Tag Archives: Internet Security

Project Abacus: The End Of All Passwords

pandasecurity-abacusGoogle wants to kill passwords. They have developed Project Abacus, a system that aims to make passwords obsolete and secure your devices ten times more than a fingerprint sensor. So what’s the downside? This new privacy system comes at the expense of knowing absolutely everything about the smartphone’s owner. Its new security system is also… a creepy one.

To get rid of unlock patterns, passwords, or fingerprint readers on smartphones, Google has proposed a “trustworthy score” that will be calculated using your personal mobile devices, and deciding whether or not the terminal should be unblocked.

To obtain this score, the smartphone will use all of the user’s information: movement habits, typing speed, location and even biometric data, like voice or facial recognition. In summary, by using the combination of this information, the smartphone will know if the person attempting to unlock it is its owner.

To achieve what it aims to do, Google must constantly keep track of our smartphone use. Your employees will be spied on 24/7 from their personal devices while Project Abacus makes their digital life more secure and comfortable. With Project Abacus, all of your personal information is in Google’s hands.

When Your Apps Spy On You…

The search-site’s plan does not only happen to use this system to unlock Android devices, but it goes far beyond that: the company has announced that it will launch an API so that developers can use Project Abacus as an identification method in third-party applications. The days are numbered for stored passwords and two-step verification. Not only will Google have access to employee information, but any company that uses Project Abacus will be able to use it as a security system.

The problem with Project Abacus is not only the fact that Google and other businesses would have access to the data collected from the phones, but they could also spy on us in real-time. Passwords would no longer be the objective for cyber-attacks. The new goal for cyber-criminals would be to obtain the huge amounts of personal information that would be available about your company and its employees.

Google is taking measures that could be a good compliment to a computer security system, but it is important to remember that they are also increasing the likelihood of a cyber-attack by accessing so much personal data from users. Cyber-criminals are constantly reinventing themselves and putting your at risk, so it is essential to protect your company with the most advanced cyber-security solutions.

The post Project Abacus: The End Of All Passwords appeared first on Panda Security Mediacenter.

Do Your Employees Download Pirated Software? How To Prevent It:

pandasecurity-software-1There are many popular programs that might be available on a user’s home computer, but that are not available at their workplace. A popular image editing program like Photoshop, or Microsoft Office, might be too expensive for a small or medium-sized company that could opt out for more affordable, or even free, software solutions.

However, some employees are unwilling to conform to using these less popular tools, and often, they try to install pirated versions on their computer at work (that are unauthorized on their company computers). The consequence of downloading pirated versions goes far beyond the obvious legal repercussions, which can be very serious for companies. Pirated software is one of biggest entry doors for malware to enter companies.

Pirated software is one of biggest entry doors for malware to enter companies.

To prevent employees from using unlicensed software, which has the potential to compromise your company’s computers, it is essential to establish a proper software management policy (SAM).

pandasecurity-software-2

First of all, businesses should maintain an updated inventory of all active software (i.e., a list of all licensed programs and the workers who use them). Overall, this will serve to detect the programs that are necessary for employees’ work, and which ones should resign.

It is also important to control the detailed information associated with these licensed programs: when the program was bought, when it needs to be renewed, if there are any updates or patches that have not been downloaded yet; this will prioritize our resources so we are able to control budgets and facilitate decision making.

Businesses should maintain an updated inventory of all active software in order to better manage budgets and facilitate decision making.

It is also important to educate and sensitize workers about good practices in relation to software. Unfortunately, on many occasions the company technical departments are unaware of the programs that their colleagues are installing without permission. In fact, around 30% of employees use tools that their bosses don’t know about.

The problem is bigger than it may seem. In 2015, according to a study by the Business Software Alliance (BSA), 39% of software installed on computers worldwide are unlicensed. Those companies using unlicensed software programs are basically drilling holes for cybercriminals, giving them a way to enter their systems and allowing them to endanger their company with malware.

Downloading pirated software increases the likelihood of having a cyber-attack. It is important that you protect your business with advanced cyber-security solutions, like Adaptive Defense 360.

The post Do Your Employees Download Pirated Software? How To Prevent It: appeared first on Panda Security Mediacenter.

Good-bye Before H-Allo: Experts Don’t Approve of Google’s New Messaging App

Allo_FOTO1

During their annual developer event, Google I/O, the superior search engine introduced the public to Duo and Allo, which have been …. In the market of instant messaging apps, compared alongside its rivals of WhatsApp and Facebook Messenger.

