Tag Archives: Mobile News

Panda Security

“Cyber-crime is international, but we get stuck with national laws that may not be compatible in this fight”, Righard Zwienenberg

Leave a comment

eset- panda- security

Our guest article Righard has been in the IT security world since the late 80’s, and “playing” with computers since the 70’s.

1- At the beginning, computer viruses were almost like a myth. However, over the years, computer attacks became real and they have evolved significantly, along with security solutions. To what extent are we doing things properly? It seems that today there are more attacks than ever before…

Obviously there are more attacks than ever before. In the beginning, having a computer was a novelty, on top of that, the underlying OS was rather diverse. Nowadays, almost everyone has one or more computers or devices. More devices makes the attack vector more interesting (higher chance of success for the cybercriminal) but as many more people are now “into” computers, there automatically are also more people that will exploit for ill purposes. It is inevitable. As in business, where there is an opportunity there will be an entrepreneur, likewise in cybercrime, if it can be exploited, someone will.

With the growth and evolution of the OS’s, security solutions followed. Actually not only the security solutions but also the general perception of security by the public. Guess banking Trojans and ransomware were useful to raise the awareness.

guest-article-panda

Senior Research Fellow, ESET

2- You developed your first antivirus in 1988. Back then, the number of viruses to detect was very small, despite the fact that they already used some really complex techniques. Considering the way computer threats have evolved, would it be possible for somebody today to develop an effective security solution by himself?

Why not? All you need is a good (new) idea and implement it. It may be the holy grail of heuristics and proactively block a complete new type of threat, or even multiple. That is how the current anti-malware products started in the late 80’s. Of course a single issue solution would nowadays not be enough anymore as customers expect a multi-layered, full protection solution and the sheer number of daily new malware will make it impossible to keep up just by yourself. So it will be more likely that you sell your technology to a larger company or you become a niche player in the 2nd opinion market. But… There is nothing wrong with that!

3- You’ve worked with groups that cooperate with governments, agencies and companies. In your opinion, who should be more interested in improving their IT security knowledge?  Governments? Companies? The public sector and authorities?

Sadly all of the above. Education and Awareness is key here. New threats emerge all the time, and you need to be aware of the to defend yourself against it. Or at least be able to check if your security vendor is defending you against it.

Governments try to have all people use digital systems and guarantee people’s privacy, but can they? They say they do, but then, even at large public events like the 2016 elections for the US Presidency, where you would assume all the security is in place, ignorant security flaws pop up.

media-center-eset-panda

In the above case, the official website for – the now elected – Donald Trump allowed an arbitrary URL to show the header above the news archive. That can be used as a funny gimmick, but most likely also be exploited if the arbitrary URL is extended perhaps with script code.

4- You have collaborated with law enforcement agencies in multiple cases of cyber-crime. In your opinion, are law enforcement forces well prepared to fight cyber-crime? Do they have enough resources?

They are well prepared and most of the time have the resources to fight cyber-crime. You will be surprised what they actually know and can do. But what usually is the problematic issue is international laws. Cyber-crime is international, but we get stuck with national laws that may not be compatible in the fight against cyber-crime. On top of that, cyber-crime is digital and very fast moving. Too much legislation prevents swift actions. Politics has to catch up with more organic laws that “go with the flow” and do not takes ages to get updated against the latest threats, allowing law-enforcement to rightfully act against cyber-crime and not to have a case dismissed in court due to old-fashioned legislation.

New threats emerge all the time, and you need to be aware of them to defend yourself against it.

5- Is there an appropriate level of cooperation between law enforcement agencies and security vendors/experts, or do you think there is room for improvement?

Room for improvement is always there. But LEO’s and the private sector already do work together (although as mentioned hindered by (local) laws). Some new cooperation initiatives are actually about to be started and initiated by LEO’s. It clearly shows that working together, it will be easier to reach the mutual goal: to get cyber-criminals locked up, removing safe havens for them.

6- Ransomware attacks can have disastrous consequences for consumers, employees and companies in general. The cost of recovery from a security breach can be very high for an organization; however, what do you think of the expenses a company must face to prevent such attacks?

