Tag Archives: News

Panda Security

Insiders, their costumes are so good you won’t even recognize them.

halloween panda securityKnock knock! Trick or treat! Companies and cybercriminals play the same game. You could be opening back doors to cybercriminals this year, without even knowing it. You’ll lose this game if you don’t fight back. Ransomware attacks will capture your documents and the attackers will be expecting a big juicy reward (if you want your files back, that is). This Halloween, beware!

An insider could already be hiding within company walls, brewing up trouble. A recent study shows that 60% of attacks perpetrated in businesses were carried out from inside the workplace. From undercover spies to terrorism gangs to disgruntled employees that steal top-secret information. Double, double toil and trouble…

And what about you? What type of Insider are you?

gohst panda securityAttacks by staff with privileged access represents one of the greatest threats for the security of the corporate information and data of your customers. Research conducted by Ponemon Institute indicate that hackers and criminal insiders are the main culprits of the security holes and data breaches. Three quarters of these attacks are ill intended, and one quarter of them are accidently carried out by employees without bad intention.

This year, the global cost of the infractions carried out by insiders with bad intentions is 154 euros per capita, much higher than the cost of infractions caused by system errors and involuntary offenses (about 125 euros and 120 euros per capita).

A history of perfect crimes

wolfman panda securityAt the beginning of this month, an employee from the US government, Harold Thomas Martin, was accused of stealing classified information related to the NSA (National Security Agency). Let’s not forget the Edward Snowden leak from three years ago.

Shalom Bilik, who was subcontracted for computer system maintenance for Israel’s Ministry of Social Security and Welfare, accessed a database and stole information pertaining to 9 million Israeli citizens so he could sell it later on the black market.

Even Dropbox couldn’t escape from the insiders, when a cybercriminal stole data pertaining to more than 500 million users thanks to a negligence of an employee. It happened this time because of the carelessness of a Dropbox employee. The cybercriminals were able to obtain his LinkedIn password, which was the same one he used for saving files in the Dropbox Cloud. Stored in the cloud was a work document that contained a long list of email addresses. Access to more than 500 million users? What a treat for criminals who want to trick users with massive same campaigns.

Some tips to keep you protected from internal threats

  1. freddy panda securityStart using a cybersecurity solution that has advanced protection features, and that also has the capacity to detect and remedy possible threats.
  2. Lack of control over what happens in all devices and systems is a common point in all analyzed attacks. What will help us is a tool that’s capable of controlling all active processes on every device connected to the corporate network.
  3. Revise personnel policies and control systems in order to adjust to privacy requirements and adapt them to the technology that’s available.
  4. Keep your operating systems updated and programs on all of your company’s devices.

Make sure that Halloween only comes once a year. Manage, control and protect your information against advanced threats with Panda Solutions for Companies.

The post Insiders, their costumes are so good you won’t even recognize them. appeared first on Panda Security Mediacenter.

Panda Security

(In)Security Cameras

camera panda security

When security cameras are more like a hole than a protecting Wall, you have a problem. Cameras are a double-edged sword and webcams are the perfect example of that: they allow people to keep in touch with their loved ones and help companies hold meetings regardless of the distance between participants. However, even Mark Zuckerberg covers his laptop camera for security reasons in order to avoid being spied on. The danger in this case seems obvious, but our laptop cameras are not the only ones that pose a certain risk.

Many companies use video surveillance systems, and security cameras obviously play a key part in those systems. Watching the areas that surround a company’s premises to prevent theft or try to identify potential trespassers is something essential for any organization. However, a network of surveillance cameras can also become a threat if attackers find a vulnerability in it.

This has been shown by a recent study carried out by a team of Hungarian researchers who found multiple vulnerabilities in the cameras of Taiwanese CCTV manufacturer AVTECH. These flaws could pose many risks to companies entrusting their business security to this maker’s devices if connected to the Internet.

Security, step-by-step

First, the cloud that these cameras connect to in order to sync data does not use the HTTPS protocol to secure transmissions. As a result, any cyber-criminal could be able to access the footage captured by the CCTV cameras, which could also be downloaded without needing to enter a username and password.

This way, an attacker with the necessary knowledge could obtain the images taken by a company’s video surveillance system, and use that information for more dangerous activities. They could use that information to, for example, find out the exact location of the security personnel at any time, find out if there are employees on the premises or if the place is empty, and even use the cameras to view passwords and confidential data.

