Tag Archives: Internet Security

Core Tor Contributor Leaves Project; Shutting Down Important Tor Nodes

Another blow to the Tor Project: One of the Tor Project’s earliest contributors has decided to quit the project and shut down all of the important Tor nodes under his administration.

Lucky Green was part of the Tor Project before the anonymity network was known as TOR. He probably ran one of the first 5 nodes in the TOR network at its inception and managed special nodes inside the anonymity

How the new EU cybersecurity regulations affect businesses

pandasecurity-EU-initiative-2

The 28 countries that form the European Union will have a common cybersecurity goal beginning July 6th. The European parliament has approved a new directive in which these countries will have to change their legislation in the next 21 months.

The sectors that are listed (energy, transport, banking) will have to guarantee that they are capable of preventing cyberattacks. Also, if a serious incident related to cybersecurity does occur, the companies will have to inform the national authorities. Suppliers of digital services like Amazon or Google, are all required to facilitate this information.

The EU countries have 21 months to shift this into their legislation

The EU countries should strengthen cooperation in this area by designating one or more national authorities to the cybersecurity workload and strategize how to fight IT threats.

The EU’s approved directive establishes obligations for “basic service operators” (most of all in sectors that are already cited), and each country will have six months to transition their national legislation to the new EU rules.

Each country will have six months to transition their national legislation to the new rules.

Some businesses in the digital economy (e-commerce pages, search engines, cloud services) will also have to adopt measures in order to guarantee their infrastructure security. They will have to notify the authorities of any unusual incidents but micro and small businesses will be exempt from this rule.

We have already seen that this approval has come at a delicate moment in cyber-history. The European Union calculates that the cost of cyberattacks on businesses and citizens can be between 260,000 and 340,000 millions of Euros. According to a survey by Eurobarometro, 85% of internet users are concerned by the increasing risk of cybercrime attacks.

In this context, the goal of this directive is to boost trust between EU countries, sync security in the networks and IT systems, and overall, create an environment where information can be exchanged in order to prevent attacks, or at least communicate if a security incident occurs.

 

 

 

The post How the new EU cybersecurity regulations affect businesses appeared first on Panda Security Mediacenter.

Microsoft Wins! Govt Can't Force Tech Companies to Hand Over Data Stored Overseas

Especially after the Snowden revelations of global mass surveillance by US intelligence agencies at home and abroad, various countries demanded tech companies including Google, Apple, and Microsoft to set-up and maintain their servers in respective countries in order to keep their citizen data within boundaries.

The US government has powers to comply US-based tech companies with the court

Reselling Business and Home User Information

pandasecurity-hard-drivesIt is important to protect businesses against threats that lurk in the cyberworld. The threats may seem innocent at first, but usually, those are the ones that cause the most damage. Reselling your hard drive, for example, may seem like a simple task, but it could actually open the door for cyber delinquents.

A recent investigation found that, out of 200 hard drives bought off of second-hand websites like eBay or Craigslist, more than 2/3 still contained highly sensitive information from the previous owner. A good amount (11%) stored private data from businesses.

Some of the gems that the investigators were able to rescue from the storage devices included social security number, CVs, corporate emails (9%), CRM records (1%), spreadsheets with projected sales or inventories (5%). Imagine what an ill-intentioned hacker could do with this lot of private information.

Formatting: The Bare Minimum

The scariest part of it all is that most owners believe their hard drives were wiped clean before putting them for sale online. Two out of every five devices (36%) indicated that the content was cleared from the system, by means of the Recycling Bin (which is really just another extra folder) or by the delete button.

The Recycling Bin is really just another extra folder on the computer.

Not one of these elimination techniques are affective enough to completely get rid of all information on hard drives. With the right know-how, it could actually be quite easy to securely and permanently recuperate the previously deleted data. If you format the device multiple times, the information could be completely overwritten. Nevertheless, there is only one way to be completely certain the hard drive’s content has completely disappeared: destroy it.

If you plan on recycling, reusing or reselling your machines, “attempting” to delete their contents is not an option. In the majority of the tested hard drives, the owners did not even take the first step towards security. Only 10% of the investigated hard drives went through an erasure process, such as formatting in various steps.

The post Reselling Business and Home User Information appeared first on Panda Security Mediacenter.