These must be seen as a preventive measure, a kind of insurance. You do invest for a lock on your door although the door can be closed, right? And when you compare the cost for preventive measurements against the cost after ransomware (the lost work, the lost time, checking and cleaning up the entire network (as you don’t know if it put some executable files of some stolen data somewhere on an open share, or if a backdoor was installed, etc.), the negative public PR, etc.), it isn’t all that expensive. Awareness (and thus proper education) is the key for all people to understand that reporting suspicious activity earlier can actually save a lot of money for the company. In this case, the cost of a report of suspicious activity that turns out to be false is nullified by the cost saved by that single report of suspicious activity where it turns out the threat is real.

Awareness (and thus proper education) is the key for all people to understand that reporting suspicious activity earlier can actually save a lot of money for the company.

7- Righard, you’ve been working with AMTSO (Anti-Malware Testing Standards Organization) since its inception. During this time, you’ve had the opportunity to work in different positions within the organization: CEO, CTO, and now you are a member of the board. What influence has AMTSO had on the world of security solution testing? What difference has it made?

AMTSO had – in my perception – a tremendous influence on the world of security solution testing. Yes of course, it was a struggle in the beginning, errors were made, but now, after repairing the organizational flaws, AMTSO came up with Guidelines and Recommendations that were adopted by testers and vendors, making sure that all testing was done fair and equally. This has also caught the eye of other organizations that are now recommending AMTSO and AMTSO “compliant” tests or to get a product certified by a tester that has adopted the AMTSO Guidelines and Recommendations.

8- What challenges will AMTSO have to face in the near future?

AMTSO is growing and is now changing the Guidelines and Recommendations into real Standard Documents. This is a delicate procedure to complete, but when completed and done properly, a big step forward. As AMTSO is growing and getting more members of different industries, but also from the same industry with motivations or ways of thinking that are different than the established industry, with older and newer companies, keeping it all together to continue to build AMTSO broader and going for AMTSO’s goals, that will be a challenge. But I am sure the new management will be able to do so. I would not have stepped down as CEO/President if I didn’t believe it would be in good hands!

The post “Cyber-crime is international, but we get stuck with national laws that may not be compatible in this fight”, Righard Zwienenberg appeared first on Panda Security Mediacenter.

Panda Security

Your Tinder Account could be hacked.

Leave a comment

Security researchers have discovered that two of the world’s most popular mobile dating apps can be hacked, exposing sensitive user data in the process. The team from the University of South Australia ran a series of tests, proving that a number of personal details could be extracted from the apps relatively easily.

Capturing network traffic reveals all

The two apps in question, Tinder and Grindr, claim to keep personal details private until users select a match, someone they want to make.

The two apps in question, Tinder and Grindr, claim to keep personal details private until users select a match, someone they want to make contact with. It is only at this point email addresses or usernames are shared, allowing people to connect directly.

The team of experts found that a determined hacker could capture information as it passed between the user’s phone and the Internet. Flaws in the apps themselves could also be exploited to reveal even more information directly on the Android smartphone.

Using the same techniques demonstrated by the university team on the Tinder app, hackers are able to recover all the profile images viewed by the user, along with details of each “match”. Further probing reveals the user’s unique Facebook token – a string of numbers and letters that could be used to personally identify the app user.

Security tests suggest that Grindr is even less secure. Among the information recovered were the details of profiles the user had viewed, along with their own email address. Even more worrying was the discovery that messages from private chats could also be accessed by hackers.

Why does it matter?

Romantic relationships are built on trust by sharing private thoughts and feelings with another person. We make ourselves vulnerable by discussing things we wouldn’t share anywhere else.

This kind of deeply personal information is extremely attractive to hackers who can use it to blackmail the user, or to build a personal profile for advanced social engineering attacks. The secrets revealed in private conversations can often be used to guess passwords, or “trick” people into handing over valuable information like bank account numbers.

How to protect Tinder against hacking

Tinder and Grindr were both criticized by the University of South Australia for failing to properly protect users’ data. In the conclusion of their report, users were urged to be extra careful about the apps they install on their Android phones.

