Tag Archives: featured1

Panda Security

Miguel Bullón, the new Global Retail Director for Panda Security

Panda Security has recently appointed Miguel Bullón as its new Global Retail Director. In his new role, Miguel will be responsible for international business development with an emphasis on the area of consumer products. From now on he will lead the Panda Security retail teams and will report directly to Rado Svicin, Panda Security’s Global Online Sales Director.

Miguel Bullón has a degree in Marketing and Sales from ESIC and has extensive experience in business development with several companies in the ICT sector.

Before joining Panda Security, Miguel held many high-profile posts with Cisco where he oversaw sales in the Mediterranean area. Previous to that, he worked at NetGear, where he was in charge of business development for Spain and Portugal. Before taking on the role of Global Retail Director, Miguel served as International Business Development Executive.

Miguel Bullon

“We are confident that Miguel has both in sales and business development in various multinationals will give the company an added edge. His work in other ICT companies has been outstanding so we are convinced that he will have great success in his new role,” says Diego Navarrete, CEO of Panda Security.

“For me it is a great professional challenge to be part of a great company like Panda Security. It is an honor to lead the area of international consumer sales, not to mention that with such a talented team, I’m sure we will achieve great success,” stated Miguel Bullón.

You can download the photo here.

The post Miguel Bullón, the new Global Retail Director for Panda Security appeared first on MediaCenter Panda Security.

Avast

Mr. Robot Review: v1ew-s0urce.flv

This week’s episode was pretty intense — although not so many hacks took place, this week focused on meaningful development of the show’s characters. The episode opened with a flashback to when Elliot and Shayla met; we now know where he got his fish and that he is the reason Shayla got involved with Vera. Then we move onto Angela, who has gone forward with her plan to get justice for her mom’s death, but she isn’t the only one on a mission. Tyrell continued in his fight to become CTO of E Corp – going a little too far (even for his own comfort) during his private time with Sharon, the wife of the newly-appointed E Corp CTO.

Despite the fact that there were no major hacks, there were a few interesting scenes I sat down to talk about with my colleague, Filip Chytry, security researcher at Avast.

via: USA Networks

Minute 10:30: Gideon tries to talk to Elliot about his grieving over Shayla. Elliot recalls how he got into web design by ripping off sites he liked by copying their source code and then modifying that code. He then wonders what it would be like if there were a “view source” option for people. We then see people in the AllSafe office walking around with signs around their necks that say things like “I love feet” or “I got a nose job”.

Stefanie: This scene with people walking around with their “source code” amused me. Do you think it would be a good idea if we could see people’s source code as easily as we can view website source codes? And I have to ask, what would your source code be Filip?

Filip: There is a saying, “some things are better left unsaid” and in this case I would say, “some things are better left unknown”. As we saw in the scene, some people’s source code is a little too private to be seen by the world and in the digital age,we share enough of our private lives that there is no need to go that far. As for my source code… I would rather not say, but I think it would involve sports, chocolate, or cars.

Stefanie: Do hackers ever leave clues or messages in their code?

Filip: Yes, they occasionally do! My colleague Jan analyzed Android malware, XBot, at the beginning of the year. In the code, the malware author left a clear and rather unpleasant message for antivirus companies. We guessed that he was a little bitter about us blocking his masterpieces.

Minute 25:40: Darlene is summoned for a meeting with Cisco. He is upset that she hacked him to contact White Rose from the Dark Army using his handle.

Stefanie: Darlene is such a rebel! Can you help me understand how she ended up communicating with the Dark Army using Cisco’s handle?

Filip: She hacked his router. She probably figured out which router he was using and exploited a vulnerability to get into the router. Today’s router security situation is similar to PCs in the 1990s — new router vulnerabilities are discovered every day. From there, she got ahold of his IP address by looking at his router’s past communication. Getting into the channel, which I am guessing is either a forum or chat, using his handle depends on how hidden the channel is, and if the “Dark Army” is involved, I am guessing this wasn’t very simple.

