Tag Archives: featured1

Panda Security

The Dangers of Using an Old Android are Real for Everyone (Even the President)

Leave a comment

The presidency of Donald Trump kicked off with some controversy in the area of ​​cybersecurity. The NSA modified the BlackBerry of his predecessor, Barack Obama (who ended up having to part with it for security reasons), the new leader of the United States seems to be less concerned about the vulnerabilities of mobile devices and continues to use an old Android.

According to various reports, the real estate tycoon has a Samsung Galaxy S3 from 2012. The lack of caution on the part of the newly-inaugurated head of state holds a valuable lesson for any top manager of a company. Although Trump’s smartphone may not be the gateway to all the secrets of an entire nation, using a phone without proper security can be fatal to your company.

The main problem derived from the use of an old Android is the lack of updates. Although Google usually reacts quickly whenever a vulnerability is found in its operating system, security patches only come quickly to a few devices, including the company’s own Nexus.

Meanwhile, other smartphones, and especially older models, have to wait months until the patch arrives (if at all).

For this reason, to use an outdated phone in the corporate environment is to be exposed to all types of cyber threats. Everything from a phishing campaign to the installation of malware that takes advantage of an uncorrected vulnerability of the device.

That’s why it is essential to have the right protection and also to make sure that both the phone and its applications have the latest versions of the software installed.

That a cybercriminal can access the outdated telephone of someone in charge, be it the owner of a company or the leader of a country, can have more serious consequences than simply having access to the device itself. Through an unprotected smartphone, attackers could sneak into the networks to which the mobile is connected and steal valuable corporate information.

There are also known vulnerabilities that track what the phone’s owner is typing, take control of the camera, or listen through the device’s microphone. In short, it is too great a risk for the privacy of company data.

Private email should stay at home

Another lesson we can glean from recent US policy is that under no circumstances should a personal email account be used for professional matters. Hillary Clinton already made that mistake, and now Trump’s high-ranking officials seem to be following in her footsteps.

Using personal mail to send corporate information is risky indeed. Unlike corporate mail servers, whose protection is in in the hands of the company’s security department, the services that are usually used to send emails in the domestic sphere are beyond the control of the company.

This does not mean that they are unsafe, but ensuring the absolute privacy of corporate communications is impossible if those responsible for cybersecurity cannot control which accounts are used and how they are configured.

The post The Dangers of Using an Old Android are Real for Everyone (Even the President) appeared first on Panda Security Mediacenter.

Panda Security

Smart Cities and Open Data

Leave a comment

With the constant advancement of technology, we are already witnessing the phenomenon of smarter cities.

According to Anthony Mullen, research director at Gartner, the next couple of years will be crucial for smart cities and open data as people will continue to “increasingly use personal technology and social networks to organize their lives, and governments and businesses are growing their investments in technology infrastructure and governance.” Even though the term ‘smart city’ means different things to different people, generally cities are considered ‘smart’ when its citizens are benefiting from open data sources converted into solutions that ease people’s lives. The solutions are developed by government and private companies.

How do smart cities work?

There are all sorts of reporting devices placed around every town, as well as IoT devices, which communicate with each other. The information is then converted into a solution such as the ones that ease traffic or control traffic lights. To some extent, smart cities also rely on people who voluntarily share their data. To experience the benefits of a smart city, you may need to have a subscription or rely on data democracy, i.e. sharing your data with third party grants you access to the solutions they are offering.

Smart city examples

Have you noticed all the people texting or looking at their phones on your last trip to Europe? Yes, people are surely checking their Facebook feeds but what they also do is informing themselves when the next bus or train is going to arrive. Buses and trains are now connected to make public transport more predictable and decrease traffic congestion. London’s TFL, in particular, encourages app developers to integrate the open data that TFL is sharing to help the city circulate better.

The situation is similar in New York – imagine how helpful it would be if we knew when and where there would be parking slots available. Smart city perks are saving time and money to millions of folks every day, and the trend will continue to grow. Research firm Gartner claims that by 2019, fifty percent of citizens in million-people cities will benefit from smart city programs by knowingly sharing their personal data.

How to stay safe in a smart city?

