UC Berkeley has revealed that it was the victim of a major cyberattack, affecting up to 80,000 current and former members of staff and students.
The post UC Berkeley hit with another cyberattack appeared first on We Live Security.
Tag Archives: News
Privacy Took Center Stage at Mobile World Congress
Privacy has been part of the Mobile Security discussion for some time now. In fact, privacy and security were both highlighted as one of the top five themes at Mobile World Congress (MWC) this year.
We and many other security providers have been offering privacy tools (like our HMA Pro VPN) for a while, however the focus and discussion around privacy was heightened this week. It was partially spurred by the Apple/FBI iPhone security discussion but was more robust than just that single (albeit interesting) data point.
There was a great turnout to both the Putting Privacy at the Core of Digital panel and to our partner event focused on Mobile Security Threats. At the panel there was a consensus that the “war on privacy” was reaching a boiling point. More and more users are becoming aware of the trade-offs and looking to take action. We can see this in the uptake of Ad Blockers, which is partly motivated by privacy, and also from numerous studies showing increased awareness.
It is well known that people will share their data in exchange for services. The issue is that not all of the sharing is known, transparent, or controllable. Services from Meeco are working to make the tradeoffs more accessible to users; Telefonica labs have some interesting tools under development, and Facebook continues to build their products around core privacy principles. Given AVG’s position in the ecosystem, we often see the less desirable sides of unintended sharing. While our VPN and privacy tools are a great start, we have more work to do, both in educating users and with giving them more control.
Whether or not a “personal data economy” will evolve is still an open question, but the experimentation around the idea is very healthy. I emphasized that we need to make solutions much easier for consumers and that providers need to embrace a federated and distributed structure – basically, the ability for end users to move their data and their “trust provider” at will, without a lot of friction.
At our event titled, “Mobile Threats: Fact or Fiction”, Telefonica, Verizon, TCL, and Sony presented their views of mobile security and privacy, and then we participated in a panel discussion. Network providers are in an interesting position in that they see a lot of data and also have regulatory checks and balances in place. With the balance between those two, they have the opportunity to become “trust brokers” for their user bases.
Consumer product development companies are looking to build privacy controls deeper into their products, and ensure that permissions and data flows make sense for users. Of course, with the Internet of Things (IoT) we end up with a plethora of operating systems, connectivity options, data flows, and business models. With no standardization in sight, security companies will have to develop comprehensive solutions that can address issues across many different technologies. In order to act on all of this IoT data, security solutions need to be in the data flow. AVG’s relationships with carriers, combined with our VPN and our work in router solutions, puts us in that prime position.
There is a general consensus that users will not adopt IoT as quickly if security and privacy are not addressed, and rightly so. It is a complicated problem, spanning identity, authentication, malware, permissions, and data usage. We do not yet have a good framework for looking at all of these, but there are encouraging signs within each specific area, so that better protection is in sight.
The Fight for Privacy– Apple vs. the Federal Government
AVG’s Chief Legal Officer, Harvey Anderson recently sat down with Marty Gonzalez from San Francisco’s Kron 4 Morning News Weekend to discuss why Apple is fighting back against privacy disclosure.
Over the last few weeks the entire country has been discussing the court order enforcing Apple to unlock data security from the iOS device used by one of the alleged terrorists in the San Bernardino shooting. Whether talks of support were in favor of the Federal government or for the tech giant, the larger issue that continues to rise to the surface is how this could jeopardize the privacy of millions of iOS users.
Recently, AVG’s Chief Legal Officer, Harvey Anderson sat down with San Francisco’s own Marty Gonzalez from Kron 4 Morning News Weekend, to discuss the severity of Apple complying with the ruling and unlocking the door to privacy.
VIDEO: Chief Legal Officer discusses Apple vs Federal Government
Gonzalez: ….So far it’s been a stalemate between the FBI and Apple. What would be the long term range impact of Apple refusing this court order to crack the code?
Anderson: I think it’s dangerous what’s happening right now…You’re essentially asking a company to introduce a vulnerability, a bug, a security flaw into its system. Once that happens, there’s not a lot of confidence that this bug will only be used for this case. Suppose an authoritarian government gets it, suppose a malicious hacker gets it. Will it also be used the next time you want to get data….?
