Tag Archives: highlighted

Think your cell phone is tapped? Don’t panic!

smartphone

At the end of last year, the US government put an end to the secret surveillance program carried out by the National Security Agency (NSA).  Not bad. Apparently, citizens have one less reason to worry about the privacy of their phone calls. However, the suspicion that someone else is listening to your conversations not only stems from the existence of organizations like that.

Experts have warned us that certain types of spyware can be used to remotely open a smartphone’s microphone and listen to the nearby sounds to find its location. If that weren’t enough, researchers from different universities have developed programs to record conversations in the same surreptitious manner.

Additionally, some Internet users claim that Google and Facebook have shown them ads and search results related to information they have only communicated over the phone. They are convinced that these companies are eavesdropping on their telephone calls and using the information they obtain to customize ads for them.

 headphones

In light of these events, the first question that comes to our mind is this: Can an app be used to open a device’s microphone without you realizing?

Security experts have demonstrated that yes, it’s possible and not too complicated. To develop an Android spy app, you simply have to take advantage of the Android capabilities to assign permissions to the app to use the microphone, and program a server that collects the information.

While it is not confirmed whether or not apps are available today that use those techniques to spy on users, the advisable thing to do is always check the origin of the apps you download to your phone, just in case.

The second question has to do with big companies: Do they actually use the recordings they get of background noises and user conversations?

Google affirms that it doesn’t use the information it collects when users say ‘OK Google’ (and enable the voice recognition feature) to display personalized ads. It also denies sharing the information it obtains with other companies for them to deliver personalized advertisements.

Additionally, the Mountain View company states in its developer policies that its apps cannot collect user data without authorization, something that would happen if users’ conversations were monitored.

Facebook also explains that it doesn’t allow companies or advertisers to design personalized advertising from the information obtained through users’ microphones, indicating that the ads it displays are exclusively based on the activities performed by users on the social network.

A mathematician from the Imperial College London, author of the book ‘The Improbability Principle’, claimed on the BBC that human beings are designed by evolution to always look for an explanation, even when there isn’t one. That’s why we are always establishing connections between events. Therefore, the coincidences that exist among the people who share their fears in Internet forums could be just that, coincidences. In principle, and leaving conspiracy theories aside, there should be nothing to worry about.

The post Think your cell phone is tapped? Don’t panic! appeared first on MediaCenter Panda Security.

Will it be safe to use a selfie instead of your password to pay with your credit card?

selfie

Get ready for this: Soon, selfies will not only be a good way to record the passing of time upon your face everywhere you go. As physical features are unique of each person, they will also be used as credit card passwords. At least that’s what credit card firm MasterCard thinks.

The company announced at the Mobile World Congress tech show in Barcelona that it will soon be accepting selfies as an alternative to passwords for online payments. The service will be available next summer in the USA, Canada and several European countries such as Italy, France, Netherlands, UK and Spain.

In order to use it, customers will only have to download an app to their computer, tablet or smartphone. Then, they will only have to look at the camera or use the device’s fingerprint reader (if available). However (at least for the moment), customers will still have to provide their credit card details. It’s if additional authentication is required that they will be  able to use the aforementioned feature.

With this new strategy, MasterCard aims to protect customers from fake online transactions made with users’ stolen passwords, as well as providing a more convenient system to users. In fact, the company says that 92 percent of the people who have tested the new system prefer it to traditional passwords.

credit card

Despite all the fuss, this is not the first time that this technology is put forward. E-commerce giant Alibaba announced some months ago that it would use facial recognition technologies for online payments.

Even though biometric security experts have already heralded that iris-scanning, facial recognition, fingerprints and even voice recognition will be the future, MasterCard’s initiative has re-opened the debate of whether selfies can be a safe replacement for passwords.

In fact, some experts have started wondering how information will be protected to prevent cyber-crooks from easily obtaining a user’s fingerprints or facial photograph if a transaction is made via careless use of a public Wi-Fi network.

These cyber-security experts claim that the system should incorporate several security layers to prevent potential theft of users’ facial photographs. After all, online payments make a very attractive target for cyber-criminals.