Social Media, Ranked as One of the Top Threats Aimed at Companies

business man using internet on smart phone and laptop

Long ago, the term “goods” referred to necessities like wheat, milk, sugar, and petroleum, but our necessities have changed.  Now “goods” can refer to broad band or smartphones or computers or–cybercrime?

As seen in the RSA’s report about the Current State of Cybercrime, experts confirm what we already know: malware and the tools cybercriminals use are evolving. Although malware comes from different places, they have identical capabilities and continue to procreate.  The amount of stolen information continues to grow, and cybercriminals are capitalizing on it. The stolen information acquired by cybercriminals has joined the other goods available in our competitive market.

The internet and its on-growing innovations keep us adapting.  Next time you buy gourmet-pasta-on-a-Tuesday-and-eat-it-on-a-Wednesday, remember that cybercriminals could be capitalizing on the private information you divulge for such”conveniences”. While you are checking your email, they may be stealing and selling your log-in information for your email accounts, social media sites, and favorite online shops. Even very detailed information like medical histories from hospital patients are highly demanded and can be bought online, in bulk.

Every kind of personal information is online and has diverse buyers and sellers

But cybercriminals aren’t stooping to the deep-dark-web anymore, now they use public and open communication channels, like social media sites, for these illegal sales transactions. In fact, results from the six-month long study show that the RSA discovered more than 500 groups dedicated to fraud on social media, with an estimated 220,000 total members, and more than 60% (133,000 members), found each other on Facebook.

Financial information circulates within these online communities, including credit card information with access codes and authorization numbers, tutorials for how to perform a cyberattack, malware tools, and even zoomed-in conversations that teach users how to move money without being detected.

It is important for businesses to set aside sufficient resources to detect threats, attacks and frauds that now exist on multiple channels  (Windows, Android, iOS, Mac, etc.). Since the variants can multiply and tailor themselves to the malware,  prevention and protection efforts should also increase.

 

 

 

 

 

 

 

 

 

 

 

 

The post Social Media, Ranked as One of the Top Threats Aimed at Companies appeared first on Panda Security Mediacenter.

The Blue Screen of Death Gets a New Look

What a terrible feeling we have when the blue screen of death pops up. Dotted with white letters, this uh oh screen can show up unexpectedly on any old Windows-using computer. Seeing this screen will make anyone think, did my computer just DIE?

To fix the problem, the infamous screen of death reads that we should close all programs that could have provoked the issue or restart the computer altogether (using Ctrl+Alt+Supr). If we are lucky, the issue will go away after following these steps, but most of the time it won’t be that easy.

Now, this oh-so-hated blue screen of Windows has had a face-lift, making it just as terrible but a little nicer to look at. The newest version on Windows 10 (out this summer) will display a sad emoticon and a QR code that will send you to a help area once it is scanned.

FOTO 2

The bad news is that these two-dimensional codes, or more precisely the links they contain, can be very powerful tools for cybercriminals.

First, a cybercriminal could simulate that your computer has an error, and send your computer a fake “blue screen of death”. Then the criminal could add a QR code with a link that will take you to an unexpected and malicious website that will install drive-by malware on your computer.

If the cybercriminal wants to be very sly, they could design an entire website that looks like an official Microsoft one and use it to phish for log-in information and personal data. Uneducated computer users are the easiest victims for this type of trap.

The QR code that appears on the Screen of Death can be used for phishing or downloading malware onto your computer

But using QR codes to camouflage links is nothing new. The best way to protect yourself from this type of attack is to keep your guard up. Don’t scan a two-dimensional code without knowing where it will take you and if that website is a safe place.

To defend yourself against these kind of attacks, it is essential to have a good antivirus that will detect any kind of phishing or malware that is attempting to download on your computer.

The post The Blue Screen of Death Gets a New Look appeared first on Panda Security Mediacenter.

Ranking of Attacks Aimed at Businesses: Protect Your Wallet

pandasecurity-attacks-walletIn the first article of our series “Ranking of Attacks Aimed at Businesses”, we’ll introduce you to the top security threats aimed at companies and give you some tips on how you can protect yourself!

Staying up-to-date with security is an undertaking and requires effort and commitment. As technology develops and evolves, it is easy to fall behind. Cyber-criminals, on the other hand, are always ahead of the game and are constantly looking to exploit new vulnerabilities that accompany these innovations.