Ultimately the responsibility for these problems lie with the app developers who need to improve their security provisions. In the meantime, Android users can enhance their own protection using Panda Mobile Security to prevent personal data from being accessed without permission – as was the case here.

Panda Mobile Security prevents malicious apps from stealing data, and can be configured to limit data sharing between legitimate apps, helping to keep your sensitive personal information away from hackers. Which means you can focus on finding love without someone accessing your private chats.

The post Your Tinder Account could be hacked. appeared first on Panda Security Mediacenter.

Panda Security

How to avoid hacking to Critical Infrastructure

Leave a comment

panda-security-infrastructure

The cyber-attacks on the backbone of today’s economies are materialized in those assaults that affect society as a whole. The strategic priorities of national security include infrastructure exposed to the threats that can affect the operation of essential services.

PandaLabs, Panda Securitys anti-malware laboratory, has released a whitepaper called “Critical Infrastructure: Cyber- attacks on the backbone of today’s economy” with a timeline of the most notorious cyber-security attacks around the world on critical infrastructure, and recommendations on how to protect them.

Malware and targeted attacks aimed at sabotaging these networks are the main threats to critical infrastructure. Oil refineries, gas pipelines, transport systems, electricity companies or water supply control systems all form part of a technologically advanced industry where security failures can affect the whole of society.

Malware and targeted attacks

Today’s increasing trend towards interconnecting all types of infrastructure also increases potential points of entry for attacks on the services that have become essential for today’s societies.

This is apparent with the cyber-attacks that have been carried out in the past against these networks, the first of which took place in 1982, even before the Internet existed. In this case, attackers infected the systems of a Siberian oil pipeline with a Trojan.

critical-infrastructure-pandaIn addition to paralyzing and reducing services, which was what happened to the Venezuelan oil company PDVSA when it was hit by an attack that reduced production from 3 million barrels a day to 370,000, such attacks can also have a significant financial impact. One of the largest car manufacturers in the USA was left with losses of around US$150 million thanks to an attack using SQLSlammer, which spread rapidly and affected 17 production plants.

The threat is real

panda-security-crtical-infrastructureOne of the most infamous cases of cyber-attacks on critical infrastructures in history was Stuxnet. It is now known that this was a coordinated attack between the Israeli and US intelligence services, aimed at sabotaging Iran’s nuclear program. The case became the catalyst that made the general public aware of these types of threats.

Over the years there have been key events that have marked turning points in global security, such as the 09/11 attacks. In Europe, there was a similar key date, March 11, 2004, the date of the Madrid train bombings. As a result, the European commission drew up a global strategy for the protection of critical infrastructure, the ‘European Programme for Critical Infrastructure Protection’, which includes proposals to improve Europe’s prevention, preparation and response to terrorist attacks.

How could these attacks have been avoided?

The technical characteristics and the high level of exposure of data that can be stolen means that special care needs to be taken in protecting these infrastructures, including a series of good practices, such as:

  • Checking systems for vulnerabilities.
  • The networks used to control these infrastructures should be adequately monitored and, where necessary, isolated from external connections.
  • Control of removable drives is essential on any infrastructure and not just because it has been the attack vector for attacks as notorious as Stuxnet. When protecting such critical infrastructure, it is essential to ensure that malware doesn’t enter the internal network through pen drives or that they are not used to steal confidential information.
  • Monitoring PCs to which programmable logic controllers (or PLCs) are connected. These Internet-connected devices are the most sensitive, as they can give an attacker access to sensitive control systems. Moreover, even if they don’t manage to take control of a system, they can obtain valuable information for other attack vectors.

In light of this panorama, protection against advanced threats and targeted attacks is essential. Adaptive Defense 360 offers comprehensive security against these attacks and provides companies with all they need to defend themselves and close the door on the cyber-security vulnerabilities that can, in the end, affect us all.

Download the infographic “Cyber-attacks on the backbone of today’s economy” here.

Download the Whitepaper:

international

International Edition

 

Russia

Russian Edition

 

PortuguesePortuguese Edition

 

swissSwiss Edition

 

The post How to avoid hacking to Critical Infrastructure appeared first on Panda Security Mediacenter.

