Tag Archives: highlighted

Update to Lollipop as soon as you can: These are the security improvements included in Android 5.0

Google has now launched the long-awaited Android 5.0, the new version of its mobile operating system. Do you want to know why you should update your smartphone’s software? We give you the first clues here.

lollipop-android

Adrian Ludwig, security engineer at Google, says in the official Android blog that their goal is to “stay two steps ahead of the bad guys” and this is Lollipop’s intention too. “Not only is Lollipop the sweetest update of Android to date, we also built in a rigid (security) Lollipop stick for the core and Kevlar wrapping on the outside—to keep you safe from the bad guys, inside and out.”

One of the most secure ways of keeping data safe is to use the screen lock or pattern. However, Google is aware that many users do not use this measure because, among other reasons, it makes it difficult to use the phone when it is connected to another device.

For this reason, the new operating system includes Smart Lock, which unlocks the phone when it is paired with a wearable or a hands-free device in the car via Bluetooth or NFC.

The phone can also be unlocked using facial expressions. Although this feature was available in version 4.0, in the new version of the Android operating system this application has been improved by constantly analyzing the user’s expressions.

Finally, in order to encourage users to install phone lock patterns and make them more secure, Android has included the option to receive on-screen notifications, even though the phone is locked, and access them more quickly.

Another security measure in Lollipop is related to encryption, which is no longer optional and will be really useful for less experienced users. Device encryption will be automatically enabled when the device is switched on. It uses a unique key that never leaves the device.

However, Google acknowledges that users with older devices that update their version of Android will have to enable the encryption feature manually themselves, which will not happen in devices shipped with this operating system.

Android has always tried to make sure that its apps access as little data on the phone as possible but in this respect its software has never been without its problems. Version 4.2 included Security Enhanced Linux, known as SELinux, which audited and monitored every action and left less room for attack.

SELinux defines the permissions of every user, app, process and file on the system and controls their actions and interactions following a strict security policy. This prevents any file – not even those downloaded from Google Play – from modifying the phone’s essential parameters.

lollipop-screen

Although this service was offered in previous versions, it has now been boosted to respond particularly to enterprise and government environment as, according to Ludwig, the majority of the members of different governments use Android. SELinux currently runs in enforcing mode, that is, all of the security policies are loaded and enabled on the device. It was not the same in previous versions, where the user could choose to use enforcing mode, permissive mode – where the security policies were loaded but not applied – or even turn it off.

Have you ever had your phone stolen? Having Lollipop installed could help you. It has the Factory Reset Protection feature, which disables stolen phones, only requiring the Google password to wipe the phone’s data remotely.

The new version of Android also keeps the device away from malicious websites when the user performs searches in the browser. In addition, it seems that everyone can create multiple user accounts to securely share the device with a friend or do so using guest user mode.

The heads of security at Android claim that the probability of a cyber-crook attacking the device using malicious software is 1 in 1,000. But the main dangers facing users is when the phone is lost or stolen. It is for these cases that the new security measures are designed. What are you waiting for to update your operating system?

 

The post Update to Lollipop as soon as you can: These are the security improvements included in Android 5.0 appeared first on MediaCenter Panda Security.

Nigerian scam on Skype. Beware of it!

It seems that the notorious Nigerian scam is not only carried out via email. As we have been able to confirm, Skype is also being used to trick us into believing that someone with a ton of money wants to share their fortune and that we are the recipients of it.

This is the message that “reputable banker”, Abdul Iddrisu, sent to one of our colleagues on Skype.

skype-scam

In it he says that his bank has $17.5 million to give out, after the owner of this fortune died in an earthquake in China in 2008 and as our colleague has the same last name as the deceased, they have decided to give the money to him.

What does he have to do in exchange? Send his bank account number so that they can deposit it. As easy as that, and as unbelievable, right?

Indeed, it is neither believable nor true. Obviously nobody is going to contact you to give you $17.5 million, so never give out your personal data over the Internet. Neither should you deposit any money in exchange for an alleged prize or inheritance. Do not fall for this type of scam!

The post Nigerian scam on Skype. Beware of it! appeared first on MediaCenter Panda Security.

Careful with photos from unknown sources in Android: They could now contain a nasty surprise

We now live in the age of the image. Hardly a day goes by when we don’t download or share an image of friends or family. The saying ‘A picture is worth a thousand words’ has become a motto for our everyday lives.