Google’s main dish, Allo, has raised the bar of virtual assistants and bots, which are going to revolutionize the way we interact online. The tool will learn how to talk-the-talk—it will be able to capable of human interaction without having to pinch their brain or move a finger.

 

Allo will protect messages using end-to-end encryption

 

If, for example, you are invited to go out to dinner, the app will not only suggest a phrase to help you accept the invitation, but that will also book the restaurant for you, if you want it to, AND the restaurant chosen will be in-line with your preferences. According to Google, Allo will do all of this without compromising our privacy and security. As with WhatsApp, Allo will include end-to-end encryption to protect our messages.

So what is the problem? The chat encryption… which has become an extremely controversial topic. The security measure in the app will not be enabled by default, it will only work after we have activated incognito mode.

Thai Duong is one of the Google engineers responsible for the chat’s development. He wrote about this on his blog, but soon after, he deleted the paragraph. He wrote, “if the incognito mode with end-to-end encryption and disappearing messages is so useful, why not use it by default in Allo?” Many of us are wondering the same thing, which is precisely the reason Duong decided to remove the post, which would have made him into a voice for change or activism.

“Google’s decision to disable end-to-end encryption by default in its new #Allo chat app is dangerous, and makes it unsafe”, said the ex-analyst on Twitter, bringing to the light the NSA’s dirty laundry. “Avoid it for now”, he warned his followers.

 

Another privacy-defender, Christopher Soghoian, has also decided to voice his opinion against the decision that was taken by “Google’s legal teams and company” in order to avoid “upsetting the government”.

The post Good-bye Before H-Allo: Experts Don’t Approve of Google’s New Messaging App appeared first on Panda Security Mediacenter.

Are Your Passwords For Sale On The Black Market?

FOTO_1

Myspace is joining the list of 2016’s data breach victims, alongside Tumblr and LinkedIn. Yes, Myspace still exists and in fact, if you registered for the social media site prior to 2013, your old log-in information could have been compromised.

360 million emails and passwords were leaked in what is being called one of the largest mass data breaches in internet history. A few days ago, LeakedSource—a search-engine capable of searching leaked records—claimed to have learned account log-in information for a massive number of MySpace users.

Myspace acknowledged in its blog that cyber-criminals have gained access to log-in information from those who registered prior to June 2013. Until that date, passwords were protected by the hashing algorithm “cryptographic SHA1”, which is an outdated and insecure system which is no longer recommended.

The black hat, Peace, recently put the leaked data up for sale on the dark side of the net for six bitcoin (approx. $2,800 US or 2,400). This cyber-delinquent is also behind the Tumblr leak, where 65 million accounts were compromised, and the LinkedIn data breach (117 million leaked). As with Myspace, Peace attempted to sell the stolen information from Tumblr and LinkedIn on the black market.

Remember the Ashley Madison scandal? Well, the number of passwords stolen in this data breach is higher than those stolen in the Ashley Madison leak. If we take into account that the number of stolen passwords is higher than those stolen during the Ashley Madison scandal (39 million passwords leaked), it is particularly worrying.

FOTO_2

Prevention is Better Than Cure

Recently, LinkedIn required a password change for users whose personal data may have been compromised in the breach. Tumblr has done the same. For now, the former friend-network has ensured users that the matter is being investigated and that the company is implementing new security measures.

Nevertheless, internet users and social-network fiends should not wait for a big leak before they take steps to protect their privacy. One of the commandments of Internet safety is to periodically change passwords and to register different passwords with different services so if your data is compromised it only effects one set of log-in credentials.

One of the commandments of Internet safety is to periodically change passwords

With all those constantly-changing passwords, how can we remember them while remaining secure? It’s easy.  You can use password managers like Dashlane, which allows you to determine a password’s level of security and control them from the same page.

There are also great security solutions that offer a larger degree of protection and include a password manager… all you need is a master password to access all of your favorite internet services. It maintains your online privacy… at all times!

The post Are Your Passwords For Sale On The Black Market? appeared first on Panda Security Mediacenter.

Tor and the Deep Web: Secrets from the Dark Side of the Internet

The “Deep Web” or “Invisible Web” is on the rise. Humans are curious by nature, and more and more internet users are going to the dark side. Everyone knows that the internet is a never-ending source of information, and search engines like Google, Yahoo and Bing can quench our thirst for information using just a few key words, with lists of information within seconds. But, are you aware that most of us are only accessing a mere 4% of the World Wide Web?

deep web

To understand this concept, you must imagine the entire Internet as an Iceberg.