A few months ago, a group of experts from the Technical University of Berlin demonstrated that it is possible to extract the PIN of any smartphone using the owner’s selfie.  To do that, they read the passcode reflected on a user’s eyes as he typed it on his OPPO N1 phone. An attacker simply has to take control of a device’s front camera to carry out this rudimentary attack. Could a criminal take control of a user’s device to take a selfie photo and make online payments with the password they saw written on the victim’s face?

MasterCard insists its security mechanisms should be able to detect suspicious behavior. For example, users will be required to blink for the app to demonstrate it is a live image and not a photo or a previously-filmed video. The system maps out a picture of the user’s face, converting it to code and transmitting it securely over the Internet to MasterCard. The firm promises that this information remains safe on its servers, and the company won’t be able to reconstruct  the user’s face.

MasterCard has explained that the new service will only be used  for the moment in certain contexts where additional authentication is required. Additionally, this technology will also help identify the user’s location and the place where the goods are being shipped to, other indicators of a fake online transaction.

In a few months, security experts will be able to tell whether MasterCard’s system is sufficiently safe, or if in this case the cure is worse than the disease. Meanwhile, the company will continue to investigate into iris, voice and even electrocardiogram recognition as biometric alternatives to passwords.

The post Will it be safe to use a selfie instead of your password to pay with your credit card? appeared first on MediaCenter Panda Security.

A single infected smartphone could cost your business thousands of euros

smartphones

A few months ago, Apple devices were the victim of a large-scale cyber-attack, the largest in the company’s history. The company had to withdraw more than 50 iPhone, iPad and Mac apps from the App Store as they installed malicious software that allowed criminals to control users’ devices remotely and steal personal information.

So you see, not even the company with the half eaten apple logo, which boasts about the security measures applied to their technologies, is free from falling into cyber-criminals’ traps.  Smartphone attacks pose a great risk to device security and data privacy, and this is even worse in work environments.

According to a recent report from renowned research institute Ponemon, the number of employees using personal devices to access corporate data has increased 43 percent over the last few years, and 56 percent of corporate data is available for access from a smartphone.

The consequences of this situation can be translated into economic figures. A single infected smartphone can cost a company over €8,0000 on average, and the estimated global figure for all cyber-attacks over an entire year can reach €15 million.

meeting

Researchers interviewed 588 IT professionals from companies in the Forbes Global 2000 list (a list of the word’s biggest public companies) to know their opinion about mobile security. 67 percent of respondents believed it was very likely that their company had already suffered data leakage, as employees could access sensitive and confidential corporate data from their smartphones.

However, there are still more reasons for concern.

When asked about what data could be accessed by employees, most of the interviewees showed little knowledge.  Workers could access far more information than IT security heads thought, including workers’ personal data, confidential documents and customer information.

Luckily, there is also good news. According to the report, 16 percent of a company’s budget is invested in mobile security, a percentage that is expected to reach 37 percent.

Additionally, more than half of the companies that took part in the study had some type of system in place to manage the data accessible to employees through their smartphones, as well as security measures such as lists of malicious apps, authentication systems and platforms to manage user access and accounts.

Researches don’t believe that going back to the past or banning the use of personal devices for work purposes are effective measures, as working in the cloud and virtual environments is increasingly common. That’s why they suggest that the solution should be to set clear limits to the information that can be accessed from personal devices, and educating employees about the risk of such practices and the available tools to neutralize them, such as those provided by Panda Security.

The post A single infected smartphone could cost your business thousands of euros appeared first on MediaCenter Panda Security.

Locky malware report

The main objective of the Locky malware is to encrypt certain system files and network drives to coerce the affected user into paying a ransom to recover them. It renames all encrypted document as hash.locky files.

Systems are infected via an email attachment. When the user opens the attached Word document, they enable a malicious macro that runs a script to download Locky’s binary file.

macro code

Macro code that runs the script

 

The script communicates with a server to download the malicious file to the %TEMP% folder and run it.

locky

Trace used to download Locky to the target computer

 

Once run, Locky generates a unique machine ID using the operating system’s GUID. Then, it creates the following registry key with the generated value:  HKEY_CURRENT_USERSoftwareLockyid. Additionally, it communicates with a C&C server to get the public key it uses to encrypt the system files with the RSA-2048 and AES-128 algorithms, and stores it in the following registry key: HKEY_CURRENT_USERSoftwareLockypubkey.

