Tag Archives: hackers

Sixty serious security flaws found in home routers

Scan your router with Avast's Home Network Security scanner.

Scan your router with Avast’s Home Network Security scanner.

Your router is one of the weakest links in your security, and researchers have proven once more that your home router puts you at risk.

Sixty security flaws have been identified in 22 router models that are distributed around the world, mostly by ISPs to their customers. These flaws could allow hackers to break into the device, change the password, and install and execute malicious scripts that change DNS servers to those the attacker wants. They do this so they can send your traffic through servers they control and direct you unwittingly to malicious sites or load malicious code on your machine when you visit a legitimate site.

Other flaws include allowing the hackers to read and write information on USB storage devices attached to the affected routers and reboot the devices.

The research report describes how the attackers can get in – through a backdoor with a universal password that is used by the ISP’s technical support staff to help troubleshoot for their customers over the phone. This second default administrator access is hidden from the router owner.

Which routers did the researchers test?

The researchers tested the following models: Amper Xavi 7968, 7968+ and ASL-26555; Astoria ARV7510; Belkin F5D7632-4; cLinksys WRT54GL; Comtrend WAP-5813n, CT-5365, AR-5387un and 536+; D-Link DSL-2750B and DIR-600; Huawei HG553 and HG556a; ; Netgear CG3100D; Observa Telecom AW4062, RTA01N, Home Station BHS-RTA and VH4032N; Sagem LiveBox Pro 2 SP and Fast 1201 and Zyxel P 660HW-B1A.

Since the researchers are based in Madrid, their interest was mainly in Spanish ISPs and the routers they distribute, but routers like Linksys, D-Link and Belkin are distributed in the U.S. and other countries.

What can you do to protect yourself?

Avast has a feature built into our antivirus products called Home Network Security (HNS), which scans for misconfigured Wi-Fi networks, exposes weak or default Wi-Fi passwords, vulnerable routers, compromised Internet connections, and enabled, but not protected, IPv6. It also lists all devices on the network so you can make sure only your known devices are connected. Avast is the only security company to offer a tool to help you secure this neglected area.

How to scan your home router with Home Network Security scanner

Open the Avast user interface, click Scan from the menu on the left, then choose Scan for network threats. Avast will take a look at your router and report back any issues. In most cases, if there is an issue to be addressed, then it will direct you to your router manufacturer’s website.

Do antivirus companies create viruses to sell more software?

Question of the week: Why does Avast and other antivirus companies try to scare us with all this news about viruses and bad apps? It makes me think you are connected to the threats.

Avast protects against hackers

Antivirus companies do not create the viruses- there are enough hackers doing it already!

Avast and other reputable antivirus companies are not connected to the creation of threats – there are plenty of them without our developers making something up! But thanks for your question. We would like to help you and our other customers understand the nature of cybersecurity in today’s world and assure you that we have the tools to protect your online environment.

Enough to keep us busy

The Avast Virus Lab receives over 300,000 samples of new potential viruses every day and has documented increases in mobile malware infections, vulnerabilities in widely used software and devices, and a surge in spying via free Wi-Fi hotspots. We don’t mean to scare you, but with the knowledge that more than 60 percent of companies have been the victim of an attempted cyber attack, and that Avast prevented more than 2 billion virus attacks last month, we have lots to talk about.

An example of a new type of attack was the recent discovery of a mobile app called Dubsmatch 2 which had “porn-clicker” malware hidden within it. The app was installed 100,000-500,000 times from the Google Play Store, usually a trusted source, before we notified Google and the app was removed.

“We suspect the app developer used the porn clicker method for financial gain,” wrote virus analyst Jan Piskacek. “The app developer probably received pay-per-click earnings from advertisers who thought he was displaying their ads on websites for people to actually see.

When financial gain is the motivator, cybercrooks get creative. But financial gain is not the only motivator. Hackers at Black Hat USA 2014 told surveyors that they were driven by the fun and thrill of it. (51% said so.) State-sponsored attacks are also increasingly being revealed. China, Russia, Iran, and North Korea are emerging as major players in hacking for political, nationalistic, and competitive gain.

Many people, even if they are aware of the threats, have not taken any action to protect themselves or their assets.