We only know the tip of the Iceberg: The Deep Web’s Structure.

Like we stated in the previous paragraph, to better understand the Deep Web, it’s imperative to think of the entire internet as an iceberg that is divided into five parts, with each part more submerged than the previous.

Level 1. At the tip of the iceberg we will find all pages that we are able to access using search engines. This part is visible and accessible for “simple mortals” and the information is completely traceable.

Level 2. Below the surface of the water, we will find pages or sites that are not indexed (in other words, sites that aren’t visible) using traditional search engines (like Google or Yahoo). Therefore, they are only accessible to those who are “qualified”.

Level 3. If we dive even deeper into the cold water surrounding our iceberg we will begin to see very hard to find—and mostly illegal—information.

Level 4. As we grow closer to the most submerged point of our iceberg we will be able to find every type of illegal website. Most of them are monitored by the United States government (for example, child pornography websites).

Level 5. Once we have passed the four levels in the Deep Web we will reach the most hidden part of the internet, known as “The Dark Net”. A hacker’s paradise, this part of the web is built on a series of private networks that can only be accessed by “trusted” users. This is the darkest part of the web: it is not governed under the standard protocols and there is no security.

Tor: How to Access it in the Deep Web

Everyone is capable of accessing the deepest parts of the web, but to do so you have to use alternative search engines. Tor (The Onion Router) is a free software program that was designed by the United States Naval Research in the mid-90s to protect US Intelligence communications online.

Tor has a layered structure (hence, its name) that enables the user to navigate by jumping from one layer to another, ensuring that the user is protected by a cypher that prevents them from seeing your IP address. One of the Deep Web’s main characteristics is user anonymity.

deepweb2

Is it really possible browse the web anonymously?

Industry experts say that connecting through Tor can be risky. Tor does not allow the user to control which proxy they connect to, which could lead to threats like man-in-the-middle attacks and JavaScript infections, which violate user privacy.

pandasecurity-hackers-deep-web

The best way to avoid these type of attacks is to control the parts you can, like: the kind of operating system (Windows, Linux, etc.), the origin of the connection, the trustworthiness of the information that we share, etc. Organized gangs remain anonymous in the “Deep Web” thanks to their skill and organization in each of these areas.

Although the world of the Deep Web seems very fascinating, we must consider the enormous dangers that we might find. Panda will not accompany you on this journey!

The post Tor and the Deep Web: Secrets from the Dark Side of the Internet appeared first on Panda Security Mediacenter.

Most company training programs leave out important IT security information. Are you at risk?

formacion_FOTO1

Workers are the first and the weakest link in the security chain (including your boss), especially if they have not received adequate training to defend themselves against cyber-attackers. Sadly, if malware were to sieve into an employee’s Smartphone or mobile device it could potentially cost a company more than 8,000 euros. This is the beginning of the end, and opens the door for cyber-thieves to steal massive amounts of sensitive information from your company.

 

There are some basic tips that every company should give their employees to keep their personal data and computers protected against cybercriminals, like: confirming the identity of anyone requesting information, keeping passwords secure, and backing up their computer. Alarmingly, organizations are neglecting to share this security-related knowledge with their employees, as seen in a recent study.

 

46% of the companies who participated in the study assumed that this type of preparation or formation would be obligatory for all employees. But in fact, only 60% of the companies that have fallen victim to information theft oblige their workers to go through a learning period, which would educate them on internet security and ensure that confidential data will not be compromised.

 

As shown in a study, less than half of companies assumed that IT security training is obligatory for businesses

 

Sadly, for the companies who do have “training” programs, there is a lot of important information left out. In fact, many security training periods only educate workers about basic IT procedures. Approximately 43% of the surveyed companies offer a basic course for their employees, and usually they do not address many of the risks that often lead to cyber-attacks.

 

Phishing and social engineering are two main threats in our cyber-sphere, but only a small fraction (49%) of companies review them in their security courses. In addition, two significant topics that are barely talked about (if they’re talked about at all) at these training programs are: mobile device security (38% of courses include this subject) and Cloud security accounts (29%).

 

Knowledge is power. It is the greatest barrier against these type of internet-related attacks; the nightmare of a cyber-attack can be easily prevented if employees are taught how to use the internet in a responsible manner. Bots or no bots, when it comes to cyber-security strategies, humans are still a company’s greatest weakness or their greatest strength. Everything depends on the level of training that is available to them.