Panda Security

Black Friday and Cyber Monday: how to shop online safely.

Leave a comment

pandasecurity-black-friday-cyber-monday

How to safely shop online?

It’s not a secret about 70% of the adult US population shops online regularly. With Black Friday and Cyber Monday right around the corner tens of millions of people are preparing to get a bang for their buck. The deals are usually so good even people sceptical about online shopping, and without much experience, may feel tempted to participate in the online frenzy. Last year consumers spent more than $3 billion on Cyber Monday alone. The previous record was in 2015 when they spent “only” $2.75 billion.

Our economy seems stable right now, with that in mind we are pretty sure the deal-hungry buyers will beat last years’ numbers. There is nothing wrong with taking advantage of the great deals, as long as you do it safely. Panda Security has been combating cybercrime for more than 25 years and we can surely tell you a thing or two about how to safely shop online around the holidays.

Top 10 tips of how to safely shop online

Beware of phishing

With Thanksgiving just around the corner, you will begin receiving tons of email newsletters offering you great deals. We do not advise you click on the ones you are not familiar with. Try to stick to the ones you know, and if you don’t know the company that is approaching you, research them online before opening the emails you’ve received from them.

Do research

We know that the deals around Thanksgiving are amazing but sometimes when something is too good to be true, it’s either fraudulent or a scam. Don’t be fooled by the Cyber Monday label, products still cost what they cost if the deal is too good to be true that’s probably because it’s not true. If you are in doubt, simply google the product and see if anyone else offers it for the same price. You may end up getting an even better deal!

Don’t be scared to buy from the ‘usual suspects’

Try to do your online shopping from websites and online retailers that you recognize and you have shopped from before. You shouldn’t worry much if you place an order with a well-known supplies superstore such as Home Depot for example.

Check the URLs

While you surf online you may get so excited by the good deals you’ve found that you may end up on a spoof website. If you are in doubt, check the URL link. If it feels awkward close the browser, open a search engine, type the name of the retailer you are trying to reach and place the order through the real website. Better safe than sorry!

Read the file product description as well as the terms and conditions

Sometimes it may seem as if you are buying a brand new device but you may end up getting a refurbished or reconditioned one. The fact that the deal is great, does not mean that the product will be great too. Always take your time to review the terms and conditions, warranty, insurance options, the return policy and the location of the product you are trying to purchase.

Do not use the debit card for your checking account

It may be tempting to pay directly from your checking account but checking accounts have less protection and it will be much harder for you to get your money back if you end up scammed by a phony website. Even if you have the money available in your checking account, better not share your debit card details with the world unless absolutely necessary. Put those expenses on your credit card statement instead!

Verify your order

It is not uncommon for consumer to select more than one item by mistake, or they put the wrong house number, or they check a shipping option that does not work for their needs. This is why we advise you to always double check the order before you make a payment. A few extra seconds won’t waste your day. You don’t want to buy a Christmas gift a week before Christmas to later find out that it ships from China in 3 weeks’ time.

Make sure the site is safe

Don’t buy anything online from a site that does not have SSL encryption. You will know if a site has SSL encryption if the URL starts with HTTPS:// (instead of just HTTP://).

Use antivirus software

It may sound trivial when you hear it from us, but staying protected is really important. Don’t wait until Thanksgiving to get protection. We’ve been combating cybercrime for nearly 3 decades, we can help you and your family stay safe around the holidays.

Use common sense

Last but not least, if you see a website that looks suspicious, just don’t order from there. There’s plenty of fish in the sea – you will find the same offer somewhere else. There is nothing wrong with calling the company directly during business hours to check their legitimacy. Remain vigilant, don’t just give away your hard earned cash!

Every year we spend billions of dollars around Thanksgiving and hackers are preying on us trying to get our card details, trying to steal our identity and personal information. Don’t let them ruin your holiday by simply following the suggestions listed above.

Happy shopping!

The post Black Friday and Cyber Monday: how to shop online safely. appeared first on Panda Security Mediacenter.

