Tag Archives: featured1

Panda Security

Be careful when restoring your Android! WhatsApp and Facebook logins may survive and end up in the wrong hands

android

You are rarely separate from the device which is with you day and night. Sending it to the technical service because it has been giving you problems for the last few weeks, giving it away because you want to buy the next model or giving it a second life by recycling it or donating it through the numerous web pages are some of the many situations in which you will have to say goodbye to your phone, temporally or forever.

This is when you should think about the amount of private information your smartphone stores, so the best thing to do is to erase every single detail of your life and leave no trace suggesting that this mobile phone used to be yours.

You should not only erase your photos, but preferably you should restore your Android’s original settings, with the original data so that your memories are eliminated from your mobile phone, before you send it to the technical service, to someone else or to a recycling service. You just have to do a backup first and then reset your phone selecting the option for reestablishing the original data which you can access from the settings option.

A simple way for the millions of Android users around the world (in 2014 alone more than one billion devices with this operating system were sold) to make sure their phone is like it was on the first day. Or so we thought until now…

Two researchers from Cambridge University, Laurent Simon and Ross Anderson, have just published a study which shows that our data remains in the phone even if we have restored the original settings. These experts estimate that between 500 and 630 million Android devices in the planet are not able to erase completely the data stored in their internal disks and SD cards, which poses without a doubt a threat to their owners’ privacy.

To conduct the research, they tested 21 devices from five different manufacturers (Samsung, HTC, LG, Motorola and Google) with different versions of the Android operating system, in particular from the 2.3 to the 4.3, and they were able to recover most of the data stored on these supposedly empty devices.

change passwords

Contacts, pictures, videos, texts, emails and even Facebook or WhatsApp logins were some of the data the researchers were able to recover. In fact, the study shows that the data could be easily reestablished even when the owners had activated the full restoration of the disk.

In 80% of the cases the researchers managed to access the users’ private information and Google services like Gmail and Calendar. The study suggests that it could be the responsibility of the manufacturers, who might not have included the software drivers necessary to clean the non-volatile memory of the phone. Of course, it is still not known what Google and the electronic brands involved will do to fix the problem.

So, if you are thinking of separating yourself from your phone soon and don’t want anyone else to recover the information it contains, you have two options: accept this and think that no cybercriminal will be interested in the details of your virtual life (bad idea) or partly destroy the phone and recycle it part by part (not very advisable, either). It will almost be better to wait for it to be fixed.

The post Be careful when restoring your Android! WhatsApp and Facebook logins may survive and end up in the wrong hands appeared first on MediaCenter Panda Security.

Panda Security

Panda Security Launches Adaptive Defense; Industry-First Solution for Endpoint Security Offering Automated Prevention, Detection and Remediation of Advanced Malware

Panda Security today announced the launch of Panda Adaptive Defense, a cloud-based solution that ensures endpoint protection against Advanced Persistent Threats (APTs), the ransomware trojan CryptoLocker, and targeted attacks in enterprise environments. Adaptive Defense offers a disruptive approach compared to traditional blacklist-, whitelist- and sandbox-based approaches. Adaptive Defense also detected the recently publicized “Phantom Menace” that was reported by PandaLabs.

Advanced Persistent Threats are next generation malware that use sophisticated strategies, such as multiple simultaneous attacks over an extended period of time with the primary objectives of industrial espionage or data theft. Traditional antivirus solutions are not capable of detecting these types of attacks, nor of disinfecting the computers that become compromised. Adaptive Defense, however, delivers an industry-first security model based on automated monitoring, investigation and classification of the behavior and nature of every application. This provides robust and complete protection, only allowing legitimate applications (goodware) to run.

Additionally, Adaptive Defense’s remediation services and ability to incorporate into the customer’s existing security infrastructure provides a complete enterprise solution against all types of malware.

“No other security developer provides the full classification or attestation of all processes, making Adaptive Defense a significant innovation in this field, and the ideal solution for companies looking to fill the gap of existing approaches”, said Josu Franco, Vice President of Corporate Development at Panda Security. “Panda has leveraged its storied 25-year history in the security industry to bring this kind of innovation to the security market, and now offers a solution to address the increasingly insidious malware environment companies are facing”.