Locky downloads a .TXT file with the instructions for paying the ransom, saves it to the registry (HKEY_CURRENT_USERSoftwareLockypaytext), and creates a file named __Locky_recover_instructions.txt in every folder which contains an encrypted file. Then, when it is done encrypting the hard disk, it uses the ShellExecuteA API function to open the .TXT file.

Locky checks every file on the system, targeting those files whose extension coincides with the list of extensions included in its code. Those files are encrypted with AES encryption and renamed as hash.locky files.

List of extensions targeted by Locky

.m4u, .m3u, .mid, .wma, .flv, .3g2, .mkv, .3gp, .mp4, .mov, .avi, .asf, .mpeg, .vob, .mpg, .wmv, .fla, .swf, .wav, .mp3, .qcow2, .vdi, .vmdk, .vmx, .gpg, .aes, .ARC, .PAQ, .tar.bz2, .tbk, .bak, .tar, .tgz, .rar, .zip, .djv, .djvu, .svg, .bmp, .png, .gif, .raw, .cgm, .jpeg, .jpg, .tif, .tiff, .NEF, .psd, .cmd, .bat, .class, .jar, .java, .asp, .brd, .sch, .dch, .dip, .vbs, .asm, .pas, .cpp, .php, .ldf, .mdf, .ibd, .MYI, .MYD, .frm, .odb, .dbf, .mdb, .sql, .SQLITEDB, .SQLITE3, .asc, .lay6, .lay, .ms11 (Security copy), .ms11, .sldm, .sldx, .ppsm, .ppsx, .ppam, .docb, .mml, .sxm, .otg, .odg, .uop, .potx, .potm, .pptx, .pptm, .std, .sxd, .pot, .pps, .sti, .sxi, .otp, .odp, .wb2, .123, .wks, .wk1, .xltx, .xltm, .xlsx, .xlsm, .xlsb, .slk, .xlw, .xlt, .xlm, .xlc, .dif, .stc, .sxc, .ots, .ods, .hwp, .602, .dotm, .dotx, .docm, .docx, .DOT, .3dm, .max, .3ds, .xml, .txt, .CSV, .uot, .RTF, .pdf, .XLS, .PPT, .stw, .sxw, .ott, .odt, .DOC, .pem, .p12, .csr, .crt, .key

Finally, the malware uses the vssadmin command to disable the system’s shadow copy service, preventing users from recovering the backup copies created by the operating system. Then, it attempts to delete the .EXE file to remove any traces of its presence on the computer.

Although this variant doesn’t take any actions to ensure it becomes persistent on the system, other versions do add the following registry key:

HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionRun “Locky” = “%TEMP%[name].exe”

The post Locky malware report appeared first on MediaCenter Panda Security.

Safer selfies on the way as Instagram plans two-step verification

instagram

More than 400 million selfie lovers can breathe a sigh of relief – Instagram, the social network phenomenon, has revealed that the two-step verification process is soon to be unveiled on its platform.

This means that Instagram accounts will now be better protected by a log-in procedure which should make things harder for cyber-attackers trying to access accounts without permission. With the new two-step procedure, an email address and password will no longer be enough to enter; the user will also need to have the smartphone that the account is linked to.

Facebook, which owns Instagram, already offers the new log-in option, and now the photo platform will boast it, too. Every person that has an account on Instagram can now link it to a telephone number, ensuring an extra layer of security.

So, every time that someone (even the account owner) tries to access the account from a new device, the social media platform will send a code to this telephone number. Without this code it will be impossible to access the account.

instagram filters

This new feature will be rolled out progressively, so soon all users that are worried about their security will be able to enter their telephone number and avoid cyber-attackers accessing their accounts and eliminating photos or using the account for malicious means.

Caution on Instagram

This new security measures comes not long after the platform put its own users’ privacy at risk. When it introduced a new feature, the ability to manage various accounts from the same device, there were serious security issues unearthed.