To protect yourself, it is extremely important to keep up with cybersecurity trends. Every year, the RSA publishes a report on the current state of cyber-crime that summarizes the hacking methods that are trending among cyber-criminals. Being aware of these trends is vital for IT security in companies. (The RSA is a group of American IT security experts that developed the RSA public key cryptography algorithm, and later renamed their computer network and security company the RSA.)

Attacking Your Wallet

Today, it is extremely easy to complete transactions on mobile devices, which is part of the reason this is an area that has quickly gained popularity among cyber-criminals.

More and more companies are setting-up services based from mobile phones. This benefits both customers (e-commerce apps, payment platforms, etc.) and employees, whose work is increasingly dependent on these devices. However, these conveniences also make everyone involved more desirable and attractive to cyber-criminals.

Although these transactions are convenient, there is a lot of fraud associated with these channels. Since mobile devices have not been around as long as other devices, like computers, security technology is not as advanced and they are usually less protected.

In 2015, the RSA detected that 45% of transactions, and 61% of fraud attempts, took place in mobile devices.

pandasecurity-attacks-wallet-2

In response to this, an interest in biometric identification systems has emerged, which identify users by analyzing some aspect of the body, or physical behavior.

There is an emerging special interest in biometric identification systems

Today, this technology can be found in facial recognition, fingerprint and iris scanners, and less commonly in voice or signature recognition. In addition, it is being investigated how other biometrics can be used for identification like our typing patterns, movement patterns, heart rate, and sweat levels.

 

According to the report of RSA, more than 90 % of banks are currently exploring the use of biometrics in their mobile applications (or intend to do so) within the next nine to twelve months. Many companies are following the same path. In fact, the future of authentication seems to be a mix of these systems with traditional ones, such as PINs and passwords.

Using a combination of both is the best option to ensure security in the future. More than one billion transactions, both online and offline, were influenced by mobile attacks in 2015.

If you want to boost your business’s cybersecurity, it is fundamental to invest in an advanced cybersecurity solution that will allow you to manage, control and protect your entire technological park from one place.

 

The post Ranking of Attacks Aimed at Businesses: Protect Your Wallet appeared first on Panda Security Mediacenter.

Think Your Fingerprint Sensor is Impervious to Criminals? Think Again.

pandasecurity-fingerprint-scannerTo swipe or to press? Your fingerprint is the new key that unlocks digital life. Fingerprint recognition is an increasingly popular security barrier that can be found in all sorts of high-end devices that are currently on the market. It’s fast and easy, and can be used as an alternative or a complement to those hard-to-remember passwords.

But can we depend on fingerprint recognition as a trustworthy protection mechanism? These little sensors, usually circular and flat, are very convenient.  With a swipe or press of your finger, and you’re in.  But the disadvantages of using fingerprint recognition are much higher. Yes, the main benefit to this kind of security barrier is that the biometrics used belong to a person and cannot be modified, except for in the case of surgery or accident, making them unique and impossible to recreate. Or can they be copied?

If you have seen police drama television shows, you have already passed criminology 101. Our fingerprints are left on everything we touch. Since the surface of the sensor itself is used to record the fingerprint, your smartphone could be easily compromised by anyone with access to the device and your fingerprints (which could remain on any of the many objects that pass through your fingers on a daily basis).

Fingerprints are left on everything we touch.

Unlike passwords which can only be saved on computers and devices that we use, fingerprints can be stored everywhere and on everything, making them public domain. It has been demonstrated how it is possible to make high quality copies of fingerprints using different techniques, which means that it is very much possible to create copies with the fingerprint in order to impersonate the user.

If this is true, why do we continue to use fingerprint recognition to protect the devices and services we use every day? In comparison to passwords, fingerprint scanners have many obvious benefits: a fingerprint is unique, you always have it with you, you can’t forget it, and it is easy to record it with a sensor, among other things.

Despite all of the foreseeable disadvantages, biometric recognition techniques like fingerprint sensors will continue to be the most widely used security method (and of course, they will be used hand-in-hand with classic passwords, or something similar). Clearly, double security barriers remain in our future.

The post Think Your Fingerprint Sensor is Impervious to Criminals? Think Again. appeared first on Panda Security Mediacenter.

Tech Giants Use Differential Privacy to Extract Your Private Information

pandasecurity-apple-mac

Besides the exciting developments Apple presented at its annual WWDC event in San Francisco, there were also some security related announcements that should not go unnoticed.

 

The Apple brand talked about a new concept that they are beginning to use in all of their services that they say is the future of how users manage personal information on their platforms: they call it differential privacy.