Full Classification of All Processes

Adaptive Defense automatically and continuously classifies all running processes using a combination of local intelligence, big data in the cloud and Panda Labs Research. This approach enables:

  • Automatic blocking of any processes identified as malware (prevention).
  • Automatic identification of abnormal behavior of a process (detection).
  • Forensic information for investigation when needed (response)..
  • Automatic disinfection of identified malware when possible (remediation)

Security professionals responsible for enterprises around the world can view the status of hundreds, even thousands of endpoints in real-time, as well as manage all settings from a single Web console.

Panda Security will be showcasing Adaptive Defense at the Gartner Security & Risk Management Summit, Booth 1127 for which Panda is a Silver Sponsor, in National Harbor, MD from June 8 – 11, 2015.

The post Panda Security Launches Adaptive Defense; Industry-First Solution for Endpoint Security Offering Automated Prevention, Detection and Remediation of Advanced Malware appeared first on MediaCenter Panda Security.

Panda Security

WhatsApp Trendy Blue, the program which signs you up to a premium rate. Watch out!

One more, there have been so many, we’ve lost track! WhatsApp Trendy Blue is the last hoax to deceive the users of this instant messaging application.

whatsapp trendy blue

WhatsApp Trendy Blue, the new “version” that promises new options to customize the users’ WhatsApp. In fact, it is only subscribing the user to a premium rate service, which it is not exactly cheap.

From Movistar, a Spanish telephone company, they warn that for the program to work, it asks the user to invite at least 10 contacts, who will receive a message recommending them to sign up for this fraudulent website.

So please, don’t fall for these traps, only trust the versions offered by the official stores!

The post WhatsApp Trendy Blue, the program which signs you up to a premium rate. Watch out! appeared first on MediaCenter Panda Security.

Avast

Teenagers charged with cybercrimes

Forget about shoplifting or painting graffiti on the wall at midnight. Opportunistic teens are turning to cybercrime to get their kicks these days.

teenage hacker

Teenage hackers range from pranksters to international kingpins.

A 14-year old boy in Florida was recently arrested and charged with a felony offense for unauthorized access against a computer system. The 8th grader said he was playing a prank on his teacher when he used the teacher’s administrative password to log onto a school computer and changed its desktop background to an image of two men kissing. The password was the teacher’s last name, and the prankster said he figured it out by watching the teacher type it in.

Across the country in California, two high school students were arrested for allegedly hacking into the school’s website and changing grades for about 120 students. It’s another case of “unauthorized access” and the school is working with the Cyber Crimes Bureau of the Los Angeles Sheriff’s Department to investigate.

Those two “cybercrimes” can’t compare to the one out of New Zealand. Police have detained an 18-year old they call the kingpin of an international cybercrime network. Together with other young adults in New Zealand, the US and elsewhere, he is accused of running a botnet comprised of 1.3 million hacked computers and skimming millions of dollars from victims’ bank accounts. The teen likely will be charged with having unauthorized access to computers and possessing computer hacking tools — charges that carry a maximum sentence of 10 years in prison.

Why are teens attracted to cybercrime?

One reason may be that it’s fun. Hackers were asked in a survey why they do it, and more than half said it provided them with a thrill. They also think they won’t get caught. Eighty-six percent of them aren’t worried about getting discovered or ever facing the consequences of their actions.

Others just want to prove their skills. Remember when the Australian teenager hacked Twitter because he was bored? That was back in 2009. When asked by The Independent why he did it, his response was, “To see if it could be done.”

The big rewards and rock-star status can be tempting. Rolling Stone did a story on a South Beach (Miami) 20-something year old hacker who had a glitzy, drug-fueled lifestyle while presiding over an international cybercrime ring that stole over 170 million credit and debit card numbers, estimated at $200 million.

Keep yourself safe online

It doesn’t really matter if it’s a bored teenager down the street or an underground cybercrime ring operating out of bunkers in a far away foreign land, you still need to take basic precautions to keep yourself and your data safe.