Panda Security

5 Tips to make your Cell phone battery last longer.

Leave a comment

pandasecurity-mobile-phone-battery

5 tips to maintain your cell phone battery without compromising experience

When cell phones appeared on the market they were meant to be used for talk and text. However, things have changed and cellular operators no longer stress about the amount of minutes or texts you are using, but for the amount of data you burn through. That’s because people don’t make that many calls anymore – these days your cell phone is being used as a small pocket computer that allows you to connect with your friends and business partners, be up to speed with what is happening around the world and of course entertain yourself by watching videos and playing games.

The devices are no longer about you being able to call someone; it’s about you being connected to the world on a variety of platforms. What makes cell phones such an important tool? Well, they are mobile. It is as simple as that! You can use them almost anywhere and take them with you everywhere. There’s an app for almost anything that keeps to mind. Now while mobility can be an advantage in many ways it can also be perceived as a disadvantage.

With great power comes great responsibility

cell phones are powered by a battery and this battery can often let us down. The laws of the modern world say: Your cell phone battery will most probably die on you the moment you need it most. It is said that should Apple manufacture a car, it will most likely run out of juice every day at about 4pm, just as you’re trying to go home from work. We are so dependent upon cell phones we can no longer execute simple everyday tasks without them. There are reported cases of people unable to get home as their phones have stopped working. How do you get home without the GPS on your device? Let’s admit it – we have become so used to having that cell phone in our pocket we cannot function without it.

Top 5 things you can do to improve your battery life

Always carry a charging cable with you

Phones tend to die in the most unexpected moments so we recommend that you always have a portable power station with you, or at least a cable that will allow you to charge your phone in case of need. Just look at Starbucks as an example. They know people want their devices charged up so they installed wireless chargers at their coffee stores to attract more customers. While this can be the case in some stores, in 9 out of 10 cases, stores that don’t have wireless chargers will be happy to get your phone charged a bit behind the counter while you shop.

Now might be the time to get a portable power station

There are many options on the market that allow you to have your phone charged while on the go. Have you seen all of these people with phones connected with a cable to something in their backpack or purse? They are Pokémon hunters who want to ‘catch’em all’. You cannot catch all the Pokémon if you don’t have a portable charger – your phone won’t make it without a recharge. While this is a common practice amongst Pokémon hunters, regular people take advantage of it just as much. Having a juice pack is a must in this busy world.

Keep a car charger in your car

Just go out there and get yourself a car charger. You will never run out of battery if your phone is charging while you are commuting. Unless you live in New York, here in the USA most people travel to and from work for at least 30 minutes a day. Some phones such as Motorola Droid 2 or Google Pixel allow you to use your phone for up to 8 hours with only 15 minutes charge. This is incredible, take advantage of the fast charging options available for your mobile device.

Consider getting a phone with interchangeable battery

We know in 2016 these are rarity but you can always find a smartphone that allows you to change its battery. Having a bad battery life should not mean you have to buy a brand new device or spend tons of money on external chargers, this means you may just have to replace your battery. Phones such as the latest LG V20 allow you to do exactly that.

Take a look at your phone’s settings

Sometimes the solution is not to constantly charge up your phone. It is more about finding out what drains it and eliminating it. All smartphones have the capability of monitoring battery usage and determining what causes the short or inconsistent battery life of your device. If you see an app that uses up the majority of your battery but you barely use, just delete it – it clogs up your phone’s memory and drains your battery. You don’t need this kind of negativity in your life. Many times apps have background processes that use not only your battery life but your data – always keep an eye on the ‘Settings > Battery’ section of your mobile device.

The post 5 Tips to make your Cell phone battery last longer. appeared first on Panda Security Mediacenter.

Panda Security

How to tell if your Wi-Fi network has been hacked

Leave a comment

Wi-Fi networking is absolutely essential to the modern home. From smartphones to games consoles to intelligent thermostats like Nest, virtually every appliance now requires a wireless internet connection.

As a result, there is all kinds of valuable information being transmitted across your Wi-Fi network – credit card numbers, passwords and sensitive photos and files. Which makes your network a natural target for cybercriminals.