What does differential privacy consist of?

 

You may think of Apple as a privacy defender; they are known to favor encryption and implement different measures in order to protect the personal data of their users. But in the age of “big data”, tech companies like Apple are also seeking as many personal details as possible about their users. Like any business, the tech company run by Tim Cook needs to know everything about their customers, both current and future.

 

How can the tech company seek personal data, while at the same, keep it private? It’s a privacy vs. government race (especially in the United States). Luckily for Apple users, in the realm of user privacy, this multinational giant is in the lead.

 

Apple has come up with something they call differential privacy. In other words, they extract conclusions about users and groups (or subgroups), while at the same time, ensuring that the information belonging to each one of those individuals is totally private.

 

Differential privacy lets you gain insights from large datasets, but with a mathematical proof that no one can learn about a single individual

 

“Differential privacy lets you gain insights from large datasets, but with a mathematical proof that no one can learn about a single individual,” explained Aaron Roth, a profesor of computer science at the University of Pennsylvania, who “[wrote] the book” on differential privacy, according to Apple’s Craig Federighi.

Much More Than Anonymizing Data

This does not anonymize data like many other internet services, which has proven to fail in many occasions. In 2007, for example, a group of investigators demonstrated how they were able to de-anonymize the “anonymous” data published on Netflix.

 

On the contrary, with their new focus Apple will not pass information from its devices to its servers until the data passes through a transformation process where it will go through various techniques like cryptographic and flow noise functions to ensure that it is mathematically impossible to associate your data with your identity.

 

They are not the only technology giant that is adopting differential privacy to protect their users’ personal information: other big businesses share this new idea including Google, and Microsoft, whose team of experts even includes some of the concept’s founders.

The post Tech Giants Use Differential Privacy to Extract Your Private Information appeared first on Panda Security Mediacenter.

If You Add Extras to Your Web Browser = Extra Danger for You

pandasecurity-browser-1

Web browsers are full of dangerous options that nobody uses. Most computers come with pre-loaded web browsers like Microsoft Internet Explorer, Mozilla Firefox, and Apple Safari, but these default web browsers are not configured for secure web browsing.

Anytime users are surfing the web, there can be a “variety of computer problems caused by anything from spyware being installed without your knowledge to intruders taking control of your computer”, as stated on the US-Cert website.

What may seem like a cool option for your Web Browser, could actually be a gateway for cyber-attackers that goes unseen to the average computer user. Sometimes “less is more”, and when it comes to computer security, the less entry-points a cyber-criminal has, the less we have to worry about defending ourselves.

There needs to be a complex balance between having freedom to use new technology functionalities, like web browser options, while at the same time, keeping the door shut to cyber-criminals.

But why download options if they are pointless? 83% of the latest browser functionalities are completely unnecessary, as revealed in a study from the University of Illinois. In fact, only 1% of the 10,000 most popular web pages use these features in some way, many of which do not even prove that they are useful.

83% of the latest browser functionalities are completely unnecessary.

A good example of this are the Ambient Light Events (ALS) that are designed so that websites perform differently depending on the levels of light that surround the device, and adapt the computer brightness to it. Although it sounds helpful, only 14 of the 10,000 websites that were cited in the study implement this and very few users are even aware that it exists.

 

pandasecurity-browser-2

 

Iframes is another story. It has become a very popular HTML element that is used in many different types of websites; interactive spaces on a web page allow users to insert part of another page onto their website (this is known as embedding). At least half of the most popular websites use this technology, and yet it is blocked 77% of the time due to security reasons. In 2013, hackers seeded Internet searches with malicious iframe code, leading to iframe overlay attacks on many prominent networks.” The majority of social networks have stopped using this program.

 

Something else that has caught our attention is vibrate API, which enables websites to manage features on devices… if they decided to use them. Today, only 1 out of the 10,000 most popular websites does this, but still, the features remain available, not only for legitimate developers but also for potential attackers who could use it for their own benefit, for example to spy your conversations (like they did here).

 

A cybercriminal could use the vibration of your Smartphone to spy your conversations

 

The difficult balance of taking advantage of available options while maintaining security seems is difficult to have, at least in regard to the browsers. To be protected, users better have a good anti-virus that is capable of stopping assailants if they get through these online-cracks.

The post If You Add Extras to Your Web Browser = Extra Danger for You appeared first on Panda Security Mediacenter.