1. Make sure you have up-to-date antivirus protection with a firewall.

2. Keep your software and operating system up-to-date.

3. Be cautious of clicking on links in unfamiliar emails. Don’t provide personal information online, such as your password, financial information, or social security number, unless you are absolutely sure of where you are adn who you are dealing with.

4. Use strong passwords, and don’t use the same one for Facebook that you use for your bank. This blog has plenty of tips on how to create unique passwords and remember them too.

5. Learn what to do if something goes wrong. Find out who the appropriate authorities are in your area by contacting your Internet Service Provider or the Internet Crime Complaint Center.

Panda Security

“What is your mother’s name?” Google dismantles one of the most popular security measure

computer

What is your mother’s name? And your favorite color? We don’t want to interrogate you, these are the security questions we have to answer in order to recover our password or as an extra step during the identification process.

If we have forgotten our password, after failing all attempts to entering it correctly, the platform asks us one of the questions we chose during the registration process. We know how difficult it is to choose a secure password, different from the last, change it from time to time and, actually, remember it, how can such a simple question protect our account?

A team of researchers from Google have set out to determine whether or not this security strategy really fulfills its mission. To do so, they have analyzed hundreds of millions of questions and secret answers. They have summarized their findings in an article in the twenty-second World Wide Web international conference’s publication.

In short, the authors found that secret questions are not reliable enough, so they don’t serve as the only mechanism to recover the account’s passwords. Although some of the answers are safe and easy to remember, these two characteristics don’t generally coincide. When the answer is so complex that it serves as real protection, memory fails.

confused person

On the other hand, the easiest options are usually related to some aspect of our daily life or even of public domain. The main mistake is found here, they can be deduced with the appropriate analysis tools and a little patience.

This way an attacker could figure them out considering a limited set of possibilities. Let’s say, for example, the most common surnames in a country, the most popular dishes, or simply the most common colors (to determine your favorite).

Google’s research provides some significant figures regarding that matter. A ciberattacker would have a 19.7% chance to find out the answer to an English-speaking user to the question “What is your favorite food?” The most common answer is “pizza”. In case of the Spaniards, with 10 attempts there is a 21% chance of guessing right his father’s second name.

We also have news for those who fake their answers to prevent anyone from guessing it. In the study, 37% of people intentionally answer incorrectly questions like “What is your phone number?” Nevertheless, this strategy could backfire, because most end up choosing the same false answers, making it easier for the criminals.

So what is the solution? Choosing a more complicated question? The authors of this study don’t advise it, because the numbers show that we forget them quite easily. Most of those who chose one of the theoretically safer questions didn’t remember their answer.

In particular, only 55% recalled their first phone number, 22% remembered their library card code and an even fewer (9%) their frequent flier number.

Incorporating two or more questions is not a good idea, because, according to the experts at Google, this would complicate the recovery of the account. If users cannot remember one, hardly they would even more.

The only solution is to use other authentication methods, such as access codes sent via text message to your cell phone (two-step verification) or an alternative email address. The authors of this research describe these two methods as “safer” and ensure that they offer a better user experience.

The post “What is your mother’s name?” Google dismantles one of the most popular security measure appeared first on MediaCenter Panda Security.

Panda Security

How to protect your SIM card when it is the key to your WhatsApp

whatsapp app

Finally you have your new smartphone in your hands. Whether it is a Nexus, an iPhone or a BQ we are sure that one of the first things you do is download WhatsApp. You are so focused on setting up the app that you haven’t stopped to think about the implications of your WhatsApp identification being carried out by your SIM card.

In social networks you create a new profile with a user number and a password, but in the instant messaging service par excellence (it already exceeds 700 million users) you identify yourself exclusively with your cell phone number. Once you have connected your number to WhatsApp, the app is associated with the terminal, whether or not the SIM card is inside.

Our phone number is also a way of identifying us in other services we use daily, such as email. Gmail allows you to add a phone number to your account in order to protect it and to ensure that if someone intercepts it or you forget your password you can get it back. Google’s support web page explains that associating your phone number is safer than an alternative email or a security question, because your phone number is something you have physically thanks to your SIM card.