The post Most company training programs leave out important IT security information. Are you at risk? appeared first on Panda Security Mediacenter.

Wearable Technology: You’ll soon be able to project your Smartwatch onto your Wrist

wearables_FOTO1Smart watches and fitness bracelets are joining millions of people on the mission to be healthier and more active.  These devices are becoming part of our daily lives, and expanding the functions that we already use on our Smartphones.

 

According to the consulting firm IDC, in the first quarter of 2016, wearable technology sales have already increased, mostly due to the smart devices that monitor health and exercise. This sales increase has lead to a decrease in cost; the price of these watches, bracelets and other wearables has gone down this year. Now, there is an intelligent accessory for every budget.

 

With companies like Fitbit, Xiaomi, Garmin, Samsung, and Apple in the lead, this market is said to be one of the most profitable sectors for years to come. In fact, the number of wearable technology users has already doubled in the last two years, according to a study from PwC

 

So far, Christmas 2015 has been the biggest expansion period for wearables.  But as the sector grows and more options are available on the market, the array of choices could actually hurt the sale of wearables.  To add, many users have already become bored of their wearables after using them for only a few months.

 

We will soon be able to project wearable screens onto human skin

 

One of the main disadvantages for most wearable technology is the small size of their screens (when they have them), but soon there will be a solution to this problem. There is now technology that allows for wearables to project onto human skin, converting the user’s arm, or any other part of the body, into an extension of the screen. But as always, with new advances in technology there are other limiting factors and in the case of wearables, it is their wavering cyber-security.

 

Yes, these devices track personal activity data like user movements and heart rhythm, but any personal information that gives cybercriminals insight into our personal lives is interesting data for them to steal.  A number of researchers and experts have even warned us of the large number of vulnerabilities that exist in these smart accessories, like the ones in smart watches. This means that if an attacker manages to exploit these devices, there is a large possibility that they could discover a credit card PIN number.

 

An attacker could use your Smart Watch to find out your credit card PIN number.

 

Wearables are not as “fit” as we think, in fact, they are weak when it comes to cyber-attacks. Protecting your wearable accessory is just as important as any other device and fortunately, there are specialized security companies, like Panda Security, that will help you protect your wearables and private information that are at risk.

The post Wearable Technology: You’ll soon be able to project your Smartwatch onto your Wrist appeared first on Panda Security Mediacenter.

Have they hijacked your browser? Here’s how to fix it

hijacking2We’re sure your browser has been hijacked before. Say you decide to download a program you need from a seemingly reliable website (like Softonic), and you click “install” to begin downloading without really thinking about it. When it finishes downloading, you go back to the browser and you realize that one or more toolbars have appeared or that the home page is no longer Google. The search engine hasn’t changed too much in appearance, but it is not the same one as before.

This is very common and is called browser hijacking. Why has the start-up browser page changed and how can I fix it? A malicious program—or at least an unwanted one—has corrupted your computer. Another example: While installing part of the software, your browser’s options change without your permission. The way it changes varies, but the end result is usually the same: more advertisements.

You have changed the start page or have toolbars that you have not installed voluntarily.

The “kidnapper” is earning money thanks to this practice (which is sometimes harmless but always very bothersome). Depending on the malware that is installed on your machine, it can be more or less difficult to get rid of. Don’t forget to take precautions.

In this case, there is a measure that almost never fails: installing antivirus software and keeping it updated. Good security solutions are able to recognize the malicious programs and prevent them from getting into your computer.

What if it’s too late?

If it is too late and your browser has been kidnapped (ex. it runs slower than usual, displays advertising for unusual sites, you see toolbars that you didn’t install, the home page has changed or your searches are redirected), then you have no other option than to restore the configuration to get everything back to normal.

For the most popular browsers, including Google Chrome, Mozilla Firefox or Internet Explorer, you can restore the configuration using the simple instructions online.

The post Have they hijacked your browser? Here’s how to fix it appeared first on Panda Security Mediacenter.

Registered the wrong email with paypal? Say goodbye to your money…

paypal1

Every type of person is a PayPal person. Each day, hundreds of well-known investors and business magnates are added to the list, like Peter Thiel, one of the original Facebook investors, or the South African tycoon Elon Musk, who is the CEO of both Tesla and SpaceX.

A good part of the internet already uses PayPal. It has become the leading digital payment service because of its overall excellence: it is convenient, simple-to-use, and for the most part, safe. Another part of its success is due to the fact that, often, it is the only payment method available, leaving those who want to complete their purchase only one option: to create a PayPal account.

