Tag Archives: Mobile News

Point of Sale attacks through Terminal Server

img-tpvs

Some months ago we published a technical analysis of Multigrain, a Point of Sale Trojan that uses DNS petitions in order to exfiltrate stolen information. We also wrote about one case where this PoS malware was used to infect hundreds of restaurants in the United States.

At the end of September we have seen again activity, with new attacks infecting PoS with new Multigrain variants. However, unlike this previous attack that was targeting the same kind of victims in a region (restaurants in the US) now it looks like cybercriminals are trying to find new fields where they can maximize their profit. We have seen 2 waves of attacks which victims were companies from a number of countries:

  • Argentina
  • Belgium
  • Brazil
  • Chile
  • France
  • Germany
  • India
  • Ireland
  • Norway
  • Spain
  • Sweden
  • Thailand
  • UK
  • USA

They were from different industries, including the typical restaurants and hotels, but also others not that common in these attacks: Telecommunications, Business IT Services, Engineering, Cargo Insurance, Medical Services, Logistics, Accountants, Medical Services, Unions, Engineering and Industrial Machinery Suppliers.

Why the disparity in victim profiles? It looks like the attackers were not looking for these specific industries. All attacks have been perpetrated through Terminal Server, similar to what we have seen in other cases, using brute-force attacks until they can break into the computers and infect them with Multigrain. These are automated attacks, where cybercriminals start scanning the Internet looking for potential victims, and once located they launch the attack until they gain access.

Tips to prevent attacks in companies

In order to minimize the risk, companies must remember that these services, when possible, are better out of the Internet. In case there is a need for them to be in the open, be sure to use strong credentials (with a strong enough password you can basically avoid brute-force attacks), to use 2FA when possible, use non-standard ports and of course monitor all incoming connections from the outside.

 

The post Point of Sale attacks through Terminal Server appeared first on Panda Security Mediacenter.

How to keep your kids away from dangerous websites

When used correctly, the Internet is an amazing learning resource for your children. But just like any other “open” communications platform, there’s a lot of unsuitable content out there.

As a parent, you want your kids to get the most enjoyment and education from their time online. But you also want to limit access to illegal or undesirable content – at least until you are sure they have the skills needed to protect themselves online.

So which sites present a danger to your kids, and what can you do about them?

Social networking sites

Social media has taken the world by storm – and your kids want to get involved too. But there’s a reason that Facebook, Twitter and Instagram insist that their users must be aged at least 14 – there’s a lot of unsavoury content out there.

Despite this age restriction, many kids are lying about their age and signing up anyway. Which means they are opening themselves to unsuitable content or approaches by criminals.

The most effective way to prevent these problems is to simply block access to social network sites. The Panda Gold Protection antivirus allows you to do just this on your family’s computers.

Warez and torrents

Software piracy is a major problem as criminals share games, videos and software online illegally. Downloading these files – sometimes called ‘warez’ – is completely illegal and could see you prosecuted in court.

It is not unusual for these files to be compromised with malware either. Malware that can steal your personal data, or destroy your computer.

It is vitally important that you prevent access to warez sites, as well as those listing torrents – the tool used to download these files. Your

You should seriously consider blocking access to illegal content for the adults in your house as well the children!

Chat and unrestricted message boards

Online communities aimed at kids, like Club Penguin and Minecraft, tend to be very proactive at detecting and blocking adults who attempt to use the platform for grooming and exploitation. Other “open” forums are not so well managed.

Sites like Omegle and ChatRoulette are notorious for problems for instance. Users are connected randomly for text and video chat – so you have no idea who your kids are talking to – or what they might see. And the same is true of virtually any open chat forum.

Again, you should help your kids understand where to find “safe” online communities, and to avoid those that could be dangerous. You can back this up by blocking access to unmoderated sites, or which are simply unsuitable for children.

Managing access isn’t as hard as it sounds

Blocking access to dangerous sites sounds time consuming and difficult – but with the right internet security tool, the process is actually very easy.

Panda Gold Protection gives you a number of topics, and you simply select the list that applies. So if you want to stop kids accessing sites about tobacco and smoking, you apply that list to your account.

These block lists are centrally managed, and updated regularly. So as new sites and services become available, they are blocked automatically. And once you are sure your kids are mature enough, you simply deselect the lists to restore access.

Need to know more? Ask us a question.

The post How to keep your kids away from dangerous websites appeared first on Panda Security Mediacenter.

US presidential debates and cyber security.

pandasecurity-us-election-cyber-security

What we’ve learned from the first two debates and what to expect from the last one?