Regular cities are going ‘smart’ because governments are making an effort to make your life easier. It surely helps knowing when your bus is going to arrive, and how to get from point A to point B avoiding traffic saving yourself some time and money. However, all these connected devices and the mass sharing of both usable and unusable data could be dangerous. Hackers are getting creative, and the safety of millions of connected devices has been compromised already.

Panda Antivirus software protects you from sharing more than you have to. In a recent report by a tech giant Hitachi, a staggering 95% of respondents rated the role of technology in ensuring public safety as ‘important’ or ‘very important.’ A smart city wouldn’t be smart if it is not safe.
Panda Security offers various solutions that will help you stay protected and remain smart even when you are not in a smart city. The more protected you are, the better.

The post Smart Cities and Open Data appeared first on Panda Security Mediacenter.

Panda Security

If You Use Autofill, You Might As Well Give Away Your Info For Free

Leave a comment

 

The autofill feature that many browsers offer is a useful time-saving tool that saves you from having to manually fill out forms with the same information every time. Programs include all the necessary information without the user having to go from one field to another to write information that is often repeated in most forms. However, what at first seems to have nothing but upsides for workers and individuals, does in fact carry with it some security risks.

Autofill can be used by cybercriminals to perpetrate phishing attacks in order to collect user data through hidden fields. When the Internet user allows the browser to fill in the form information, it would also fill in a number of spaces that the screen does not display. In this way, when the individual sends the document, she would also be sending her personal information to cybercriminals without realizing it.

Finnish developer Viljami Kuosmanen has revealed how such attacks work with a practical demonstration. He created a form in which only the fields “name” and “email” can be seen, along with a “send” button. However, the source code of the web page harbors some hidden secrets from the user: there are six other fields (phone, organization, address, postal code, city and country), which the browser also automatically populates if the user has activated the autofill function.

The method is a simple strategy to get all sorts of personal information that, according to Kuosmanen tests, can be used in both Chrome and Safari. Other browsers like Opera also offer the autofill feature and Mozilla Firefox is currently working to implement it.

Fortunately for users, it is possible to disable this option in the program settings without too much difficulty. Browsers have it activated by default without asking permission first, so the only way to turn it off is by taking a moment to change the setting manually.

This is a serious threat to the security of personal and corporate information and is difficult to detect because, unlike other types of attacks, the user does not see any links or other types of samples that might lead her to suspect anything is amiss.

It is therefore advisable to disable the option in your browser, even though this means that you’ll be spending a little more time filling out those pesky forms.

The post If You Use Autofill, You Might As Well Give Away Your Info For Free appeared first on Panda Security Mediacenter.

Panda Security

Compilation of PandaLabs Reports

Leave a comment

The following is a compilation of all past PandaLabs reports. It is a complete record of the cybersecurity lab’s highlights.

2016

Q1 Report Q2 Report Q3 Report Annual Report

2015

Q1 Report Q2 Report Q3 Report Annual Report

2014

Q1 Report Q2 Report Q3 Report Annual Report

2013

Q1 Report Q2 Report Q3 Report Annual Report

2012

Q1 Report Q2 Report Q3 Report Annual Report

2011

Q1 Report Q2 Report Q3 Report Annual Report

2010

Q1 Report Q2 Report Q3 Report Annual Report

 

The post Compilation of PandaLabs Reports appeared first on Panda Security Mediacenter.

Panda Security

The technical support scam and how to avoid it

Leave a comment

When talking about cybersecurity, we instantly think of viruses and malware. But advances in personal computer security have made it much harder for hackers to infect your PC through traditional channels like email.

As a result, they have developed new attack methods to get around your defences using a range of techniques, on and off-line. One of the most used and also successful is the “Technical Support Scam” that combines social engineering and technology to empty a victim’s bank account.

What is the Technical Support Scam?

Social engineering relies on building trust with a victim, before tricking them into doing something that gets around their security defences. In the case of the Support Scam, criminals telephone their victims pretending to be from a reputable business, like Microsoft or your security or telephone provider – a company name you recognize.

Posing as an engineer, the hacker informs their target that they have already fallen victim to criminals, and they must take urgent action to plug the security gap. The victim is asked to visit a webpage from their computer, and to download a remote control tool that will allow the engineer to access their system to perform “repair work”.