In addition to the severity of the flaws, what really surprises us is the fact that AVTECH has not given any kind of explanation about the vulnerabilities discovered or any potential fixes. Obviously, any organization thats use surveillance products must be able to trust them as well as the makers that provide them, something that seems extremely difficult in this case.

Even though it’s true that any surveillance system can have its flaws, there are steps that can be taken to reduce the risk to businesses: do not connect video surveillance devices to the Internet, and keep your devices’ firmware always up to date.

The post (In)Security Cameras appeared first on Panda Security Mediacenter.

Panda Security

Facebook banned to stop collecting users data on WhatsApp

Facebook banned to stop collecting users data on WhatsApp

Facebook banned from gathering Whatsapp users data in Germany

To help better serve users of the WhatsApp messaging app, Facebook recently implemented a number of changes to the terms and conditions associated with the service. The new policy addresses information sharing between WhatsApp and Facebook – anyone who continues to use the app agrees to having some of their personal data sent back to Facebook for analysis and marketing purposes.

Concerned about potential abuses of this new sharing agreement, a German regulator has stepped in, forcing Facebook to put their plans on hold. Facebook has been ordered to stop sharing the information of their German users. They have also been forced to delete any data that has already been transferred from WhatsApp.

According to the data commissioner for Hamburg who issued the stop order, the 30 million German people currently using WhatsApp should have the option of whether or not they want to connect their account to Facebook. By forcing every WhatsApp user to make the link, users are deprived of the choice.

Which is apparently illegal under German data protection laws.

What is Facebook doing?

According to the new user agreement, Facebook is collecting a few specific details from WhatsApp – the names and numbers of people contained in your address book, who you call, and how long you speak for. They claim that this information can then be used to put WhatsApp users in touch with “relevant” businesses, and to help improve suggested friend recommendations on the Facebook social network.

Facebook has assured users that they will not be selling these details to advertisers, or sharing personal data publicly.

Don’t panic yet

WhatsApp and Facebook have stated that their data collection and sharing programmes are entirely legal – both at EU and local government levels. But following the German announcement, information commissioners in the UK and the US have also voiced concerns about the deal. Neither has yet confirmed whether there will be any further investigations or sanctions however.

For WhatsApp users, this all sounds pretty scary. Facebook’s disclosure seems fairly straightforward – but government reactions reveal the complexities of managing and controlling personal data in the social media age.

It is extremely important to note that neither WhatsApp nor Facebook have access to your calls or messages sent using the app however. Every communication is encrypted between you and the recipient so no one, including Facebook, can listen in.

Which means that even if Facebook changes their data sharing policies again in future, your most sensitive conversations will not be used in any way.

Time to tighten control of your personal data

The WhatsApp data sharing row is a timely reminder that your personal data is valuable, and it is being shared between providers. If you haven’t read every word of the terms and conditions for every app installed on your smartphone, you probably don’t know which are doing it though.
You can regain some of that control using Panda Mobile Security. This Android anti-virus app not only detects malware, but it also allows you to control the data access permissions for every app you have installed. You can control who can access your data, reducing the risk of becoming a victim of identity theft – or the target of determined advertisers and sales people!

The post Facebook banned to stop collecting users data on WhatsApp appeared first on Panda Security Mediacenter.

Panda Security

The Antifraud Card of the Future!

credit card

Whether you usually use a personal or corporate credit card, anyone can be the victim of a data breach. Criminals can easily use a phishing attack to take your card number, PIN and even the security code on the back of your card. What’s worse is that they’re so quick! By the time you’ve discovered the theft, it will be too late. Even if your company quickly cancels the card, you will already have some serious problems… the thief will have already spent your hard earned cash.

These kind of attacks happen more often than you think. In the first half of 2016 there were more than a million cases of financial fraud with the objective of robbing credit card data. This statistic is worrisome, without a doubt, especially considering that this number doubled the results from 2015.

This is where Motion Code steps in. This new technology was developed by the French company Oberthur and will revolutionize the way we make purchases. Its goal is pretty simple: to preserve your security by changing the security code on the back of your credit card, constantly.

How will they do this exactly? Well, unlike the cards we use now that have a tiny rectangle on the back with three secret numbers, Oberthur has proposed a solution: they want to substitute this rectangle with a small screen that changes the numbers every hour. At first glance, the credit cards are exactly the same, but instead of the security code changing every three years, the numbers change every hour.