One of the major questions discussed during the 1st presidential debate between Donald Trump and Hillary Clinton was about cyber security. We were secretly hoping that questions about cyber safety will be part of the topic list in the 2nd debate too but unfortunately this was not exactly the case.
Discussions around Donald Trump’s recently leaked “locker room talk” recording ended up being a bit more entertaining for the moderators than the cyber future of the free world. However, we hope the cyber security topic will be discussed again in the third and final presidential debate scheduled for later today.

The next president of the United States of America will have to make some hard decisions. See what they are below;

Government and private institutions are under attack!

Both candidates admitted that there is a 21st century war that is happening right now and right here in the USA. Even though that USA is certainly one of the dominating powers in this area, secrets are being stolen from both public and private sectors on a daily basis.

Hundreds of thousands of people and businesses are being affected by cybercrimes every year.

Who is behind it and how to tackle the problem?
According to Hillary Clinton, the threat is coming from organized cyber gangs as well as states. Even though there is no hard proof, there’s been speculation that North Korea, Iran, Russia and China have been behind some of the cyber-attacks executed on US soil. How are these issues going to be dealt with? Stay tuned.

How dangerous are whistle-blowers?

This is the question we will most likely see tonight. Pressuring Ecuador to cut off the internet of Julian Assange is not doing USA any good. Countries such as Russia welcome whistle-blowers. Are whistle-blowers heroes protecting the first amendment or traitors? We would love to hear the thoughts of the next president of the USA.
Being president of the free world is arguably one of the toughest jobs in the world.

Just one thing is sure, the debate later today will be fierce!

The post US presidential debates and cyber security. appeared first on Panda Security Mediacenter.

Which are the best mobile messaging apps?

pandasecurity-best-mobile-messaging-apps
There are dozens of messaging apps available for your smartphone, each with its own strong points. This guide will help you understand which are the best – and how to use each one securely.

Best for – Apple users

Built into every iPhone and iPad as standard, Apple’s iMessage app is a safe and secure tool for staying in touch with friends and family. You can send text, photos and videos quickly and easily – and your messages are encrypted to prevent people snooping on them.

The only drawback is that iMessage only works on Apple devices. So if your friends have Android handsets, you won’t be able to contact them this way.

Staying safe: Make sure you have a passcode enabled on your phone. You should also consider disabling the message preview on your lock screen.

Best for – picture messages

Despite the controversy about how teens may be using the app to send inappropriate pictures, Snapchat remains a useful tool for picture messaging. You can add sketches or text to your photos to make sure people understand your messages.

Snapchat is available on iOS and Android, so you can stay in touch with all your friends.

Staying safe: Just because Snapchat deletes your pictures automatically, don’t assume that they cannot be recovered or saved. Think very carefully about the potential consequences before sending explicit or embarrassing snaps.

Best for – the most users

An add-on service to the social network, Facebook Messenger boasts well over a million users. So if your friends have a Facebook account, they will also be available on Messenger.

Facebook Messenger is available on iOS, Android, Windows Mobile and Blackberry smartphones, as well as any internet connected PC. You can also make voice and video calls using the app.

If you really need the message to get through, Facebook Messenger is a great option.

Staying safe: Facebook has added end-to-end encryption to Messenger, but it is not enabled by default. You must switch this feature on to prevent your messages being intercepted – and to stop Facebook snooping on your conversations.

Best for all-round connections

It may seem like it sometimes, but not everyone has a smartphone. Although you can always rely on traditional SMS, the messaging cost can quickly escalate.

WhatsApp uses your phone’s data connection, allowing you to message with your data allowance, or when connected to a WiFi network. As well as being available on all the major smartphone platforms, the app can also be installed on older/less powerful devices running Symbian. Which means you can message even more people – for free.

So if your friends are resistant to technology, WhatsApp could be what you need to stay in touch.

Staying safe: WhatsApp has struggled with security problems in the past, so you will need to have an additional tool to identify potential problems and block malware/loopholes. Panda’s Mobile Security toolkit can help provide that cover. You should also check to make sure that end-to-end encryption has been enabled, and that you have disabled data sharing with Facebook to protect your privacy.

Staying connected – and safe

These messaging apps will help you stay connected. And when it comes to staying safe, a little common sense goes a long way:

• Always make sure your phone is protected with a pass code.
• Never share information that is sensitive or embarrassing.
• Install a security app to prevent malware or hackers from stealing your data

And that’s it. Have fun!

The post Which are the best mobile messaging apps? appeared first on Panda Security Mediacenter.

Bye Bye BlackBerry. There’s a new kind of smartphone security.