Introducing drive-by hacking

Because you can’t see wireless network signals, you cannot easily tell how far they reach. It is not unusual for your network to extend into the street outside your house – which provides an opportunity for hackers to get connected.

Using basic cracking tools, it is possible to bypass Wi-Fi network security in as little as 10 minutes. It may be that these hackers simply want to use your internet connection to get online – not as serious as stealing your sensitive personal information, but still stealing nonetheless.

So how do you know if your Wi-Fi network has been hacked?

The first sign that your Wi-Fi network has been compromised will probably be a general decrease in internet speeds. The more people connected to your network, the more problems you will have loading webpages or streaming videos

If you notice anything strange happening on your network, you must investigate. The first thing to check will be the Wi-Fi router itself.

The connected devices list

Log into your router using the username and password supplied when it was installed (they are often printed on a sticker on the rear of the unit). The specifics for each router are different, but you are looking for the Wi-Fi status page which lists all the devices that have connected, or are connected, to your network.

These details may be under a section called Attached Devices, Device List or Home Network for instance.

The list should look something like the image below (we’ve blocked out some of the most sensitive details):

pandasecurity-wifi-hacked

Have a look through the listing, looking for any devices that are unfamiliar. Any devices you don’t recognise indicate a hacker may have compromised your network security.

It is possible that some of the devices have “unfriendly” names that aren’t immediately recognisable, but which are completely legitimate. Make sure you check all of your Wi-Fi-attached devices before panicking!

Keeping Wi-Fi hackers out

There are a number of advanced techniques for improving your Wi-Fi network security, like locking down network access to pre-approved devices based on the unique MAC identifier. Far simpler, and almost as effective, is to simply choose a more robust security protocol.

The latest, most secure option is WPA2 as shown below:

pandasecurity-hacked-wifi

Just remember that if you do change the security protocol setting, you may have to reconnect all of your Wi-Fi devices – but that’s a small price to pay to prevent people cracking their way onto the network.

You should also add a second layer of security to deal with the eventuality that a hacker still manages to break in. A comprehensive security application installed on your PCs and Android phones will help prevent your personal data being stolen. This has the added benefit of blocking viruses and to protect younger members of your family from questionable web content.

Wi-Fi security is constantly evolving

you need to stay aware of what is happening on your network to keep the bad guys out. These tips will help you tell if something is wrong and help to formulate an effective response.

In the meantime, download a free trial of Panda Security to protect your PCs while you check your router.

The post How to tell if your Wi-Fi network has been hacked appeared first on Panda Security Mediacenter.

Panda Security

A phishing attack is launched every thirty seconds: 6 tips to protect yourself

Leave a comment

Phishing continues to blight the Internet and is a thorn in the side of companies around the globe. Not only is it one of the most serious problems facing any company with even a minimal activity on the Web, it is also an ever-increasing threat.

phishing-tips- panda- securitySo much so, that a recent study has revealed that in the last year alone there have been more than a million attacks of this nature. This means that on average, a phishing attack is launched every thirty seconds with the aim of defrauding companies and home-users alike. In the case of businesses, the damage inflicted by this onslaught is nothing short of dramatic: the total cost to companies around the world is in excess of 9,000 million dollars, more than 8,000 million euros at today’s exchange rate.

The total cost to companies around the world is in excess of 9,000 million dollars.

Given this situation, in addition to having proper protection, it is more important than ever that companies follow a series of recommendations to prevent falling victim to an attack that could have grave financial consequences. Checking the source of each email you receive and not accessing bank websites from links included in emails are two of the basic precautions you can take to avoid falling into the traps set by cyber-criminals.

What makes these and other similar measures so essential is the dramatic increase in phishing attacks that has taken place over the last year. In the second quarter of 2016 alone, more than half a million unique attacks were identified, that’s a 115 percent increase on the previous quarter. Moreover, the increase with respect to the same period in 2015 is even more alarming: 308 percent.