Well aware of this are those who prowl the Internet with malicious intent. They know that images are now swarming across the Web, and as such represent the perfect Trojan horse to conceal malicious content. In fact, had it not been for Axelle Apvrille and Ange Albertini, many have already tried. These researchers were responsible for uncovering a crack in the defensive wall of Google’s mobile operating system, through which images can be used to hide malicious software, which could then slip past the system’s protection.

android-mobile

At the latest Black Hat Europe event in Amsterdam, these cyber-security experts presented their work on the vulnerability in Android. Due to this flaw, malicious users could reach the smartphone or tablet of any user through an image which, when downloaded, would become a file that could infect the device.

According to Apvrille and Albertini, the malicious payload could be concealed in any image, regardless of format. Whether a .png or .jpg, what to the naked eye is simply a picture of a person, could simply be a front for code that would be released from the image and spread malware.

To demonstrate the existence of the vulnerability, they created a tool called AngeCryption, which let them convert images into packets. Thanks to this, they could hide anything they wanted to transmit from one device to another without security systems or Google’s own scanner being aware of its existence. So behind an apparently inoffensive image there could be an .apk, the type of executable file that allows applications to be installed.

pic-mobile

In the proof-of-concept presented by the researchers, they used an image of Darth Vader to hide a malicious app designed to steal photos, messages and other data from the devices it is downloaded to.

Imagine a contact sent you an image via WhatsApp and you downloaded it, without you knowing an app would be installed on your device that could search for and steal anything it found. This is precisely what this vulnerability allows.

“Such an attack is highly likely to go unnoticed, because the wrapping Android package hardly has anything suspicious about it,” explain Apvrille and Albertini. They also warn that this flaw has been present in all versions of Android so far.

The discovery of this security hole was kept quiet until the researchers were able to inform Google and the company’s security team had time to fix it. So are you now safe? Yes, but only if you remember to upgrade your smart phone or tablet. If you don’t, you will be exposed to potentially nasty surprises.

So we advise you:

  • To be careful with photos from unknown sources
  • Install any available Google updates.

Also, as prevention is better than cure, install our antivirus for Android devices. Why take unnecessary risks?

The post Careful with photos from unknown sources in Android: They could now contain a nasty surprise appeared first on MediaCenter Panda Security.

Blue double-check in WhatsApp. Your message has been read.

blue-double-check

Remember we said a few days ago that WhatsApp would be able to tell you whether your message had been read? Well, the blue double-check is now here. And what does it mean? The dream of some and nightmare of others: it’s the confirmation that your message has been read.

blue-double-check-whatsapp

 

But that’s not all. The blue double-check has also been included for groups and appears once all members of the group have read the message.

What do you think? Too much information? A loss of privacy? What’s clear is that you will no longer be able to say: “Sorry, I didn’t see your message…”

The post Blue double-check in WhatsApp. Your message has been read. appeared first on MediaCenter Panda Security.

Reasons you can be kicked out of WhatsApp

no-whatsapp

“Your number is no longer allowed to use our service”. Do you know what service it is? WhatsApp. That’s right, WhatsApp. Did you know that the app reserves the right to ban users that don’t abide by the terms and conditions of use?

Reasonable enough. The only problem is that they don’t warn you. So, given that forewarned is forearmed, here are some of the things that WhatsApp might ban you for.

Reasons you can be banned from WhatsApp

  • Being blocked by a certain number of users
  • Sending chain messages
  • Using the platform for advertising purposes
  • Sharing obscene or illicit material
  • Spreading files with viruses
  • Pretending to be another person

The company also reserves the right to delete messages that are too long or of limited interest.

The question you have to ask though is… To what extent are our WhatsApp conversations private?

The post Reasons you can be kicked out of WhatsApp appeared first on MediaCenter Panda Security.

10 Tips to Avoid Viruses on Halloween

avoid-halloween-viruses

Halloween is one of the most celebrated holidays, and cybercriminals always want to be part of it.

As we get closer to Halloween, hackers take advantage of the most popular Hollywood titles to launch so-called BlackHat SEO attacks, i.e. false Google and other search engine results with keywords related to popular topics of the time to trick users into clicking on their links.