BlackBerry

BlackBerry used to define the Smartphone sphere. Once popular for its physical keyboard and exclusive-for-users IM service, now BlackBerry has been left out in the cold. The Canadian company recently announced that they will no longer make the devices. However, they will continue to market the phones that will be manufactured by other companies. So, why buy a BlackBerry in 2016?

Because they’ve got an incredible reputation for security (as a matter of fact, many government officials use BlackBerry devices for that reason). In 2000 the brand was known as Research In Motion (RIM) and offered Subscription-based emailing. At this time, all emails sent and received by BlackBerry phones had to pass through highly-protected servers. This means that an attacker wouldn’t be able to intercept the phone’s messages. This encryption measure is pretty common in today’s phones, but it wasn’t 16 years ago.

User security remains a priority for BlackBerry. They have hardened security in their newest model, the DTEK50– a Smartphone manufactured by Alcatel that’s running on Android.

The phone is also named “the smartest smartphone in the world” and has a number of security-related features. This super secure Smartphone encrypts its users’ photographs, bank information and also uses the software necessary to store passwords safely. It also notifies its owners if someone uses the camera remotely to take photos or videos, or if the microphone is being used to record conversations.  

Most businesses think about security when building their IT infrastructure. By focusing exclusively on the corporate environment, BlackBerry is going back to its roots, and for good reason: it doesn’t matter who continues to make BlackBerry phones, the company still promises to enforce the strongest security possible.

 

The post Bye Bye BlackBerry. There’s a new kind of smartphone security. appeared first on Panda Security Mediacenter.

No password? You’re asking to be hacked.

75 million smartphones in the US don’t have their passwords set on

TransUnion’s latest Cyber Security Survey confirmed that Americans who feel extremely or very concerned about cyber threats have increased 20 percent since last year – from 46 percent in 2015 to 55 percent in 2016. Fears are legitimate – hacking and cyber security have even become one of the main topics in the presidential debates between Donald Trump and Hillary Clinton.

If you think this is surprising keep reading, the most shocking part of the survey is not the fact that its’ findings confirm the notion that we are constantly under cyber danger/attack – we already know that. The most shocking part is the facts that despite the increasing fear, nearly 50% of the participants admit that they don’t take actions to protect their content.

Nearly half of the people who participated in the survey admitted they don’t lock their phones with a password.

Let us translate this for you – currently there are nearly 320 million people legally living in the USA with about 225 million of them being adults. More than two thirds of the adults living in the US have smartphones. If the statistics are right, a quick math shows there are more than 75 million people in the US whose smartphones don’t have their passcodes set on. This is scary! This means two out of the three Kardashians don’t have passcodes on their phones! What could go wrong? We will let Kim and Kanye tell you.

What should you do?

Setup a password on your cell phone.

We all know what the consequences of identity theft are – unless you want a stranger buying a car in your name, or leasing a property in a city you’ve never heard of using your SSN, you should go find your phone and setup your password on, right now. Then add a recurring reminder on your calendar to change it frequently!

Admit the problem.

The threat is real and hundreds of thousands of peoples’ lives are being ruined by hackers stealing their precious information. Having a lock on your phone might be a good beginning but it does not solve your problem entirely.

Find a solution that works best for you.

The option we recommend is Panda Security Antivirus.Downloading your copy of Panda Security antivirus will protect you from getting your email hacked, and it will keep your credit cards, personal information and cell phone safe.

According to TransUnion about 1 million people will call TransUnion Fraud Victim Assistance Department in 2016. Let’s hold hands together, be more protective of our personal information and decrease the number of calls they get by practicing common sense. It’s natural to want to protect ourselves, but it is hard to wish to protect what we have if we don’t realize that the threat is real. The most astonishing results come from taking practical, protective actions before things go wrong. Let’s not get to the point where we are in need of calling the fraud department by acting now and protecting our personal information early rather than late.

The post No password? You’re asking to be hacked. appeared first on Panda Security Mediacenter.

They can remotely access and control my computer?

trojans panda security

We are always talking about ransomware and the importance of keeping your corporate network protected, and we want to warn our readers about the popular Trojan attacks that are going after small and medium sized businesses. But how do you know when it’s a Trojan? How can you secure yourself against Trojans?

5 Things You Should Know

  1. They are malicious software programs designed to rob information or take control of the computer. These attacks target businesses that manage top-secret information.
  2. Trojans are the most popular type of malware and have been for years. Running closely behind them is Ransomware.
  3. Trojans seem harmless but as soon as they are executed they will damage systems and steal information.
  4. Most of them create backdoors and give unauthorized users remote access and control over your system…but they go unnoticed!
  5. Trojan horse: The professional trickster. It disguises itself as something its not.

trojans infographicTrojans: Topping the Charts

Trojans make up the majority of the 227,000 malware samples that are detected daily by PandaLabs. Month after month, they continue to be in first place as the most created malware.