Gonzalez: Let’s say people are, people are thinking, wait a minute, why doesn’t Apple just give the FBI the phone, Apple cracks the code and gives it back to the FBI and it’s just a one-time deal. Is that not plausible?
Anderson: Not really. Actually, what happened in this case is that Apple was working very closely with the FBI and right after the phone was taken into custody it appears that we just learned is that the Apple ID password was reset. So Apple has a very easy way to do an iCloud backup of this phone. The phone could have been brought to a trusted network, the network would have recognized the data, and then the government could have gotten the data from Apple’s Cloud which it has access to. But someone within the San Bernardino county officials recently tweeted that the FBI asked them to reset the passwords, which prevented this easy method to get the data.
Gonzalez: Apple and the Federal government have been arguing the whole topic about encryption for years. This is just the latest step. Where do you think this issue goes from here?
Anderson: It’s so unknown. It’s such a dangerous precedent. If this order is upheld. As you know this order was actually an ex parte order. Apple has not had a chance to oppose it legally but I think it’s such a dangerous to force a company to introduce a security flaw. The problem is that there is no privacy without security. That’s the underlining paradigm that exists here. Once you start to take away security, it starts to compromise people’s privacy. It’s not privacy against the proper judicial use of disclosure and discover it’s against others.
Gonzalez: Apple is arguing that once it’s gone, it’s gone.
Anderson: Exactly.
Identity theft accounts for ‘majority of data breaches’
Theft of identities along with personal information still accounts for the majority of data breaches, a new global survey by Gemalto has found.
The post Identity theft accounts for ‘majority of data breaches’ appeared first on We Live Security.
Privacy and security ‘war’ must come to an end
Cybersecurity experts are joining forces with government officials to try and “end the war between privacy and security”, it has been revealed.
The post Privacy and security ‘war’ must come to an end appeared first on We Live Security.
The industrialization of cybercrime may be upon us
We are slowly seeing the industrialization of cybercrime according to an expert. Dr. Adrian Nish, head of cyber threat intelligence at BAE Systems, said that cybercriminals are becoming more “professionalized”.
The post The industrialization of cybercrime may be upon us appeared first on We Live Security.
Breathing fresh air into the Internet of Things, to keep you alive
Here at AVG we have an innovation team (AVG Innovation Labs) that looks at future security risks and how technology can be deployed to manage it.
And when it comes to new IoT devices, special consideration is needed to ensure data is kept personal and private. AVG Innovation Labs undertakes research to allow us to understand how best to provide these services going forward.
The AVG team have been innovating their own IoT devices and applications to get a first-hand experience of the challenges that vendors go through when creating a device for the home.
One of those projects has been looking at air quality and how it can be an issue for many people, whether they suffer from allergies or maybe asthma. Breathing clean and acceptable air can improve our day to day experience, and by extension our personal security.
The device starts with measuring the Air Quality Index (AQI) which provides an overall rating of air quality. This is obtained by analyzing multiple sensor readings such as relative humidity, temperature, carbon monoxide, ammonia, and many more.
In conjunction with our vision of the future for AVG Zen and Family Graph, we’re demonstrating the importance of location as an impact on the safety of everyday family life.
Now imagine a scenario where we combine some of that future AVG Zen functionality with Air Quality monitoring and other connected devices in the home.
Through location sharing our devices know if we are home, travelling, or even en route from work or school. As we start our travel toward home, our smart connected device that we all carry could automatically connect with the home network to inspect the status of air quality and temperature remotely.
With that information at hand, and making decisions based on our preferences, the technology could automatically open vents or start de-humidification or air-conditioning units to change the air quality, or switch on the heating so that we have a warm house to welcome us home.
The potential for technology to improve our everyday lives and ensure that our environment is the best it could be is remarkable. There is also the life-saving benefit of avoiding toxic conditions caused when a gas powered heating system malfunctions, for example.