People overall are more aware of online security and privacy concerns after the revelations of the NSA’s surveillance activities, but despite that, most American adults have not made significant changes to their digital behavior, and 54% say that it would be “somewhat” or “very” difficult to find the tools and strategies that would enhance their privacy online and when using cellphones, according to a Pew Research Center report.

I have nothing to hide and I do not have the time or expertise are the most common reasons given for not taking action.

Avast is not your father’s antivirus

Since the nature of attacks has changed, we offer an “ecosystem” of protection services beyond our antivirus protection. The need for a more complete kind of protection was quite evident after the New York Times was hacked for 4 months by Chinese hackers. Jindrich Kubec, Avast’s threat intelligence director, acknowledges that there’s a distinction between the kinds of threats encountered by everyday Web surfers and the carefully targeted attack the Times faced, but he adds this wisdom,

“Seatbelts and airbags are wonderful protection and improve the safety of millions, but they will not stop a bullet fired — say by a hired killer. Does it mean you will stop using airbags and seatbelts?”

Check out the varied products that Avast offers to create your own security ecosystem. Avast Mobile Security, SecureLine VPN, Browser Cleanup, and GrimeFighter are not just new ways to make money, (some of the products are free!), they are intended to keep you and your assets as safe as possible.

Do Millennials Suck When It Comes To Security?

Millennials (or Generation Y) are those who were born from the early 1980s to the early 2000s. A study now looked at the impact which generational attitudes have toward security issues and compared Millennials Generation X/Gen X (those born between 1965 and 1980) and the “baby boomers” (born between 1946 and 1964).

You would normally think that the Millennials know what they are doing when it comes to technology, considering that most of them grew up with it. But while it is a big plus when it comes to handling devices and navigating around the net, the sense of well-being also seems to be their Achilles heel and leads them to being more careless with privacy concerns and a few other security aspects. The study backs this up with some key findings:

  • “Millennials have the worst password reuse habits of all demographics: 85 percent admit to re-using credentials across sites and services.
  • Risky behavior can be found across demographics: 16 percent of millennials and 14 percent of Gen-Xers accept social media invites from strangers “most of the time.”
  • Millennials are most likely to find security workarounds: A combined 56 percent admit they would “very” or “moderately likely” evade restrictive workplace controls. “

On the other hand, the paper also shows that the other included generations show risky behavior as well (though not in the same areas: Baby Boomers for example may pose a rather big BYOD risk; 48% use personal devices to access work related content).

Nonetheless it would seem that Millennials are easy prey for hackers: Reusing passwords and being too trusting on social media (which may or may not lead you to fall victim to social engineering) can lead to unwelcome results.

The post Do Millennials Suck When It Comes To Security? appeared first on Avira Blog.

Wise up and get smarter with your data

Most of us can agree that we don’t want our personal data falling into other people’s hands. This may seem like an obvious concept, but with the amount of data we regularly share online, it’s not such an uncommon occurrence that our information is wrongfully passed onto others. In this clever video published by Facebook Security, we learn how to nip scams in the bud and prevent others from tricking us into sharing personal information.

// <![CDATA[
(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = “//connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.3”; fjs.parentNode.insertBefore(js, fjs);}(document, ‘script’, ‘facebook-jssdk’));
// ]]>

Ever had someone approach you online saying they are a foreign prince and asking for your personal information? Watch…

Posted by Facebook Security on Monday, May 18, 2015

In order to keep your personal data secure, make sure to practice the following:

  • Shred all personal documents before throwing them away. This is especially important when dealing with bank statements and bills.
  • Be mindful of what you post on social media and other online forums.
  • Choose your passwords carefully. Keep them diverse and don’t use the same password for each of your accounts.
  • Use security software on all of your devices and make sure that it’s up to date.

How to spot a hacker before it’s too late? As the video’s narrator warns, “Beware of anyone requesting your personal data or money, whether over the phone, via email or online. They may pretend to be a romantic interest, a family member in trouble, or even a foreign prince – odds are, they’re not.”

 

Hackers-For-Hire: It’s This Cheap to Hack Your Account

That’s only partly true. Business Insider released an interesting list that tells you how much it costs to get different accounts hacked. According to the page hacking a generic website is quite expensive when compared to the other options: You’ll have to pay as much as $2000 to get it done. Getting Facebook account access is a lot cheaper with only $350 and the one for Gmail would only cost you $90. One popular hacker apparently even offers to boost Yelp reviews!