Stefanie: Wow! Routers are the center point of households nowadays, with Internet-connected devices all connecting to the router itself. What can people do to protect themselves?

Filip: It’s simple, really — they can use Avast’s Home Network Security scanner! Home Network Security exposes weak or default passwords, vulnerable routers, compromised Internet connections, and enabled, but not protected, IPv6. Home Network Security provides guidelines explaining how to fix vulnerabilities to make sure your network is fully protected…something Cisco (Darlene’s ex boyfriend on Mr. Robot, not the router manufacturer!) should consider doing. ;)

Minute 38:05: Darlene goes to meet with fellow FSociety member, Trenton, to convince her to re-join the cause. Trenton asks Darlene if she has ever thought about which part of the FSociety scheme motivates her. Trenton then describes what she thinks motivates the other members: momentary anarchy, palling around, and fame.

Stefanie: What do you think motivates hackers?

Filip: Back in the day, hackers used be motivated by fame – hacking for the sake of proving something can be hacked –but the game has since changed. Hackers are now more motivated by financial gain and steal money from accounts, hold data hostage for ransom or steal customer data from major corporations to sell on the black market of the Internet. The days of famous hackers are basically over because nowadays, hackers want their identities to remain anonymous in order to keep committing cybercrime.  

What did you think of the episode? Let us know in the comments below!

 

Panda Security

Smart cars – are they a danger to your safety?

cars

Imagine that you’re cruising along at 112 kilometers per hour, confident in the stability and security of your brand new Jeep Cherokee. Suddenly, you begin to notice that the air conditioning has come on by itself. Next of all the music is increasing in volume and the windscreen wipers have taken on a life of their own. Finally, the engine cuts out.

This is what happened to Andy Greenberg, a journalist for Wired. Luckily for him though, two experts in computer security, Charlie Miller and Chris Valasek, had already warned him that this could happen.

From a distance of 15 kilometers, the two investigators were able to control the vehicle by taking advantage of a vulnerability in the navigation and entertainment system, Uconnect. Chrysler chose to cover over the problem with a blocker that the client had to download, but eventually they admitted that they had to recall up to 1.4 million vehicles.

The Internet of Things has come down heavily on the automotive industry. According to a report by Gartner, more than 150 million cars will be connected by 2020. However, the security of their systems is still a pending issue.

This isn’t the first time that these investigators have called on the manufacturers to pull up their socks. They have spent three years studying how to hack smart cars and have passed on their concerns to the lawmakers.

US Senators Richard Blumenthal and Ed Markey hope that a new law will establish a series of standards of protection to ensure the safety and privacy of the information of these vehicles. Markey commissioned a report which concluded that, with this technology, there are new vulnerabilities that could be exploited by cybercriminals. The study also said that most car manufacturers surveyed were not aware of potential security breaches in their vehicles.

Valasek and Miller are not the only ones studying the errors in these smart cars. Security expert Samy Kamkar will present the details of a new attack on the OnStar system for smart cars at the DefCon security conference. This new attack can locate the vehicle, unlock and even start the engine, all from a mobile phone app called Remote Link.

Kamkar has shown that with a cheap homemade device (it only cost him $100, about €91), it is possible to intercept the information being sent to the smartphone to locate, unlock and start the engine.

car

A few months ago we learned that a 14 year old was able to hack a smart car and wirelessly activate the wipers, the locking system and the lights, all with a homemade circuit.

“The safety of these cars is virtually nonexistent, it is at the same level of protection as the desktop computers that we had in the 80s. The basic requirements of authentication, confidentiality and integrity are not strong,” warned Andry Rakotonirainy, a researcher at the Accident Research Centre and Highway Safety at the Queensland University of Technology. According to this expert, while the technology continues to advance, so does the risk associated with it.