In the second quarter of the year “Phishing” attacks have been incresing in a 115 %

To counter this situation, it is essential for companies to ensure that their employees are aware that they must only enter confidential data on trusted websites which, as with all secure pages, have an address starting with HTTPS. Phishing attacks are on the rise and they are also evolving. Now, for example, not only are they aimed at identity theft on social networks or taking money from current accounts, they are also being used to steal from e-Wallets.

 

The post A phishing attack is launched every thirty seconds: 6 tips to protect yourself appeared first on Panda Security Mediacenter.

Panda Security

Spotify under fire: Are we entering a new era of malvertising?

Leave a comment

pandasecurity-antivirus-spotify

Tips to protect your personal data on online music streaming platforms like Spotify

Malvertising – yet another offspring of the online advertising, has been around since 2008. However, in 2016 we’ve been observing more and more creative ways of hackers trying to compromise your system by injecting malicious or malware-laden advertisements.
They are getting so creative that infected adverts are no longer a threat that comes only from questionable torrent websites.

There are reported cases of malicious codes being able to sneak up into your devices from reputable online advertising networks and webpages. A few days ago even Google acknowledged a fault in their Chrome browser – as reported by Ars Technica, over a two-month span starting in August 2016, a malicious advertising campaign downloaded the Banker.AndroidOS.Svpeng banking trojan on about 318,000 android devices. Even though the malicious installation files were not automatically executed, they have been named names such last-browser-update.apk and WhatsApp.apk – file names that could have been easily mistaken for legitimate ones.

Spotify was recently under fire too – multiple sources such as Engaged confirmed some listeners got not just free music but malicious code too. Some of the confirmed cases state files didn’t even have to be executed in order to cause damage. All three major platforms have been targeted – Linux, Mac and Windows. It is not yet confirmed if the code has been able to affect all three platforms.

How is this happening?

It’s not yet that hard to get unnoticed. All reputable advertising networks have strict guidelines for organizations interested on working with them. However, even though advertisers pass rigorous checks, in some cases advertisers can modify the ads after they have been approved. This is particularly easy when the ads are hosted on their own servers. Therefore, seeing a malicious ad should not surprise you and you will have to be prepared.

How do we stop it?

There is a simple way to not be a victim – remain vigilant. Hackers are after your credit card information, social security number, address and personal information. Just don’t share this information with them! Phishing tactics are getting more and more advanced and you need to stay on top of your game – here’s how;

  • Don’t be afraid to install antivirus software on your device. You don’t drive your car without a car insurance, do you? Why would you leave your cell phone, PC and/or Mac vulnerable to threads without any type of backup? The best way to know if you are being targeted is to have the software that would sound the alarm if there is any suspicious behaviour around your connected devices. Panda’s Internet Security is a must and it comes with 1 month free trial.
  • Remain vigilant – even if you are protected, phishing emails could be so well done and could take you to spoof sites that may look as good as the original ones. Always check the URL you are on and make sure you double and triple check the page location if you are being asked to provide your login details or to reset a password. You may be in the wrong place!
  • Don’t use the same password over and over again – as we reported, millions of passwords have been stolen over the last years that it is very likely your username and password are in someone’s database already. Using the same password is similar to not changing the lock after purchasing a condo, you literally don’t know who else already has a key. Don’t test it, better be safe than sorry!

The post Spotify under fire: Are we entering a new era of malvertising? appeared first on Panda Security Mediacenter.

Panda Security

Searching for celebrity news on Google can be dangerous for your computer

Leave a comment

celebrites-malware-panda-security

Something as apparently inoffensive as employees keeping up with the lives of ‘celebs’ on the Internet could be far more dangerous than you think for your company’s IT systems. Whether you like it or not, some employees take advantage of dead time (and not-so-dead time) to look for all the latest gossip and news on the Web.

There may not be anything too risky about reading reputable newspapers online to see the latest news or check out your team’s results (although there have been cases of malware-laden ads in online newspapers). However, gossip columns and other celebrity stories have become a serious threat for the security of computers and mobile devices.

Cyber-criminals are well aware of the interest generated by the lives of the stars, which is why they have come up with specific strategies to bait users into downloading malicious programs on their computers when they access this content.