Your phone’s security starts on that card. That’s why security experts recommend taking preventive measures to avoid anyone from spying on your WhatsApp conversations if your SIM card gets duplicated or someone takes it temporarily.

pin cards

How to protect your SIM card when it is the key to your WhatsApp

  • Keep your PIN and PUK code in a safe place: some people have the bad habit of writing them on a piece of paper and putting that paper in their wallets. If you leave your personal belongings unattended for a few minutes, someone might put your SIM in his phone, enter the PIN to which he has had access before and then spy on your conversations indefinitely. If this person is careful to leave everything exactly as it was you will never realize what has happened.
  • Another possibility is that someone clones your SIM and impersonates you. Although in current SIM cards the process is quite difficult, if you are one of those who has cut his card to adapt it to the new terminals there are ways to carry out attacks and clone the information that your card contains.
  • The third method (and most likely) is that a cyber-attacker will keep the information in your card, it is called the ‘SIM Swapping Attack’. The SIM Swap is the process through which a user can transfer a phone number to another company. A cybercriminal can perform a phishing attack or identity theft which will allow him to know the transfer information, keeping all the SIM’s information. This type of attack has been long used for accessing bank accounts: the offender manages to replace your phone number and starts getting all notifications and calls from your bank, including those in which the bank sends you confidential information about your account, for example, to verify a transaction.
  • If you lose your phone or it gets stolen and you have a WhatsApp account associated, we recommend you to associate your number to another telephone as soon as possible so that if the stolen terminal asks for a verification test the offender cannot complete it. To prevent anyone from reading your conversations if the phone falls into their hands, you can deactivate your account here. You will only have to send an email to the support team that will deactivate the account for a period of 30 days, after which you can decide whether to reactivate it or eliminate it altogether. Of course, it may take several days for WhatsApp to process your request and disable your user account, a time during which your account will be unprotected.

So, now you know that your SIM card can be a potential source of interest for real and virtual criminals, that’s why is not enough to keep making sure your phone is in your pocket: you also have to start making sure that the card inside is as secure as possible.

The post How to protect your SIM card when it is the key to your WhatsApp appeared first on MediaCenter Panda Security.

Avast

TGIF: Wrap-up May 6 – June 5

We have had a busy month with multiple announcements important to Avast customers and company-watchers. Here’s the quick rundown in case you missed it.

Avast SecureMe protects Apple watch

Avast SecureMe will launch in the next month or so to protect the new Apple Watch, as well as iPhones and iPads, when connected to unsecured Wi-Fi. That’s sure to make Apple gadget freaks happy. Read Avast SecureMe Protects Apple Watch Wi-Fi Users.

Image via TechRadar

Image via TechRadar

Windows 10 is scheduled to launch in July, and Avast is ready. Avast version V2015 R2 and newer are already compatible with Windows 10. Read Latest versions of Avast compatible with Windows 10.

New version of Avast has superior detection than older versions Avast customers who are using older versions of our Avast antivirus products cannot upgrade to Windows 10, but more importantly they will no longer receive product upgrades or enhancements. We recommend that everyone upgrade to the latest version to benefit from better detection rates and new features. Read Support for older Avast versions will end.

ASUS partners with Avast The new Android powered tablets by ASUS come preloaded with Avast Mobile Security, so you are protected right out of the box. Read New ASUS ZenPad to come with Avast Mobile Security.

Avast announces the opening of our new Charlotte, N.C. office.Want a career with Avast? A new Avast Software office has opened in Charlotte, North Carolina to bring the new free Avast for Business to the U.S. market and beyond. Read The Tar Heel State welcomes Avast Software.

Check out the Avast blog for other news and how-to articles that provide useful information about security, privacy, and Avast products. Have a great weekend! :-)

Panda Security

Security in SaaS World

If you are a business owner, probably one of the things you wonder is how to monitor all your devices?

Well, with Systems Management you can manage and maintain them easily and affordably, whether they are in the office or on remote.

Systems management allows you to optimize your IT infrastructure’s performance by automating its management and its centralized control.