According to forecasts by Gartner, within five years we could all be driving a smart car, while Google reckons we’ll be occupying the passenger seat, as it expects to start selling its famous autonomous cars that year. The FBI has already warned, in an internal report, of the danger that cybercriminals can pose to the safety of autonomous cars by making them ignore traffic lights and speed limits, or to even schedule car bombs.

Despite the advantages of our cars being connected to the Internet, such as allowing us to publish on social networks or to listen to internet radio, this wireless connection has opened up a new range of vulnerabilities. We better hope that car manufacturers begin to consider security from the current design of smart cars and future autonomous cars to prevent any cybercriminal from locating our vehicle and making a fool of us by, hopefully, just messing with our windscreen wipers.

The post Smart cars – are they a danger to your safety? appeared first on MediaCenter Panda Security.

Avast

Windows 10 Service Agreement upsetting privacy watchdogs

Targeted advertisements based on your search history, location tracking, Wi-Fi sharing, torrent style updates – features that share too much are getting privacy watchdogs in a tizzy.

 

Windows 10

image via Microsoft

Reviewers and consumers alike are happy about the new Windows 10, but now that there has been time to read through the 45-page long consolidation of Service Agreements into one central agreement (which also covers Bing, Outlook, and Xbox Live) some data protection advocates are taking issue with certain features. The European Digital Rights (EDRi) organization summarized that “Microsoft basically grants itself very broad rights to collect everything you do, say and write with and on your devices in order to sell more targeted advertising or to sell your data to third parties.”

Sharing your business to keep yourself organized

Anyone remember this assistant?

Anyone remember this assistant?

One of the useful but controversial features in Windows 10 is a personal digital assistant called Cortana, similar to Apple’s Siri (and light years away from Clippit, Windows 95 office assistant!) Cortana can set reminders, recognize your natural voice, use information from Bing to answer questions, and of course save all that information in order to provide personalized search results, which basically means you are being profiled so targeted ads can be presented to you (Facebook and Google does that too). Cortana can be disabled and you can opt out of personalized ads.

Sharing your Wi-Fi with trusted friends

Wi-Fi Sense is a feature of Windows 10 that lets you give access to your Wi-Fi network to your friends without sharing your password. It’s designed to make it easier to use a friend’s or business’s wireless network. You and your friend must enable Wi-Fi Sense (Outlook and Skype contacts are authenticated by default, but you must allow your Facebook friends access) and you must choose which network to share.

It is actually safer than it sounds, because your friends can use your internet without getting access to your personal files and folders. Wi-Fi Sense maintains the encryption of your network so hackers or freeloaders cannot use it – or at least that’s the way it should work. If history repeats itself, and we know it does, then hackers will eventually find a way around that. You can disable and block Wi-Fi Sense.

Sharing (or is it stealing?!) your bandwidth

In order to prevent hacking and viruses, Windows 10 automatically downloads and installs security patches and updates using a torrent- style peer-to-peer delivery system called Windows Update Delivery Optimization (WUDO). Instead of having to handle huge update files, each person distributes a small portion of the files across multiple computers, thereby making the update download quicker. The feature is enabled by default in the Home and Pro edition.

All that sharing sounds good, but the way it works may be inconvenient for those who have limited bandwidth or those who think of it as stealing rather than sharing. You can disable Windows Update Delivery Optimization.

Sharing your data with the law

One particular excerpt from the privacy policy states that Microsoft can “access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to protect our customers or enforce the terms governing the use of the services.”

What this means is that Microsoft can share information if required by law or in response to law enforcement or other government agency requests. This does not seem too different from the way Google or other companies handle civil and law enforcement requests for user data.

Read the Microsoft Service Agreement and Privacy Statement.

 

Follow Avast on Facebook, Twitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.

Panda Security

Thunderstrike 2 – the first virus for Mac

It seemed like this moment would never come and many times we were assured that there was no threat of a virus for Mac users… but Thunderstrike 2 has arrived and swiftly refuted those claims.