Once in control of the computer, the “engineer” may call up the computer’s event log and show a number of scary looking (but completely harmless) alerts. They will then suggest downloading further tools that allow them to fix these errors.

Unfortunately these tools are actually malware that will steal valuable information from the victim’s computer – particularly online banking details and passwords. The victim may feel that the engineer has done them a favor, but the reality is that they have invited the hacker to steal from them.

Avoiding the Technical Support Scam

There are several ways you can protect yourself from becoming a victim of this scam. These four tips will help keep you safe:

1. Use your common sense

Microsoft or Panda (for example) never ring customers to inform them of security problems. These companies may provide assistance by telephone, but they never call you first. In fact, unless you pay for a third party technical support service, no one should call you about problems with your computer or router.

No matter how urgent the issue sounds, anyone claiming to be calling about PC security problems is lying.

2.Protect your personal and sensitive information

Never give your account numbers or passwords to anyone over the phone or the Internet unless you are 100% sure who they are. If you are in any doubt at all, hang up. Keep in mind that fraudulent activities are profitable for the bad guys.
A good rule to follow for any incoming call: never hand over your credit card or bank details. Just don’t do it!

3. If you have a doubt: tell everyone about it

The Telephone Support Scam preys on people’s insecurity about their lack of tech knowledge. It is very easy to be a victim, and the best defence is sharing knowledge – telling other people about this scam, and what the criminals are doing. It is much easier to put the phone down if you know that the call is a scam.

You should also consider reporting the scam to the company being investigated. If you do, make sure you find the right details though.

4. Protect your PC in advance

Do not forget to use antivirus protection for all your devices. If your device is protected by an anti-malware toolkit, it will not be generating security errors online or anywhere else. So you know that someone claiming you have a problem is also lying.

If your computer does not have an up-to-date security toolkit installed, you must act now – download a free trial of Panda Security to get started.

Most social engineering attacks can be avoided by taking a second to think through the implications of what you are being told. You must not allow yourself to be bullied into making what could be a very costly mistake.

For more useful tips and advice about staying safe online, please check out the Panda Security knowledge base.

The post The technical support scam and how to avoid it appeared first on Panda Security Mediacenter.

Panda Security

RDPPatcher, the Attack that Sells Access to your Computer at a Low Price

Leave a comment

In recent months, there’s been a significant uptick in PandaLabs reports of malware that is installed using a Remote Desktop Protocol (RDP). Every day, we witness thousands of infection attempts using ransomware, hijacking systems for bitcoin mining, etc., which all have one thing in common: access via RDP after gaining entry with credentials obtained using the brute force method.

There are plenty of useful purposes for an RDP, but unfortunately in the wrong hands it can become a weapon for cybercriminals. We’ve already spoken of a shared history between RDP and ransomware, especially in the corporate environment.

The new attack discovered uses the same technique of entry, but its goal is completely different from those analyzed previously. This time, after infiltrating the system, it focuses on finding Point of Sale Terminals (POS’s) and ATMs. The reason for this is that they are simple terminals to attack anonymously from the Internet, and the economic profit of selling stolen information is high.

RDPPatcher: Selling system access on the black market

In the present case, the brute force attack lasted a little over two months until, in January 2017, they hit upon the correct credentials and gained access to the system. Once the system was compromised, the cybercriminals attempted to infect it with malware. They found their attempts blocked by Adaptive Defense, at which point they modified the malware and tried again, without success. Since Panda’s advanced cybersecurity solution is not based on signatures and does not rely on previous knowledge of malware in order to block it, modifying the malware didn’t change the result.

It’s clear from the malware analysis what the purpose of the attack is. The hashes of the two file are the following:

MD5  d78be752e991ccbec16f11e4fc6b2115

SHA1  4cc9d2c98f22aefab50ee217c1a0d872e93ce541

MD5  950e8614db5c567f66d0900ad09e45ac

SHA1  9355a60dd51cfd02a921444e92e012e25d0a6be

Both were programmed on Delphi and packaged with Aspack. After unpacking them, we found that they were very similar to each other. We analyzed the most recent of them: (950e8614db5c567f66d0900ad09e45ac).