Let’s face it. If you know the right search terms you’ll be able to find almost everything. “While it’s well-known that the dark web offers black market marketplaces for things like drugs and firearms, so too are there places where hackers offer up their skills for a fee. These hackers-for-hire offer a wide-ranging menu of services, many of which are likely not legal, “ writes Business Insider, and one of the pages offering some of the services reads: “Hiring a hacker shouldn’t be a difficult process, we believe that finding a trustworthy professional hacker for hire should be a worry free and painless experience.”

Hacking as something for the mass market? Of course – hackers-for-hire would come in handy if you really need to break into your own accounts; but how often does that really happen? While the above site states in their Terms of Use that “you agree to act responsibly in a manner demonstrating the exercise of good judgment. For example and without limitation, you agree not to: violate any applicable law or regulation, infringe the rights of any third party, including, without limitation, intellectual property, privacy, publicity or contractual rights, etc.” one can only wonder how legitimate the requests made are in the end.

If there is one thing we can take from all of this, it’s that account safety should be takes more serious than ever.

The post Hackers-For-Hire: It’s This Cheap to Hack Your Account appeared first on Avira Blog.

Why you need to protect your small business from hackers

Avast Free Antivirus protects small and medium sized businesses for free.

IT pros have used Avast Free Antivirus at home for years. It’s not a huge leap to use free Avast for Business at their place of business.

Small and medium-sized businesses face a challenge when it comes to keeping their data secure. Many companies don’t have the budget to hire a Managed Service Provider (MSP) to take care of their IT needs, and often, they think they do not have enough knowledge or time to handle it themselves, therefore the path of least resistance is to not have any security at all. At the very best SMBs use a consumer version of antivirus software.

But these days, neither of those options is a good idea. Having no protection leaves you too vulnerable, and the problem with using a consumer product in a work environment is whoever is managing the network cannot look across all computers at once and implement policy changes or updates.

Do hackers really target small businesses?

The media coverage of big time data breaches like Target, Neiman Marcus, and Home Depot may have many SMB owners thinking that they are not at risk, but even small and medium-sized businesses need to make sure that their data and that of their customers is protected.

Here’s a statistic that should get your attention: One in five small businesses are a victim of cybercrime each year, according to the National Cyber Security Alliance. And of those, nearly 60% go out of business within six months after an attack. And if you need more convincing, a 2014 study of internet threats reported that 31% of businesses with fewer than 250 employees were targeted and attacked.

Why do hackers target small businesses?

Hackers like small businesses because many of them don’t have a security expert on staff, a security strategy in place, or even policies limiting the online activity of their employees. In other words, they are vulnerable.

Don’t forget that it was through a small service vendor that hackers gained access to Target’s network. Hackers may get your own customer’s data like personal records and banking credentials and your employee’s log in information, all the while targeting the bigger fish.

While hackers account for most of the data lost, there is also the chance of accidental exposure or intentional theft by an employee.

Avast for BusinessWhat can I do to protect my small business?

For mom-and-pop outfits, Avast for Business, a free business-grade security product designed especially for the small and medium-sized business owner, offers tremendous value. The management console is quite similar to our consumer products meaning that the interface is user-friendly but also powerful enough to manage multiple devices.

“Avast for Business is our answer to providing businesses from startup to maturity a tool for the best protection, and there’s no reason for even the smallest of companies not to use it, because it starts at a price everyone can afford, free,” said Luke Walling, GM and VP of SMB at Avast.

Some companies may still opt to pay for a MSP, and in many cases, especially for medical or legal organizations, handing over administration to a third-party may be a good way to go. Either way, our freemium SMB security can be used, and if you use a MSP then the savings can be passed on to you.

Is free good enough for a business?

Many IT professionals have been using free security on their home computers for years. It’s not such a huge leap of faith to consider the benefits of making the switch in their businesses as well.

“I have been using Avast since 2003 at home, with friends, with family. You really come to trust and know a product over the years. It lends itself to business use really well, nothing held back,” said Kyle Barker of Championship Networks, a Charlotte-area MSP.

How do I get Avast for Business?

Visit Avast for Business and sign up for it there.