This worm was designed by two IT security experts, Xeno Kovah and Trammell Hudson, after noticing a security breach a few months ago. As reported in Wired, they found that various known weaknesses that affect firmware in all the main PC manufacturers could also be used against MAC.

The infection is able to be transmitted through email phishing, by USB o by an Ethernet port, without being detected.

According to its creators, this is how Thunderstrike 2 works:

The post Thunderstrike 2 – the first virus for Mac appeared first on MediaCenter Panda Security.

Panda Security

Panda Security detects and blocks 99.9% of threats!

March, April, May and June. During the last four months, Panda Security has obtained the best rate protection in the Real World Protection Test by Av-Comparatives.

It’s possible that you don’t know exactly what this means, so that’s where we come in! The test reflects real conditions in which the security solutions of different companies are analyzed and examined.

It is an independent laboratory, so the conclusions drawn from the tests are really important.

In these tests, Panda participated with our free antivirus, Panda Antivirus Free, and successfully detected and blocked 99% of the threats.

It’s easy for us to say this to you in words, but we think you’ll appreciate it more with this info-graph.

best protection

So, there you have it, if you want the best protection… you need Panda!

If you want to share the info-graph you can do it with this code!

The post Panda Security detects and blocks 99.9% of threats! appeared first on MediaCenter Panda Security.

Panda Security

5 tips for protecting your YouTube account

youtube

Videos, videos, and more videos! The millions of YouTube users are probably unaware of the dangers when surfing the platform looking for the next viral hit. However, this Google service is in the eye-line of many cybercriminals.

Through phishing attacks, they try to obtain passwords to access information such as bank data associated with your YouTube channel. The problem may be even greater if the account you use is owned by the company for which you work.

So, in the event that you have a YouTube channel which you use frequently, take note. Carelessness can end up being very expensive taking some precautions will serve you in the long run.

5 tips to protect your YouTube account

1. Be careful with shortened links

To begin with, be wary of any shortened link that reaches you, no matter where it comes from. While most are safe, some hide nasty surprises, like a malware that is automatically downloaded to your computer to steal information. Before clicking, make sure you know where the link will lead you to.

password

2. Use secure passwords

A key aspect in preventing a phishing attack is to have a strong password. It should include a mix of uppercase, lowercase, numbers, symbols and the maximum number of possible. In addition, it is recommended to change your password every three months if you can. This way you’ll be able to ensure that the cybercriminals are stopped in their tracks.

3. Change your  password frequently

As if it needs to be repeated, but be cautious with your password – do not use the same one you use on other platforms and don’t have it written down. We must tread warily in the digital world, but the physical world can be just as dangerous.

4. Don’t give your information away via email

You shouldn’t trust emails that you receive that request the password with which you access your YouTube account. In fact, if it comes from Google itself, be extra wary – an attack uncovered a few months ago shows that a malicious URL, in the guise of a company link, could make users enter their information without realizing it.

5. Fill out the recovery form on Google

It is important that you fill out the recovery form on your Google account. Although you may not like the idea of ​​giving your phone number to the company, it is a good way to avoid bigger issues if you discover that someone tries to enter your account – you’re the only one who has access to the recovery code on your phone.

In short, common sense and some thoughtfulness when creating your password can save you some massive headaches later. Just check carefully where you enter your personal details and this will stop cybercriminals from getting their hands on it.

The post 5 tips for protecting your YouTube account appeared first on MediaCenter Panda Security.

Avast

Windows Phone Store scam: malicious mobile apps aren’t unique to Google Play

Although it’s possible to use third-party apps stores safely and securely, the fact that scams do still occur in a variety of app stores shouldn’t be ignored. On Sunday, a threat was discovered by a user who posted the issue on our forum. The scam, located within the Windows Phone Store, advertised three fraudulent versions of Avast Mobile Security. These fake apps not only include the Avast logo, but also feature actual screenshots from AMS in their image galleries. Our fast-acting team has since blocked the pages and has labeled them as malicious.