Don’t have an account but are considering getting one? Be very careful while completing the new user form. The slightest mistake made while typing the email address can have very serious consequences. This is a not only a problem for PayPal, but for the worldwide web, but PayPal’s case is particularly important because with the service, our money is, literally, on-the-line.

 

The slightest mistake when typing your email can have very serious consequences

 

“Pay” attention to the simple things

While registering for an account, always look for two fields to enter your email address: one to fill in and one to verify. What if there isn’t a blank space to verify your email? Proceed with caution. If you complete the email incorrectly, your account information could be sent to another email address, and ultimately your profile could be controlled by another person.

 

You aren’t required to check your email for a “confirmation” before you begin to use the PayPal service. You do not need to click a link sent to your Inbox to prove that you’re the owner of the email account. So if you type the wrong email, a stranger could kick you out of your account (they only have to change your password!) A stranger could gain access to your money because of one silly mistake.

 

Many important websites share this problem, like the popular car share service, Uber. However, the consequences of a log-in error while using PayPal are much graver than with other companies because the company sells itself on being a safe site for internet payments.

The post Registered the wrong email with paypal? Say goodbye to your money… appeared first on Panda Security Mediacenter.

Happy Geek Pride Day! Here are Five Security Gadgets for your SME…

PandaGeekPride_ENG_800x800gif

Happy Geek Pride Day!  To celebrate our special day, we’re sharing with you some of the most innovative security gadgets to help your businesses stay protected and grow.  Technology is fundamental for any modern business. You might be thinking that IT security is far out of reach for your small to medium-size enterprise because of a limited budget. Wrong! You can protect against the constant threats that lurk in the web without breaking your budget.

With just a few bucks and some basic knowledge, there are many things us geeks can do to ensure the safety of our SMEs. Today is the day we rejoice in our shared love for technology and innovation.  Here are five cheap tools that will reinforce your company’s security:

Access Control

…the key that opens the doors of tomorrow.  The future of password identification is biometrics.  We’re sure you have noticed that it has been  increasingly popular for offices to use fingerprint readers, especially for entrances, to make sure that only the employees, and those invited, have access to the facilities. Protect entry to your business, or geek lair, with a smart lock.  Gadgets using Bluetooth, NFC, RFID or even Photonics Technology – can fulfill the same purpose.

Security Cables

Are you a geek that isn’t fluent in computer?  No problem.  Here’s a more hands-on solution.  Look to see if your laptop has a round slot, possibly close to the USB ports or the charger socket.  Maybe you’ve never noticed it but its more possible that you’ve been wondering what it is used for.  This is a Kensington Security Slot, a small hole that allows you to install a lock to block access to your machine.  Your roomie won’t be able to “borrow” your laptop anymore.  Although they won’t exactly strengthen the security of your laptop, security cables are cheap, tried and true.  They will definitely prevent future annoyances for your SME.

Cheap Alternatives for Video Surveillance Systems

The Internet of Things has opened up a world of possibilities for SMEs with small budgets. Now, we can set up surveillance systems using cameras that communicate with Smartphones. Piper, Canary or Nest Cam are some of the most popular and accessible systems.

The USB condom that protects your smartphone

Is your Smartphone your life? If your one of those entrepreneurs that sweats bullets as soon as you hit low-battery mode, then you’re probably accustomed to recharging your phone in public places like airports, cyber-cafes, or other similar charging stations, which in many instances, are massive hacking zones for cyber-criminals. A USB condom is inserted into the USB connector on your smartphone, tablet or computer, and disables the port’s data pins. The idea is that you insert it into your device before using free charging stations at less than trustworthy places. Once your charged-up, the device will eject and the USB port will operate as normal. You can find these devices in various models.

U2F

We have already chatted about two-step verification.  By now, you have probably grown tired of entering your password twice to confirm your identity for services or sites you access on the daily (like email accounts, for many of us). For less than €6, you can buy U2F Security Keys, which replace that second authentication factor.  As a safety guarantee, this special USB key does require you to enter on your computer that you, and only you, will try and access the computer.

USB KEY

The above-named gadgets can take your SME to a new level of protection, but you shouldn’t forget that hardware insurance is of little use if it is not accompanied by a good security software. With the Panda Antivirus, small and medium-sized enterprises won’t have to spend much time or money to defend their most valuable digital assets in the best possible way.

The post Happy Geek Pride Day! Here are Five Security Gadgets for your SME… appeared first on Panda Security Mediacenter.