Plus, you will be able to resolve your users’ incidents accessing their computers and devices remotely and in a non-intrusive way, wherever they are.

Try our IT management software and technical support!

saas security

If you want to share this infographic, here you have the code!

The post Security in SaaS World appeared first on MediaCenter Panda Security.

Avast

Avast SecureMe Protects Apple Watch Wi-Fi Users

For all of the Apple Watch fans, I’m excited to announce that Avast SecureMe will be available for the device soon. We will launch Avast SecureMe for iOS this summer and will then also expand its functionality for Apple Watch. We designed the app specifically for unsecured Wi-Fi networks, which are a low-hanging fruit for hackers looking to spy on people’s browsing activities and to re-route users to fake sites that collect logins, PINs and other personal information. A ubiquitous presence in cafes, hotels and airports, an alarming number of public Wi-Fi routers are poorly configured. In a study conducted in New York, Chicago and San Francisco, our researchers found out that more than half of routers aren’t set up in a secure way.

Avast SecureMe protects Apple Watch

To protect users from losing valuable personal information, Avast SecureMe performs the following operations:

  • Quick glance to see if router security is enabled
  • Notifications if the router is unsecured
  • Establish a secure connection in unprotected Wi-Fis

If the iPhone or iPad the Apple Watch is connected to enters a suspect network, Avast SecureMe notifies the user and engages its VPN to secure user connections for online tasks like email, banking, and engaging on social networks. In fact, Avast SecureMe automatically connects to the secure VPN when it detects a user connecting to public Wi-Fi, making all transferred data invisible to prying eyes. Users can disable the protection for Wi-Fi connections they trust, like their home network.

Avast SecureMe will be available for iPhones and iPads, and is extendable for use on Apple Watches.

Avast

Sixty serious security flaws found in home routers

Scan your router with Avast's Home Network Security scanner.

Scan your router with Avast’s Home Network Security scanner.

Your router is one of the weakest links in your security, and researchers have proven once more that your home router puts you at risk.

Sixty security flaws have been identified in 22 router models that are distributed around the world, mostly by ISPs to their customers. These flaws could allow hackers to break into the device, change the password, and install and execute malicious scripts that change DNS servers to those the attacker wants. They do this so they can send your traffic through servers they control and direct you unwittingly to malicious sites or load malicious code on your machine when you visit a legitimate site.

Other flaws include allowing the hackers to read and write information on USB storage devices attached to the affected routers and reboot the devices.

The research report describes how the attackers can get in – through a backdoor with a universal password that is used by the ISP’s technical support staff to help troubleshoot for their customers over the phone. This second default administrator access is hidden from the router owner.

Which routers did the researchers test?

The researchers tested the following models: Amper Xavi 7968, 7968+ and ASL-26555; Astoria ARV7510; Belkin F5D7632-4; cLinksys WRT54GL; Comtrend WAP-5813n, CT-5365, AR-5387un and 536+; D-Link DSL-2750B and DIR-600; Huawei HG553 and HG556a; ; Netgear CG3100D; Observa Telecom AW4062, RTA01N, Home Station BHS-RTA and VH4032N; Sagem LiveBox Pro 2 SP and Fast 1201 and Zyxel P 660HW-B1A.

Since the researchers are based in Madrid, their interest was mainly in Spanish ISPs and the routers they distribute, but routers like Linksys, D-Link and Belkin are distributed in the U.S. and other countries.

What can you do to protect yourself?

Avast has a feature built into our antivirus products called Home Network Security (HNS), which scans for misconfigured Wi-Fi networks, exposes weak or default Wi-Fi passwords, vulnerable routers, compromised Internet connections, and enabled, but not protected, IPv6. It also lists all devices on the network so you can make sure only your known devices are connected. Avast is the only security company to offer a tool to help you secure this neglected area.

How to scan your home router with Home Network Security scanner

Open the Avast user interface, click Scan from the menu on the left, then choose Scan for network threats. Avast will take a look at your router and report back any issues. In most cases, if there is an issue to be addressed, then it will direct you to your router manufacturer’s website.