A bug meant that some users could see notifications belonging to other accounts that shared the device. This highlighted that having the same Instagram account synchronized on different devices meant that different users could see messages, notifications, and even like other photos.

instagram message

Despite this flaw being fixed, what is certain is that internet users must always take care when sharing information and should be aware of their privacy online.

Thus, the two-step verification process on Instagram is a step forward in terms of security and should protect users the same way as Facebook, Microsoft, and Google already do. Even though new verification techniques are being worked on (such as the ones created by a group of investigators at the ETH Information Security Institute in Zurich), at the moment the best way is to use our personal telephone numbers.

However, it’s just as important to have a two-step verification as it is have secure passwords: they should be long, contain numbers; different cases; symbols, and should be different for each account. To be able to manage the large number of passwords needed today, it’s best to have a password manager just like the one offered by Panda via its different protection packs, which allows you to be in control of different passwords at the click of a button.

The post Safer selfies on the way as Instagram plans two-step verification appeared first on MediaCenter Panda Security.

Football leaks posing a worry to security for the football world

football leaks

In the past few weeks the website Football leaks has been publishing contracts relating to signings and transfers of football players from the world’s top leagues. While some accuse the people behind this page of hacking and document theft, they themselves have assured that they haven’t, in any moment, hacked anyone and that they actually have their own source who provides them with the information.

What’s certain is that when it comes to stealing information from a company, who has it easier than an employee of said company – they have knowledge of the systems, where information is stored, etc. Keep in mind that the majority of security practices are designed to protect a company from an external attacker, via perimeter protection and with an antivirus on the network’s computers.

Football Leaks and EDR protection

However, it isn’t common that they have more advanced security systems such as EDR (Endpoint Detection and Response), which allows them to have total control of what is running on the network, who is accessing certain documents, at what time, and what they end up doing with them. It is obvious that even though they want to invest in security solutions, nobody can guarantee that in no moment will we be compromised.

For this, EDR are the ideal solution – on one hand they offer a greater protection and control as regards what happens on our network, allowing us to know what is happening in real time, and give us valuable information. For example, if we have vulnerable programs – ones that haven’t been updated – that are running. On the other hand it gives us forensic information which allows us to investigate what happened when there is a security breach. This final point is what is really valuable.

Looking back at the case of Football Leaks, where confidential documents have been leaked, we see that these documents are in the possession of the clubs who make the contracts, the players who sign them, and any intermediary. If the clubs had this type of solution, it would be relatively easy to guess who accessed the documents, from where, and if there were any copies made. They could even know if other documents had been compromised.

The value that it offers is clear, however, the majority of companies focus their security spending on preventative measures. This Football Leaks case may just force businesses in this sector (football teams, federations, official organizations, etc.) to go beyond this and adopt the necessary measures to avoid this happening again, as they will have all of the information available should a similar event occur.

These steps aren’t very different to what businesses who already take their security seriously already do, such as banks and energy companies.

The post Football leaks posing a worry to security for the football world appeared first on MediaCenter Panda Security.

Bargains, cards, and WhatsApp emoticons… the Valentine’s Day scams are here!

san valentin

Saint Valentine’s Day has as many lovers as haters. From those that love to spend the day with their significant other, or even celebrate singledom with friends, to those that hate being told when they should celebrate being in love.

What none of us are free from, however, are the ways in which cybercriminals try to trick us online. These criminals use any opportunity to claim new victims and this time of the year is no different – what may start out as a wonderful date could end up being a marriage from hell!

Valentine’s Day Bargains

Over the course of the next few days we will see online stores promoting special offers just for this occasion. These include an iPhone 6 for just €100, for example. In this case, just keep the old refrain about “there being no such thing as a free lunch” in mind.

WhatsApp Emoticons

We know that nearly everyone is dying to get new emoticons for WhatsApp and cybercriminals use Valentine’s Day to take advantage of this. You might see them trying to offer special, romantic themed emoticons but don’t download them – all you’ll get is malware! Remember to only download from official stores.