This Trojan, detected as Trj/RDPPatcher.A modifies the Windows records in order to change the type of RDP validation. These are the entries that the system modifies:

HKLMSYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp /v UserAuthentication /t REG_DWORD /d 1
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp” /v UserAuthentication /t REG_DWORD /d 1

And deletes the following entries if they are present in the system:

“HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem” /v legalnoticecaption /f
“HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem” /v legalnoticetext /f

Subsequently, it leaves another file (MD5: 78D4E9BA8F641970162260273722C887) in the %TEMP% directory. This file is a version of the application rdpwrap and is run via the runas command with the parameters “-i –s” in order to activate concurrent RDP sessions on the system.

It then proceeds to profile the machine and obtain its information:

  • Username
  • Device name
  • Amount of time the device has been turned on
  • Operating system version
  • Language
  • Virtual maching
  • Memory
  • Processor name
  • Number of processor cores
  • Processor speed
  • Antivirus

It then connects to the control server (C&C server) to access a list of services that measure the speed of connection to the Internet, and later saves the data related to upload and download speed. Next it checks which antivirus is installed on the computer. Contrary to what we are accustomed to seeing in most malware attacks, it does not do this to remove the installed antivirus or to change its behavior. It is simply gathering data.

This is the list that we have extracted from the binary with the processes that it searches:

See Table 1
Once this is done, it begins to search for different types of software to continue profiling the computer. It mainly looks for POS, ATM, and online gambling software. What follows is a small part of the list of software that it searches (in total there are several hundred):

See Table 2

It also combs through browsing history, where another list is contained, categorized by areas of interest:

See Table 3
These chains are searched for in the browser history by the malware itself. They’re used to “label” the computer based on software used and webpages visited.

Once it’s finished with the data gathering from the system, it makes a web petition to the C&C. In order to hide the sending of the information via web traffic from detection systems, it first encrypts it with AES128 using the password “8c@mj}||v*{hGqvYUG”, which is embedded in the sample analyzed. It then codifies it on base64.

Example of the encrypted petition.

The C&C server used for this malware sample is located in Gibraltar:

Conclusion

As we’ve seen, the first thing the attacker seeks to do is to inventory the computer, compiling all types of information (hardware, software, webpages visited, Internet connection speed), and install an application that allows multiple RDP sessions at once. At no point does credentials theft, or any other data theft, occur.

The explanation for this is very simple: the cybercriminals behind these attacks sell access to these computers for a very small fee. Being in possession of so much data from every system allows them to sell access to other groups of cybercriminals specializing in different fields. For example, groups that specialize in the theft of card data can acquire computers with POS software, and so on. Cybercrime has indeed become a profitable racket.

The post RDPPatcher, the Attack that Sells Access to your Computer at a Low Price appeared first on Panda Security Mediacenter.

Avast

Who you gonna call? CyberThreatBusters!

Leave a comment

In the movie Ghostbusters, the imaginary threats ranged from Psychomagnotheric Slime to the Stay Puft Marshmallow Man and Gozer the Gozerian, armed with slime and a bagful of Hollywood special effects. In the real world, small and medium businesses face a growing range of internal and external cybersecurity (CybSec) threats that are just as scary, while at the same time they are handicapped by a shortage of skills and resources. With most SMBs (55 percent) the victim of a cyberattack within the last 12 months, and 60 percent going out of business within six months, it makes partnering with a CybSec specialist (AKA CyberThreatBusters) a necessity. 

Panda Security

Online gaming safety tips

Leave a comment

Mobile gaming is changing the shape of online gaming but how safe is it?

Mobile gaming is huge! According to a report recently released by market research firm SuperData, the global mobile gaming sales revenue in 2016 was over $40 billion. The mobile gaming market is now bigger than the global tea market and the global naval market. According to SuperData, the trend will only increase as mobile gaming is getting the support of the emerging multi-billion VR industry.

In 2016 more than 97% of VR headsets sold were for mobile devices. Having in mind the price Oculus, Sony and HTC are offering for their flag products; it is not a surprise that budget solutions such as Google cardboard and Samsung Gear VR ended up accounting for almost all VR headsets sold last year.

While maritime safety and tea are losing the battle against Candy Crush Saga and Pokemon GO, the security of the people enjoying the perks of their ultra-powerful mobile handsets might be compromised.