Increasing since the second quarter of 2016, Trojans currently make up 66.81% of the new malware samples created this quarter. Viruses make up 15.98% (Worms 11.01%, PUPs 4.22% and Adware/Spyware at 1.98%).

What do their creators want to achieve?

  • Steal personal and corporate information: bank information, passwords, security codes, etc.
  • Take photos with webcams, if there are any!
  • Erase the hard-drive.
  • Capture incoming and outgoing text messages.
  • Seize the call registry.
  • Access (consult, eliminate and modify) the address book.
  • Make calls and send SMS messages.
  • Use the GPS to figure out the geographic location of the device.

How can we protect ourselves from Trojans?

 Avoid downloading content from unfamiliar websites or sites with dubious reputations.

– Monitor downloads from p2p applications.

– Keep your advanced security solution updated. Install one of the Panda Solutions for Companies that best adapts to you and protect yourself from these dangers.

– Analyze your computer for free and make sure it’s Trojan free.

The post They can remotely access and control my computer? appeared first on Panda Security Mediacenter.

Android malware surges again

panda-security-android-malware

For most people, their smartphone has become the most important gateway to the internet. We use our phones to check facts on the move, plan journeys, update shopping lists and check our bank balance.

Simple-to-use apps have put information and services at our fingertips. In fact, the world now uses smartphones and tablets online more than any traditional computers and laptops.

So it’s no surprise that hackers and cybercriminals have turned their attentions to attacking your smartphone.

The Android factor

The relatively low cost of Android-powered smartphones, has helped the mobile operating system establish a significant majority of the mobile market. Android handsets outnumber iPhones by nearly 9 to 1 for instance.

This, coupled with the relative ease of crafting malware for the Android platform, has seen a massive increase in mobile attacks. In July this year, an estimated 10 million Android phones were infected with malware that spied on their owners for instance.

The problem has become steadily worse over time. In January 2013, AV-TEST database of malicious Android apps contained less than 500,000 examples. By August 2016, the total topped 16 million as the number of new malware variants released continues to grow.

pandasecurity-av-test

The open nature of Android that allows anyone to create software and access key system resources – seen by many as one of the operating system’s strengths – makes it even easier for hackers to create malware and infect phones. This problem is compounded by the infrequency of software updates to patch these vulnerabilities, leaving Android users at risks for months.

Protecting your Android handset against malware

Just like your PC, you have the responsibility for keeping malware from being installed on your phone. There are however a few easy steps to counter the most obvious risks.

1. Always use an official app store

The Google Play app store is the largest, and most trustworthy source of apps for your phone. All of the apps available there have been checked to ensure they do not contain malware, so you should be safe installing them.

Other app stores or websites are not so stringent, so there is a much higher risk of infection when using them.

2. Treat email with caution

Email has been a particularly effective way of installing malware on PCs, so cybercriminals use many of the same techniques on your phone. Always treat email attachments with caution, and never open anything that looks suspicious.

And if you are prompted to download software unexpectedly, there’s a reasonable chance that someone is trying to trick you into installing malware.

3. Consider installing an ad blocker

Malware can sometimes be downloaded and installed without warning via infected banner ads. Installing an ad blocker app can help prevent compromised banner ads from being displayed – which also stops malware from being downloaded.

4. Install an antivirus app

Your home PC is protected by antivirus software – and your Android smartphone needs the same level of protection. Leaving your phone open to malware installation is a serious risk – and cybercriminals will take advantage eventually.

Panda Mobile Security (also available in the trusted Google Play store) offers maximum protection against malware along with a number of useful tools should your phone be stolen. You are protected against Android viruses and information theft at all times.

Get protected now

These practical steps will help to improve your device security – and stop the most common malware attacks. And because they are simple and straightforward, you can get started right now.

To learn more about protecting your Android smartphone, please check out this guide.

The post Android malware surges again appeared first on Panda Security Mediacenter.

New WhatsApp updates: how to keep your privacy.

pandasecurity-whatsapp-updates-privacy

As the World’s most popular messaging application, WhatsApp is constantly adding new features designed to delight their 1 billion registered users. And the latest update contains a number of goodies that will delight fans of picture messaging.

This all looks very familiar…
For anyone who uses the Snapchat app, the new WhatsApp features will seem very familiar. In fact, you might say that they are identical.

WhatsApp users can now take a photo, and quickly add a sketch or some text, before sending it as a message – just like Snapchat. Or they can add emojis – that look exactly the same as those in Snapchat. There’s even several navigation gestures (zooming in an out, or switching between cameras) that are exactly the same as those used in the Snapchat app.