Gifts and SPAM for Valentine’s Day

Even though you already know what you’re buying for your partner, you’ll surely receive lots of emails with wonderful suggestions. In most cases it’ll just be spam, but be careful if they come with an attachment as it could contain malware. Delete them and you won’t need to worry about any unwanted gifts!

san valentin spam

Romantic cards filled with malware

It’s pretty likely that you’ll receive an email with a supposed Valentine’s Day greeting. This digital card needs to be downloaded to be viewed… and we’re sure that you won’t be surprised to learn that this is just another way of infecting your computer with malware. So remember, don’t click on links that come from unknown sources.

Phishing for your passwords

Another of the attacks that could be seen over the next few days are the ones that try to get your login details for Facebook and Twitter. These are done by phishing attacks and use the romantic holiday as an excuse to launch attacks. Our advice is to never, ever give out your login details over the Internet.

The post Bargains, cards, and WhatsApp emoticons… the Valentine’s Day scams are here! appeared first on MediaCenter Panda Security.

Simple tips on how to make every day a Safer Internet Day

safer internet day

Nearly everyone browses the Internet on a daily basis, be they children or adults, and although we work hard on making every day a safe day, it’s never too late to remind ourselves of the possible risks associated with browsing online.

Tomorrow, February 9, is Safer Internet Day and to celebrate it we have compiled 10 tips that you should keep in mind when using the Internet.

Simple tips on how to make every day a Safer Internet Day

  • Never share personal information on social media, instant messaging apps, or chats. You never fully know who is can see these messages so, because of this, don’t accept requests form people you don’t know. Also, try to avoid giving out personal details such as phone numbers, addresses, personal photos, and other private information unless it is someone you know and trust.
  • Always be nice. Treat people online just as you’d like them to treat you. If you see any comments or actions that you don’t like, mention it to your parents, teachers, or someone you trust in – they’ll know what to do. Don’t participate in this kind of behavior, even if you’re not the victim.
  • Say to your children that if they have doubts about surfing the net they should speak to you or another adult figure.
  • Be careful with attachments. If you use instant messaging or email then you will know that it is common to get emails or messages from unknown sources with attachments or links. It’s best not to click on these links, but rather type the address into the address bar. Also, be careful when accessing trailers for films, ads or downloading games.
  • Use secure passwords. Having different passwords for different accounts, which you should be changing frequently, is a great way of protecting yourself from cybercriminals. If you detect something odd, report it immediately!
  • Learn to recognize scams. These online methods of deception are well known, but be suspicious if someone tries to convince you that you’ve won a lottery that you never even entered. Your bank won’t ask you for access codes by email, either. A good antivirus is able to detect these threats and, along with some basic security knowledge and common sense, you can rest assured that you can avoid falling for these traps.
  • Security awareness and parental control are best way to be safe online. It’s important that you know the risks that your kids are exposed to online and that you educate them about what to do in certain situations. A good parental control system will help you to ensure that your kids have a safe and fun experience online.
  • Protect your PC with a reliable security solution. By always keeping your PC protected with a modern security software and you can also ensure the safety of all your family online. If you haven’t got an antivirus installed, try out our free antivirus.
  • Be careful with public Wi-Fi networks. Everyone has used these open networks at some point, be it in a café or a train station. Sometimes it isn’t avoidable, so when you do use them be sure to take extra measures to protect yourself. Always look for the lock symbol in the address bar and avoid carrying out any financial tasks.

 

The post Simple tips on how to make every day a Safer Internet Day appeared first on MediaCenter Panda Security.

Employees’ selfies and the dangers of cybercrime for critical infrastructures

selfie kitchen

When one works in a power plant, a water treatment facility, a gas plant, a recycling center, or any other critical infrastructure for a country, it’s essential to be extra careful about what you post on social media.

It might seem to be common sense, but IT security experts have raised worries over the amount of selfies taken by employees in these centers, which have started to appear across different sites such as Facebook, Twitter, and Instagram.

With the recent blackout which affected more than 80,000 people in Ukraine still fresh in the memory, the proliferation of selfies that could reveal security secrets in these installations could become a problem that needs to be stamped out immediately.

IT systems that could be compromised as a result of worker indiscretion are named SCADA – the initials are taken from Supervision, Control and Acquisition of Data – and they are continually used to manage all types of industrial processes, which means that their security is extremely important.

dangerous selfie

They allow you to obtain information from anywhere, in real-time, about the automated operations in a factory (or a gas station, for example), in such a way that the decision making and remote management of these installations is easy and economically sensible.