This means that the cybercriminal won’t be able to steal a dime: by the time a phishing attack is completed and the data is stolen, the screen will have changed and the whole scheme will be a complete waste of time for the criminal.

It may be inconvenient for your employees to use these cards because they will no longer be able to memorize the security code on the back. But really, who cares? They will have to check the security code every time they use it, but this smallest effort could also bring them the most security benefits in your company.

The post The Antifraud Card of the Future! appeared first on Panda Security Mediacenter.

Panda Security

The Internet collapses, brings the world to a halt for a few hours

 

young man with glasses sitting in front of his computer, programming. the code he is working on (CSS) can be seen through the screen.

A massive cyber-attack against US DNS service provider Dyn knocked out major websites across the Internet last Friday. The attack shut down several websites, including Netflix, Twitter, Amazon and The New York Times. The Internet service was disrupted for almost 11 hours, affecting more than one billion customers around the world.

Cyber crooks are always looking for ways to exploit the latest, most innovative technologies to carry out attacks like those we saw just a few hours ago. Are we in the Age of Internet Attacks? The latest PandaLabs Quarterly Report already warned of the huge number of large-scale distributed denial-of-service (DDoS) attacks that have been occurring over the last few months, and the way many of them are exploiting botnets made up of not only computers but also smart devices like IP cameras.

The recent DDoS attacks reflect the new approach taken by Black Hat hackers when it comes to launching new, more devastating campaigns that combine everyday devices and malware to form highly dangerous armies ready to launch DDoS attacks.

Probing Internet defenses

Just one month ago, security guru Bruce Schneier, published an article with the most revealing title: ‘Someone Is Learning How to Take Down the Internet.’

The recent examples of denial-of-service attacks flood servers with useless traffic that overburdens Internet bandwidth and prevents legitimate users from accessing targeted sites. Attacked servers become saturated with the huge number of requests.

The article explained that the best way to take down the Internet is through a DDoS attack like the one suffered by Dyn, and how some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks, in what seems to be an strategy to gather information and see how well these companies can defend themselves.

A few weeks ago, the website of Brian Krebs, a US journalist specialized in computer security issues, was taken offline as he fell victim to the largest DDoS attack to date. He was only able to go back online after Google came to the rescue.

This attack adds to the list of those suffered by a number of tech giants over the last few months, such as the hack of 500 million Yahoo accounts back in September, or the theft of 60 million  Dropbox user IDs and 100 million LinkedIn passwords.

It is precisely the success of the Internet, with billions of connected devices worldwide, that makes it so appealing to criminals willing to exploit its vulnerabilities. Many of these devices lack basic security measures, making them easy prey for hackers and, in this context, any organization, media company or social networking service can become the victim of the next attack.

 

The post The Internet collapses, brings the world to a halt for a few hours appeared first on Panda Security Mediacenter.

Panda Security

Cybercrime Reaches New Heights in the Third Quarter

pandalabs-q3-header

Cybercrime isn’t slowing down anytime soon. This quarter, cybercriminals were increasingly more ingenious, using innovative technologies and new tools to spread their wares. According to the PandaLabs report, 18 million new malware samples were captured in this quarter alone, an average of 200,000 each day.

The wave of sophisticated attacks used this quarter confirm that Ransomware attacks and the theft of data (that is sold on the black market) are the most-used tactics this quarter. We also witnessed increasing DDoS attacks, interference with the Internet of Things (such as connect cars), along with a new kind of ransomware attacks that are focused on iOs-based mobile devices.

Ransomware and the Evolution of Cybercrime

According to the National Crime Agency of the United Kingdom, cybercrime currently makes up more than 50% of the crimes committed in the UK.

graphs_hacker

In addition to the traditional infection techniques via exploits and spam, there are some other extremely effective techniques, specifically directed at businesses. We saw this in September when a group of attackers successfully installed the Crysis ransomware on a French company’s server.

graphs_imgtexto-videojuegos

Cybercriminals struck gold when they started compromising game sites. Millions of people have been victims of these kinds of attacks including users of the pornographic website Brazzers, who suffered a security breach where 800,000 users’ data was stolen.

graphs_imgtexto-tpv

 

PunkeyPOS and PosCardStealer have become the biggest nightmare for Point of Sale terminals in establishments, mainly in the United States, and compromised client credit and debit card data.

graphs_imgtexto-banco

In August, SWIFT released a statement that revealed that many attacks similar to the Bangladesh one are taking place. They did not include exact amount stolen and number of attacked banks in their statement. What is mentioned, however, is that these financial entities did not have adequate security measures in place.

graphs_imgtexto-troyano

Lately, the ransomware attacks on iPhones and iPads are increasing. But in contrast to their Windows counterparts, the cybercriminals do not use malware for these attacks. Instead, they use the victim’s AppleID and password (usually obtained through phishing) to ask for a reward from the “Find my IPhone” application.