Another popular form for hackers that we see distributed during these days is spam. They use typical Halloween characters to trick users and bring them to where they want. This way, in addition to obtaining personal data and revenue through clicks achieved, they redirect the user to other websites selling fraudulent or prohibited products.

As always, education, common sense and being forewarned is our best advice. We must be aware that they will try to deceive us with practical jokes, introducing real malware to our equipment which will lead us to a lot of headaches.

10 Tips to Avoid Viruses on Halloween

  1. Do not open emails or messages received from social networks that can come from unknown sources
  2. Do not click a link you get by email, unless they’re from reliable sources. It is suggested to type the URL directly into the browser bar. This rule applies to messages received through any email client, such as those that come via Facebook , Twitter, other social networking, instant messaging programs, etc.
  3. If you click on one of these links, it is important to look at the landing page. If you don’t recognize it, close your browser
  4. Do not download attachments that come from unknown sources. During this time we must pay special attention to the files that come with issues or Halloween-related names
  5. If you do not see anything strange on the page, but it requests a download, be wary and do not accept.
  6. If, however, you begin to download and install any type of executable file and the PC starts to launch messages, there is probably a copy of malware
  7. Do not buy online from sites that do not have a solid reputation, and much less on pages where transactions are not made ​​securely. To verify that a page is secure, look for the security certificate that is represented by a small yellow lock at the bar of the browser or in the lower right corner
  8. Do not use shared computers to perform transactions that require you to enter passwords or personal data
  9. Make sure you have an installed and updated antivirus
  10. Keep up with all the security news 

What about you? Have you ever been infect on Halloween?

The post 10 Tips to Avoid Viruses on Halloween appeared first on MediaCenter Panda Security.

White House wants to replace passwords with selfies

selfie-girls

There’s one question that appears on any Internet platform on which you have to verify your identity with a password: “Forgotten your password?” Companies nowadays know how forgetful we users can be. Particularly when it comes to remembering a complex sequence of letters and numbers that we’ve had to conjure up.

And that’s not all. There are the PINs for your cell phone, your credit card… There are now so many things to commit to memory that it sometimes seems that we just don’t have enough neurons to deal with it all.

As the technology giants are well aware of this human limitation, some are now including fingerprint sensors in devices, so owners confirm their identity simply by placing a finger on the screen. Many mobile devices also include a voice recognition option, though this is rarely activated by users.

fingerprint

These methods of identification however are still not entirely practical. At least this is what the President’s cybersecurity coordinator, Michael Daniel, believes. He wants to get rid of passwords from the White House forever.

One of the more unusual alternatives suggested by Daniel is for the President’s staff to use selfies.

It would seem that these snap shots could now be used for something other than just posting on social networks. Daniel’s plan would involve installing a series of sensors around the building which could recognize the faces of those entering certain areas of the President’s residence.

Instead of having to stand right in front of the sensor, staff could just show the screen of their cell phones displaying a clear and recognizable selfie.

selfie-obama

Daniel believes that technology companies have begun to realize that security measures must not only be functional, they must also take into account how users behave. If these measures are too complicated or difficult, people just won’t use them, he warned.

That’s why selfies could be the perfect answer, as even world leaders have taken to this latest digital craze.

The post White House wants to replace passwords with selfies appeared first on MediaCenter Panda Security.

419 scam. How to recognize it

junk-mail

If you have an email address no doubt at some time or another you have received an email from some friendly soul claiming that you’ve won a large sum of money.

Inevitably, in order to receive the money, you’ll first have to stump up a certain amount of cash.

This type of message, which often finds its way into users’ junk mail tray, is a variation of the scam known as the Nigerian letter, or the 419 scam (as they violate section 419 of the Nigerian criminal code).

Though this is one of the oldest scams on the Web, such emails are still commonplace for the simple reason that people still fall for it.

Variations of the 419 scam

  • The classic scam: Someone contacts you asking for help to get a large amount of money out of the country, in exchange for a decent commission. Sometimes the scammers even claim to represent a company that needs to get cash out of the country.
  • Animals: The criminals advertise cats, dogs, etc. for sale or even adoption. If you want one however, you are asked to forward the shipping costs first.
  • Lottery: Perhaps one of the funniest scams is the one that informs you that you have won the lottery… even if you didn’t buy a ticket! As usual, to receive your prize you have to send some cash up front.
  • An inheritance. You have inherited a sum of money from someone you didn’t even know, though of course, in order to receive it you must first hand over a small deposit.
  • Love: Someone you have never seen has fallen in love with you and has contacted you as they desperately want you to reciprocate. Once they have stolen your heart, they will need money in order to come and see you.