When IoT devices bring real value such as this, it’s important that they are not interfered with by hackers, and that the data analyzed remains private and secure. Imagine getting home to find the air quality has been made worse not better, or that the house is too cold or even too hot and you have a large energy bill coming your way.
Through innovation like this, AVG is able to understand the complex challenges of securing devices and services that will one day provide us all with truly connected homes and lives.
The security review: The state of security in companies in the EMEA region
Highlights from the past seven days in information security include the state of security in companies in the EMEA region and advice on support scams.
The post The security review: The state of security in companies in the EMEA region appeared first on We Live Security.
Average cost of cybercrime rises by 200% in just five years
Cybercrime is costing the global economy up to $450 billion annually, a new report by Hamilton Place Strategies reveals.
The post Average cost of cybercrime rises by 200% in just five years appeared first on We Live Security.
Ransomware on the rise – how to protect your devices and data
Dozens of active ransomware variants such as TeslaCrypt, Locky and Crypt0L0cker continue to extort victims daily. And Ransomware-as-a-Service threatens to make matters worse.
Ransomware – you will not find a more frequently used word in the antivirus industry in these past few months. AVG’s viruslab have analysed dozens of different ransomware “families” in that time.
Based on the number of new unique samples per day, it seems that the ransomware trend is steadily increasing.
Some ransomware families appear to have been created by amateur programmers eager to earn easy money (Radamant, LeChiffre, or Hidden-Tear derivatives, just to name a few), while others are developed by professionals and operated by cyber gangs (e.g. CryptoWall).
At present, the most active families are TeslaCrypt, CryptoWall, and Crypt0L0cker (aka TorrentLocker) with each of these families spreading in multiple ways. The most common infection methods are via exploit kits and phishing emails (as links or attachments).
We’ve noticed many different approaches to creating ransomware, such as the programming language used. While C, C++, C#, and Delphi are very popular among malware authors in general, we have seen ransomware created in JavaScript, Java, and even purely in Windows .bat files.
More worryingly, we have identified “Ransomware-as-a-Service” offerings that are threatening to make things much worse. These often Tor-hosted (anonymous) websites make it possible to generate custom ransomware with just a few clicks – in return for a share (5-20%) of future earnings, i.e. ransom revenue.
But it’s also the brazen attitude and apparent confidence of some ransomware authors that is disturbing. We have found the Nanlocker ransomware contains a now famous (and very unfortunate) statement that was made by a member of the FBI at a security conference.
How to protect your computers and networks against ransomware.
- Don’t trust any links or attachments in email – this remains the most common way that ransomware takes hold. If you weren’t expecting the email, do not open it. If unsure, always seek a second opinion from a tech savvy friend – or just delete the email.
- Keep your software and operating system updated. Ransomware is targeting not only Windows, but also Linux (e.g. Linux.Encoder) and even Mac.
- Uninstall unused or notoriously vulnerable applications – for example, if you don’t need Adobe Flash Player, remove it and any other applications you’re not using. Stick to the minimum.
- Use the latest protection software. AVG Internet Security is great choice because it offers multiple layers of protection – we take the ransomware threat very seriously, and our software is capable of detecting the ransomware families mentioned earlier, plus more.
- Backup your files regularly and don’t forget to keep your backup media disconnected from your PC. Otherwise, your backups might get encrypted as well. This also applies to cloud storage and network drives (e.g. Dropbox, Google Drive).
What if it’s too late, and your files are already being held to ransom?
- If your files have already been encrypted by ransomware, the most important thing is to stay calm.
- You should immediately contact technical support (e.g. your IT department, your AV vendor) for further assistance, if available to you. You need to seek expert advice as early as possible.
- We strongly advise against paying the ransom. You’ve got no guarantee from the criminals that your files will be restored. And, if every ransomware victim refused to pay the ransom, this type of crime would quickly reduce in occurrence.
- It is quite possible that the decryption key is still located in the computer. Many ransomware families contain weaknesses in their encryption algorithm, which may lead to decrypting your files even without paying the ransom! It may take some time to spot and exploit such weaknesses, but in the meantime don’t delete your encrypted files, there may still be hope. (so call tech support).