If you would like to learn more about the biggest data thefts in history (like the recent attacks on Yahoo and Dropbox), stay updated about the latest DDos attacks, learn more about the hackable IoT devices, or stay informed about the cyberwar evolution, please download our quarterly PandaLabs report.

 

Download PandaLabs Report Q3:

International Edition
flag_of_russia-svg Russian Edition

 

The post Cybercrime Reaches New Heights in the Third Quarter appeared first on Panda Security Mediacenter.

Panda Security

US presidential debates and cyber security.

pandasecurity-us-election-cyber-security

What we’ve learned from the first two debates and what to expect from the last one?

One of the major questions discussed during the 1st presidential debate between Donald Trump and Hillary Clinton was about cyber security. We were secretly hoping that questions about cyber safety will be part of the topic list in the 2nd debate too but unfortunately this was not exactly the case.
Discussions around Donald Trump’s recently leaked “locker room talk” recording ended up being a bit more entertaining for the moderators than the cyber future of the free world. However, we hope the cyber security topic will be discussed again in the third and final presidential debate scheduled for later today.

The next president of the United States of America will have to make some hard decisions. See what they are below;

Government and private institutions are under attack!

Both candidates admitted that there is a 21st century war that is happening right now and right here in the USA. Even though that USA is certainly one of the dominating powers in this area, secrets are being stolen from both public and private sectors on a daily basis.

Hundreds of thousands of people and businesses are being affected by cybercrimes every year.

Who is behind it and how to tackle the problem?
According to Hillary Clinton, the threat is coming from organized cyber gangs as well as states. Even though there is no hard proof, there’s been speculation that North Korea, Iran, Russia and China have been behind some of the cyber-attacks executed on US soil. How are these issues going to be dealt with? Stay tuned.

How dangerous are whistle-blowers?

This is the question we will most likely see tonight. Pressuring Ecuador to cut off the internet of Julian Assange is not doing USA any good. Countries such as Russia welcome whistle-blowers. Are whistle-blowers heroes protecting the first amendment or traitors? We would love to hear the thoughts of the next president of the USA.
Being president of the free world is arguably one of the toughest jobs in the world.

Just one thing is sure, the debate later today will be fierce!

The post US presidential debates and cyber security. appeared first on Panda Security Mediacenter.

Panda Security

This palm-sized device will supersize your security.

Panda-Security-ORWLWouldn’t you like to get your hands on a tough little device that will boost your business’s security? Meet ORWL, a circular computer device that is engineered to top-off your computer’s security.

A great number of companies have been victims of data leaks because of an insider or cybercriminal who had physical access to their computers or devices. Once a cybercriminal entered your computer, they can access the internals of your computer, tap and leak information, and even hide malicious eavesdropping devices.

After two years of work and a successful crowdfunding campaign, the company Design Shift has designed a device that can identify attack attempts. It prevents undetected tampering of its electrical components and, if tampering is detected, the device immediately erases all data (even when the device is unplugged).

It also acts like a safe vault for your information, only allowing access to your system once the device is unlocked with both a physical key and a password. If the physical key is far from the device, the USB ports automatically deactivate, preventing a cybercriminal with physical access to infect it with malware. ORWL also verifies the integrity of all firmware prior to boot, using a battery-backed secure microcontroller. ORWL isn’t just robust, it’s pretty much impenetrable.

This super-secure computer is complex, but it’s also an open source product, and its inner workings are available for everyone to see.

We continue to witness a large number of sophisticated cyberattacks on banks and ATMs due to a combination of system vulnerabilities and insiders with physical access.  ORWL answers a large part of our problems in terms of physical attacks. In respect to software, which is always a weak point, you can ensure your security and make yourself indispensable with the right kind of solution.

 

 

 

 

The post This palm-sized device will supersize your security. appeared first on Panda Security Mediacenter.