As we mentioned before, incredible though it may seem, people still fall for these scams.

Needless to say, you should never send money to someone who contacts you via email and neither should you reveal personal or financial information via email or over the phone.

The post 419 scam. How to recognize it appeared first on MediaCenter Panda Security.

How to boost security on your Facebook account with two-step verification

two-step-verification-facebook

No doubt you’ve heard about two-step verification used on various social networks.

Having this option enabled lets you increase security on your account and helps prevent unauthorized and potentially malicious access.

In the case of Facebook, the process is simple, and all you need is your cell phone handy to confirm access from a new device. In Facebook, a new device is one that you haven’t used previously to connect to the platform.

This way, what you have to do is approve logins to prevent others from accessing your account.

Here we explain step-by-step how to enable login approvals.

How to boost security on your Facebook account with two-step verification

In your Facebook account, go to Settings.

facebook-settings

Go into Account Settings and select Security. There you will see “Login Approvals”.

facebook-login

From there click “Require a security code to access my account from unknown browsers”.

facebook-login-approvals

facebook-security-code

When you enter the code that they send to your phone, you will have to enter your Facebook account password.

facebook-password

Now you have enabled login approvals.

facebook-complete

Facebook also gives you the option to print security codes in case at some time you don’t have your phone handy. It’s easy, right?

The post How to boost security on your Facebook account with two-step verification appeared first on MediaCenter Panda Security.

Six tips to make sure your personal photos don’t end up on the Web like those of Jennifer Lawrence

girl-with-computer

Increasingly, personal and private information is ending up on public view on the Internet. You may not have posted it yourself, you might have just stored it in the cloud, yet some ill-intentioned individual can access and publish it. Photos, videos and other personal data can easily fall into the wrong hands without your permission.

Since last September, more than 100 celebrities have been victims of this type of invasion of privacy. After having uploaded compromising photos to the Apple iCloud, they discovered these images posted on the Web. Someone had accessed and leaked the pictures.

All eyes then turned to Apple. The attack was caused by a security flaw on its mobile devices. A cyber-criminal claimed to have hacked the company’s services to get hold of the images, although the company has rejected this claim on several occasions.

Nevertheless, here we offer six tips to help protect your photos… just in case!

IMAGEN 1C

1. Be careful about what you store in the cloud

If these actresses and models hadn’t uploaded compromising images, it would have been considerably harder for the hackers to get hold of them. Even if you are not a public figure, it’s always a good idea to think about what kind of things you want to store on your phone.

2. Don’t share your account user names or passwords with others

Even though a friend or colleague may have your complete trust, the fewer people who know your credentials, the less chance there is of others finding out. Most online platforms (Facebook, Apple, Google and Yahoo) allow you to boost security with two-factor authentication. If available, it is always a good idea to use it. It basically involves another step in the verification of the user’s identity. This could involve generating a code that the page sends to your phone or another means of contact to verify your identity.

3. Strengthen your passwords to make sure they can’t be guessed by cyber-criminals

One useful tip is for them to contain a mix of numbers, special characters and upper and lower case letters, i.e. make them has complex and varied as possible. The same goes for your Wi-Fi password. It’s also a good idea to change them frequently.

apple-id

4.  With email, it’s wise to have different addresses for different purposes

Use different accounts for professional, personal or financial affairs. If somebody manages to gain access to one, at least all your data won’t be at risk.

5. Take care with your profile on social networks

Check the privacy options from time to time as sometimes they can be changed or the default settings are re-established without notice. And be careful with what you post online.

6. Use a good antivirus

It will not only keep your computer virus-free but will also identity and help keep Internet fraudsters at bay when, for example, you’re shopping online. Find the antivirus that best meets your needs from out 2015 product lineup.

The post Six tips to make sure your personal photos don’t end up on the Web like those of Jennifer Lawrence appeared first on MediaCenter Panda Security.