.

9. Keep your receipts

Once you’ve completed a purchase, save the receipts and proofs of purchase just in case there is a problem down the line. Also, take a look at your bank statement every so often to ensure that there are no unauthorized movements being carried out.

10. Information and wearables

There’s no better gift for a runner than a device that measures their physical activity and health at the same time. Bracelets such as trackers store a huge amount of information and share them with different applications. As a security measure, keep an eye on the passwords for your accounts, deactivate Bluetooth when you don’t need it, be care with what your share on social media, and read the terms and conditions of the apps that are linked to the device.

The post 10 tips to avoid unwanted surprises this Christmas appeared first on MediaCenter Panda Security.

Panda Security

Thousands of errors found in multiple Internet of Things devices

iot

The Internet of Things (IoT) has arrived and it’s here to stay. What might seem a tool that is only used by a select few will soon become a worldwide trend – the lock on your home, your household objects, and even your toothbrush will soon be connected to the network and under control via an app.

For this to become a reality, it will be necessary that an army of engineers and developers that program the software is created. It is estimated that in the coming years this will generate millions of employment opportunities. That said, it won’t just be necessary to create thousands of applications and devices that are connected to the network, but rather the importance will be on protecting the security of users.

In fact, the first stages of the Internet of Things is fraught with a worrying number of vulnerabilities – according to a study by Andrei Costin and Aurelien Francillion, two security experts at the French investigation center, Eurocom, IoT devices that are currently on the market are riddled with security flaws.

To complete their investigation, the pair analyzed nearly 2,000 variants of firmware that accompanied the first network connected devices. The conclusions of the study couldn’t be more worrying – they found nearly 10,000 vulnerabilities that could put user security at risk.

Among these flaws were some that would allow cybercriminals to access personal information to even infect the device with the aim of controlling it remotely.

iot home

The situation is particularly worrying if one keeps in mind that a lot of devices related to the Internet of Things are used to control doors and windows of homes, and even the temperature of the house. By taking advantage of this, a criminal with sufficient knowledge could manipulate the devices and gain access to our homes.

As Costin explains, the team of investigators unearthed these flaws in a simple way. He highlighted that the manufacturers could have discovered them earlier if they had used his methods before releasing them on the marketplace.

Although it is worrying that they have found nearly 10,000 vulnerabilities, it is even more frightening to think that the investigators limited their search to only the interfaces of the devices. This all points to a grim reality of the possibility that there are still more flaws that have yet to be discovered.

If the Internet of Things wants to become a reality within our lives, it is hugely important that its developers pay more attention to its security. Only then will users be able to use connected devices without the fear of a security flaw hanging over them.

Meanwhile, Costin and Francillon’s investigation appears to indicate that our data and security are currently at risk due to this new technology.

The post Thousands of errors found in multiple Internet of Things devices appeared first on MediaCenter Panda Security.