On the other hand, however, if a cybercriminal manages to enter the systems, especially if he manages to take control or alter the function of the machines, it could result in unrepairable damage.

Businesses, governments, and professionals from the sector are growing more and more aware of the risk that these infrastructures are exposed to. This is usually because they fear that the weakest link in the chain, which is always a person, could commit a silly mistake with their smartphone.

Just as has been discussed dedicated forums, IT security experts in the industrial sector have been able to locate these selfies, and other things, on Facebook and Instagram in which it is possible to see valuable information on the SCADA systems.

Furthermore, they have also discovered panoramic photos and virtual tours of the control rooms and the critical infrastructures, which are available for anyone to view, on the companies’ websites. This could allow someone with malicious intentions to extract information relating to employees, shift patterns, etc.

In fact, the German security expert Ralph Langner discovered that an image of the Natanz nuclear plant in Iran, distributed by president Ahmadinejad’s own press office, had been used by the creators of Stuxnet malware to attack the country’s nuclear program.

The image, which was happily shared by the Islamic regime, showed a control monitor for the SCADA system that was controlling its new uranium centrifuges. A real treat for their western enemies!

The post Employees’ selfies and the dangers of cybercrime for critical infrastructures appeared first on MediaCenter Panda Security.

US man jailed for massive SMS spam operation – How to avoid becoming a victim

From offering discounted sunglasses (designer label, of course) to gift card for well-known stores, the world of SMS spam is one that continues to trick unwitting victims. You’d think that by now we would all be aware of the scams behind these messages which we receive on our mobile devices, but with these spammers becoming increasingly desperate to make a quick buck, they are using all manner of tactics to dupe their victims.

Luckily, the authorities are taking spam campaigns seriously. Just this week a US judge ordered Phillip Fleitz, a 37-year-old native of Pennsylvania, to 27 months in federal prison for his role in a massive spam campaign.

smartphone

Over the course of nearly 2 years, the spammer sent millions of illegal spam messages to US and international cellphones and computers. With the help of two accomplices, Fleitz managed to earn between $2,000 and $3,000 per month by violating a 2003 law designed to protect cellphone and computer users from unwanted marketing and pornography emails and text messages.

The trio carried out their attacks by operating computer servers from China and using them to infiltrate the personal computers of millions of people worldwide. Naveed Ahmed, one of the accomplices, wrote a program that helped match cellphone numbers with their carriers. That allowed the scammers to bombard the phones with unsolicited messages.

The computer and text-message spam both included internet links. Those who received the text messages were told they had won gift cards that could be accessed by clicking on the links. In reality, those who followed the links were directed to web pages controlled by internet “cost per action” networks – marketing companies that collect email addresses and other personal information. Such companies are legal but using spam to drive traffic to them is not.

So, with this in mind, what can steps can you take if you receive unwanted spam on your cellphone? You’re in luck, as the latest Apple and Android cellphones allow users to block spam with relative ease.

iPhone users

If you have iOS 7 or later installed, open the spam message and click on contact, then on the “i” button that appears. A small contact card, mainly blank, will pop up and all you need to do is scroll down and select “Block this contact”.

To check out all of the numbers and spammers that you have blocked, you can view them in your message settings by scrolling down to Blocked.

Android users

For users of this operating service, blocking spammers is a little trickier but can still be done. First of all, the inbuilt messaging app doesn’t allow you to block anybody, so you’ll need to get an app from the Google Play store (remember to only download apps from official or trusted sources).

The apps available offer different forms of spam-blocking assistance – from ones that allow you to create a blacklist of contacts to others that automatically flag suspicious messages as spam.

If your Android device has been updated to KitKat (you can verify this by clicking on the “About Phone” section of your settings; if it’s 4.3 or above then it’s on KitKat) then you have it a little more complicated again. However, you can install Google Hangouts which not only sends and receives standard SMS messages, but lets you place spammers on a “blocked” list.

The post US man jailed for massive SMS spam operation – How to avoid becoming a victim appeared first on MediaCenter Panda Security.