The reason WhatsApp have borrowed so much from Snapchat is simple – to keep people engaged with their platform. The more that people use the platform, the better able WhatsApp (and their parent company Facebook) is to profile them for advertising purposes.

And obviously people want entertaining picture messaging services – so these new features are sure to be incredibly popular

Is there a potential security risk with the new WhatsApp app?

Because of its popularity, WhatsApp has been targeted by cybercriminals many times over the years. Several times researchers and hackers have uncovered flaws in the software that allow accounts to be compromised.

Every one of these breaches has the potential to expose personal information – or to give criminals useful information for identity theft.

WhatsApp has made significant efforts to improve security, although privacy still remains doubtful because of the new data sharing agreement with Facebook. However end-to-end encryption of messages – including the new photo options – should prevent people from “listening in”.

Better safe than sorry

No matter how trusted the developer may be, you should always treat each new app (or update) with some caution. Installing an antivirus and security tool will help you see what is going on behind the scenes, how the app is using your personal data.

The WhatsApp service is known to take a copy of your entire address book and upload it to their servers for instance. WhatsApp are relatively transparent about this (they can better identify your friends who are also using their service) – but other developers are not. You should always use a tool like Panda Mobile Security to monitor exactly what’s happening on your phone.

Otherwise you might be installing software that accesses much more personal data than you expect.

You can prevent data stored on your handset from being accessed by thieves too. Panda Mobile Security allows you to lock each app with a PIN, so if you don’t enter the right code, the app cannot be opened. If someone steals your phone, they cannot view your messages and pictures.

No less secure, but a useful reminder

Because the latest update is still very new, no one has yet exposed any new WhatsApp security vulnerabilities. And even if there aren’t any problems, the release is a useful reminder of the importance of scanning new apps from malware, loopholes and suspicious data access permissions.

Download your free copy of Panda Mobile Security now – then go get creative with the new WhatsApp picture features. Have fun!

The post New WhatsApp updates: how to keep your privacy. appeared first on Panda Security Mediacenter.

Smart cities with Invisible Dangers

Smart-Cities

Smart cities are a real thing—could you live in one? Do you live in one?

Actually, a smart city is an “urban development vision” used to manage a city’s assets by integrating multiple information and communication technology (ICT) and Internet of Things (IoT) solutions within the city. A smart city’s ultimate goal is to improve the quality of life for its residents.

With just an internet connection and one of the endless number of devices available, residents can do a multitude of things like pay parking meters and purchase movie tickets.  Did your device run out of battery while you were on-the-go? Go ahead and hook up to one of your city’s many public charging stations.

Yes, a properly planned smart city can make life more convenient, but this is also a double ended sword. However convenient, in regards to internet security, it is very dangerous. At the end of any given day, there’s a high possibility that any one of these connected devices could be hacked, while criminals getaway with your top private information.

Danger wherever you look

City Bikes

The next time you take one of those public bikes for a spin, keep in mind that these electric bike stations are run by a computer… a computer that can be hacked like any other connected device. You’ll see that at each bike station there’s a small computer screen for riders to register, recharge passes, report incidents, and map the other stations in close proximity. But like any other computer, cybercriminals can use a lot of different techniques to take advantage of any vulnerability that these systems might have.

On these payment screens, in the maps section, there are various (public) sections on the platform, such as “Report an Error” “Privacy Policy” and “Terms of Use”. When these are tapped, an internet explorer window pops up. From there, the cybercriminals have access to a virtual keyboard—this will ultimately give them the power to execute those unwanted applications. This is the start of their hack—now they can access and collect info belonging to all those wanting to rent a city bike, getting their full names, verified email addresses and phone numbers. Some hackers will be able to steal customer payment data, too.

Taxis

New York City’s famous yellow taxi has jumped on the “smart experience” bandwagon. Aside from the tourist maps, Broadway ads and business cards that fill the back seat of the yellow cabs, passengers can use the tablet attached to the Plexiglas divider separating you from the driver. Go ahead and read the news during your commute, and when you arrive at your location, and make your payment from the same device.  Just remember, if a cybercriminal gets in the back of this cab he could successfully install malware and gain access to a lot of customer information. Likewise, remember to watch out for the public chargers in the taxi. Just imagine all the people whose privacy could be in danger.

We leave you with a last note, if a city wishes to become a smart city, installing these intelligent devices requires that all businesses commit to the necessary security measures to safeguard government and public privacy. Keep your citizens safe by following adequate security assurances.

 

The post Smart cities with Invisible Dangers appeared first on Panda Security Mediacenter.