Fake AMS apps collect personal data and redirect users to adware



If downloaded, these fake versions of AMS found on the Windows Phone Store pose a risk to users’ security. Here’s how they work:

  1. New Avast security: This app includes three control buttons which show only advertisements. Even without actively clicking on the ads, the app redirects users to additional adware.
  2. Avast Antivirus Analysis: Claiming to “protect your phone from malware and theft”, this malicious app runs in the background of victims’ devices once downloaded and collects their data and location.
  3. Mobile Security & Antivirus – system 2: Simply put, this is a paid-for version of “New Avast security” that forcibly leads users to adware.

The fun doesn’t stop there!

After doing some additional research, our malware analysts discovered that TT_Game_For_All, the same user that published the fake AMS apps, isn’t solely impersonating Avast. Instead, this cybercriminal has published a large collection of close to fifty apps, the majority of which cost around the equivalent of 1.99 USD. Certain apps even claim to be from other well-known companies such as Qihoo 360, APUS, and Clean Master. 



Keep your eyes open for app store threats

This case goes to show that when it comes to mobile malware, it’s not only the Android platform that is vulnerable to attacks. Although Windows Phone devices aren’t currently as widely used as that of Android, it’s important to be careful regardless of the platform that you use. Finally, keep in mind that Google Play isn’t the only app store users should be paying attention to when it comes to avoiding mobile scams and threats — these threats can occur within any app store.

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Avast

Computer-aided sniper rifles the latest things controlled by hackers

via Wired

via Wired

For those of you keeping track, you can add high-tech sniper rifles to the growing list of Things That Can be Hacked. The vulnerability that allowed two security researchers to break into the computer guidance system of a sniper rifle is the same that allows hackers to access baby monitors and home routers. Simply put, the default Wi-Fi password, which was locked by the manufacturer, allowed anyone within range to connect. The typical range is up to 150 feet (46 m) indoors and 300 feet (92 m) outdoors.

In advance of the Black Hat conference this month, security researchers Runa Sandvik and Michael Auger, have demonstrated that they can hack TrackingPoint precision-guided firearms.

The TrackingPoint rifles can make a sharpshooter out of a novice. This is thanks to the computer-aided sensors including gyroscopes and accelerometers which take into account all the factors that a sniper scout would look for; wind, speed of the target, distance, snipers orientation, ammunition caliber, even curvature of the earth.

I asked Steve Ashe, a veteran of Desert Storm and Desert Shield, who collaborated closely with the sniper team what he thought about such technology. “Trained scouts and snipers must master a set of physical and mental skills that is beyond the reach of most people. This type of rifle can never replace that. Besides being crack shooters, they are in excellent physical condition, able to do complicated calculations in their heads and have mastered field craft such as land navigation, stalking and range estimation.”

One of the features of the TrackingPoint rifle is the ability to video stream your shot and share the view from the scope to another device connected via Wi-Fi. It’s this connection to Wi-Fi that turned out to be the weak point. The gun’s network has a default password that cannot be changed.

Steve Ashe

Desert Storm veteran Steve Ashe with sniper rifle that can’t be hacked.

Sandvik and Auger told Wired magazine that they developed a set of techniques that could allow an attacker to compromise the rifle via its Wi-Fi connection and exploit its software. They demonstrated that making a change in one of the variables listed above could cause the rifle to miss its intended target, disable the scope’s computer making it a useless piece of weight, or prevent the gun from firing. The TrackingPoint rifle has a range of up to a mile.

“A trained sniper is constantly making adjustments for these things. Of course, one thing they are always looking for is to shot further with more knockdown power,” said Ashe.

The good news is that hackers cannot make the gun fire by itself – that still requires a real finger pulling the trigger.