Cyber-criminals are well-aware of the interest generated by the lives of the stars.

The first step that the average user takes when looking for information about celebs is to ask Google. Yet some searches are more risky than others. Some famous people and related events offer more potential for attackers, as was the case recently with Brad Pitt and Angelina Jolie after their separation became public.

New film or music releases are also a popular weapon for criminals whose aim is to infect users’ computers and devices looking for passwords and other confidential information. Whenever a new story breaks, searches related to those involved increase dramatically and it becomes easier to infect users with malware hidden on malicious websites with related stories.

New film or music releases are also a popular weapon for criminals.

In order to minimize the threat, apart from having an efficient policy for controlling the way your employees use your company’s devices, the most effective measure is awareness. Firstly, your company’s workers should learn to distinguish between trusted pages and those that could potentially be used by criminals to infiltrate your systems. They should also avoid any links to illegal downloads, whether direct or via ‘torrent’ (highly in demand when a new film or song is released).

Of course, you can get an additional guarantee of protection against malware that exploits users’ fascination with celebrity news by having a security solution to protect all your devices, such as Panda Security’s corporate solutions.

The post Searching for celebrity news on Google can be dangerous for your computer appeared first on Panda Security Mediacenter.

Panda Security

Black Mirror – How much is already real?

Leave a comment

pandasecurity-black-mirror-threats
Warning – the following article may contain spoilers

What it’s true of Black Mirror?

Charlton Brooker’s Black Mirror television series has become something of a phenomenon thanks to its almost prophetic predictions about society and technology. Set in the very near future, Black Mirror borrows technology stories from the media, and imagines the worst possible outcomes to create a bleak view of the world that we are creating today.

What makes Black Mirror so compelling is that the storylines are simultaneously outlandish and plausible. More impressive is the fact that some of the predictions have actually come true.

As the third season of Black Mirror airs on Netflix, it’s time to consider how close to reality the latest round of predictions really are.

Episode 3 – Shut up and dance

Hackers take control of a Kenny’s laptop, and use the webcam to secretly film him in a compromising situation. Kenny then receives a string of ransom texts to his phone, demanding he follow the supplied instructions or risk the embarrassing video being leaked to his friends, family and the rest of the world online.

The reality is that malware already exists to hack into computers, activating the web cam remotely. And like most malware, you probably won’t even notice anything is wrong until you receive a ransom demand or similar.

To prevent being spied on, some people take the extreme step of taping over their webcam – a method favoured by Facebook CEO Mark Zuckerberg.

Just as effective (and much easier to manage) is to protect your computer with a robust antivirus application like Panda Security that can detect and block malware before it can install itself.

Episode 6 – Hated in the nation

The Metropolitan Police investigate the brutal murder of a journalist in London. All the evidence seems to point to the woman’s husband, but of the detectives assigned to the case suspects that social media may also play a part.

As more deaths follow, it is discovered that a swarm of robot bees has been programmed to kill anyone trending online with the hashtag #DeathTo. The mob mentality of social media users is unwittingly singling out individuals for death.

The robot bees may not yet exist, but the vicious hashtags that accompany each attack in Black Mirror certainly do. Cyberbullying is widespread, and really does cause lasting damage to the victim, leading to stress, depression and, in extreme cases, suicide.

Online bots that respond to trending hashtags already exist, helping to spread viral messages, or trigger specific actions for companies that monitor social media. The artificial “intelligence” to drive a swarm of robot bees is ready, even if the technology is not.

To avoid attracting the attention of trolls online, parents should consider installing a comprehensive internet security package like Panda Gold Protection (you can download a free trial here). This will allow you to block access to sensitive sites – including social media – protecting your family against simple, unintentional mistakes becoming headline (life-threatening) news.

Horrifyingly close to reality

Black Mirror makes for uncomfortable viewing – mainly because it is so close to the reality we know. The dire outcomes of each episode are just realistic enough to create a terrifying view of the future. Fortunately you can avoid starting some of these chains of events with some effective internet security software.

For more help and advice about staying safe online, please get in touch.

The post Black Mirror – How much is already real? appeared first on Panda Security Mediacenter.