Here’s a top 5 list for mobile gaming dangers

Virtual and Augmented Reality

It may sound tempting to be able to teleport yourself onto a roller coaster while sitting on the couch at home, but games which break the perception of the presence could be dangerous. Similar to motion sickness, some VR players tend to experience virtual reality sickness. Stop gaming immediately should you start feeling disoriented or you have symptoms such as a headache or nausea. There are reported cases of people who lost their lives while hunting Pokémons so augmented reality could be dangerous too. Keep your eyes open for the surrounding area!

Hidden Fees

You’ve finally found the most amazing mobile game in the world – it has amazing graphics, it is real time, and the game is endorsed by your favourite celebrity! What could go wrong? A lot of things, such as the status of your bank account. Mobile games sometimes have in-app purchases, make sure you check before getting an additional weapon or skipping an advert that is currently playing it may end up costing you real money. Unfortunately, they do not accept doubloons in the real world, so the more prepared you are, the better.

It is a well-known fact that 90% of the children, aged 12 years or less, are mobile gamers (using their cell phone or a borrow from a family member) and these phones need to be protected to avoid the potentials risks of uncontrolled purchases.

Approved Apps

Make sure to always download applications from the Play Store or the App Store. Sometimes apps connect to your social media profiles, and they can see personal information such as your full name, date of birth, location and even your home address.

If the app you have on your phone is not approved, you may end up not only sharing all this valuable information with the wrong people, but you may install a virus on your phone that can lurk around your mobile handset and steal your passwords. Stay alerted and stick to the approved apps on the Play Store and the App Store, and even then, use services that allow you to scan the applications that you are installing on your phone.

To use this feature, you must set an unlock PIN and select the apps you want to lock. Should you forget your PIN, you’ll be able to reset it through your Panda Security account.

Maturity filters

Children already spend more time on the Internet than watching TV. Their favourite content is on emerging video platforms such as YouTube. A huge percentage of children nowadays have smartphones, and even though regulations tend to be strict, you don’t want your kid to be able to access chat rooms and content that is not monitored by you. Predators thrive on new ways of getting in touch with vulnerable people, and mobile gaming is one of those places.

Some games have chat rooms where people can socialize. Relying on admins may not be a full solution so make sure you know where you and your kids go while taking a breath before launching the next game on your cell phone. Always check out the PEGI ratings of an app before you let your child access it unless you want your 13-year-old son to get better than you on Texas hold ’em poker. Kids need restriction so don’t forget to use a PIN-protect access to the apps you want to control.

Panda’s Mobile Security for Android has a feature that allows you to PIN-protect access to your apps. The feature comes with privacy protection that prevents from unauthorized access to messaging apps and social media sites. The feature also comes with parental control functions that help you restrict the little ones from accessing certain apps, games, etc.

Expect the unexpected

Hackers are cruel and unfortunately technology savvy. They are always finding new ways of approaching you and your loved ones. Innovation is what they do best, and even though antivirus companies tend to be a step ahead of them, not everyone has protection. As mobile phones and mobile gaming are taking an increasingly bigger part of our lives, we firmly advise you to keep your eyes open and always bear in mind that sometimes even the App Store and the Play Store might miss something and let you install an infected app.

Good news is Panda allows you to scan applications before installing or updating an app.

While hackers keep finding new ways to get your money, we are solely focused on preventing them from being successful by constantly adapting to their new habits.

Luckily, Panda Security offers the best mobile security protection for all your devices including cell phones and tablets. Check out our security service solution here and be protected while gaming on your mobile device.

The post Online gaming safety tips appeared first on Panda Security Mediacenter.

Avast

Avast's HTTPS scanner receives A* rating

Leave a comment

Websites using HTTPS can increase privacy, as the connection between the browser and the website’s server is encrypted. This means that the browser and the web server are the only points that see your browsing activity and the data you enter. Today, anyone who owns a URL can obtain a TLS/SSL certificate, needed to encrypt the web traffic, and create a HTTPS website. This, of course, includes cybercriminals. Because of this, back in 2014, Avast introduced a way to scan HTTPS URLs for malicious activity in order to protect our users from being infected via malware transmitted over HTTPS sites.