I asked Steve if the possibility of analog hacks existed. “Snipers always have their guns, and they hold onto their ammunition. But they have to sleep.” He said that snipers press their own bullets so they would be sure of the weight, but it’s possible, albeit improbable, that someone could tamper with it. Another hack would be to shave the firing pin, but again, highly improbable.

Speculation about the implications of Sandvik’s and Auger’s hack are pretty obvious. With military and law enforcement applications, having a third party control the trajectory of your bullet or brick your gun could cause a mission to go awry. Graduates of the US Army Sniper School are expected to achieve 90% of their first round hits at 600 meters, so with those kind of statistics, the question becomes why do they even need it?

“The computer assisted sniper rifle, has not yet made its way into the military or law enforcement units, even though they are testing it. But you gotta understand, things move slowly in the military. The Marines haven’t updated their sniper rifles in 14 years. Doesn’t look like something like this will become a threat,” said Ashe.

Thankfully, only about 1,000 of the TrackingPoint firearms have been sold and the company is reportedly not shipping any rifles currently.

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

 

Panda Security

Google, Facebook and Yahoo join forces to fight against scammers who inflate the clicks on their ads

bots

The online advertising industry has witnessed the emergence of “invisible enemies” that pass themselves off as regular online users – the infamous bots. This network of zombie users has become a serious headache for businesses and this is reflected in recent data. According to a recent study, advertisers worldwide look set to lose $6.3 billion dollars per year (roughly €5.7 million) due to these scammers that try to imitate human behavior.

The investigation also signaled that 23% of all advertising video views and 11% of clicks on advertisements were carried out by botnets. This detail is harmful to the advertisers, as it implies that they are paying in order to artificially inflate page clicks and video views, which results in their campaigns losing credibility.

This worrying situation has forced leading technology companies to come together in the fight against the bots. Google, Facebook and Yahoo have recently joined forces with specialized digital marketing agencies such as Quantcast, Rubicon project and MediaMath. The Trustworthy Accountability Group, a group created by the American Advertising Association and the Interactive Advertising Bureau, has been the main diver behind this initiative to put an end to the fraudsters.

The agreement that they reached can be summed up as follows: there’s strength in numbers. Each of the businesses has its own internal blacklists – databases which contain information relating to suspicious IP addresses. Now, they will combine all of them to create one massive database which will allow them to block the bots.

“The industry is united in this fight and we are going to win the war against fraud”, stated Mike Zaneis, the executive director of the Trustworthy Accountability Group.

The DoubleClick blacklist, a platform for creating and managing the online advertising for Google, filtered 8.9% of web traffic in May. This database will be the most important for this information sharing program that will identify the bots that are designed to evade detection by the IAB/ABC International Spiders & Bots List.

bot

“By pooling our collective efforts and working with industry bodies, we can create strong defenses against those looking to take advantage of our ecosystem. We look forward to working with the TAG Anti-fraud working group to turn this pilot program into an industry-wide tool”, explained Vegard Johnsen, Product Manager Google Ad Traffic Quality, on the company’s online security blog.

A study carried out by Distil Networks estimated that, during 2014, malicious bots appeared in 22.78% of web traffic. This compared to 36.32% of “good” bots while humans only accounted for 40.90%. The harmless bots were able to be identified and this prevented them from carrying out any malicious activities.

Mountain View has detected fraudulent web traffic generated by platforms such as UrlSpirit, which uses Internet Explorer to visit a list of websites that generate up to 500,000 fraudulent requests per month, and HitLeap, a web-sharing service with 1,000 fraudulent advertising requests in the same period.

“By contributing our data-center blacklist to TAG, we hope to help others in the industry protect themselves,” claims Vegard Johnsen of Google. TAG will soon launch a pilot program which will collect a series of general principles, although the actual tool for detecting the online fraudsters isn’t available until the end of the year.

The post Google, Facebook and Yahoo join forces to fight against scammers who inflate the clicks on their ads appeared first on MediaCenter Panda Security.