Tag Archives: News

AVG

Stagefright the sequel – Android devices vulnerable again

Researchers at Zimperium, a specialist cybersecurity company, has announced that it has found another major vulnerability in the Android operating systems that many of us use on our mobile devices.

A blog post published by Zimperium says “Meet Stagefright 2.0, a set of two vulnerabilities that manifest when processing specially crafted MP3 audio or MP4 video files.” Nearly every single device since Android 1.0, released in 2008, is affected according to the blog post. The researchers were able to exploit the flaw in devices running Android 5.0 and later, and conceptually nearly every single device since Android 1.0 (2008) could be affected. According to Zimperium, earlier devices could be impacted through media players and instant messenger that use the Stagefright library.

Media files carry additional information called metadata, which is processed when the file is opened or previewed. This means the video or audio file on the device would not even need to be opened by the user for the attack to occur. Once the device was infected, the most likely method an attacker would use would be via a web browser.

How might this happen in a real environment?

  1. An attacker will try to convince you to visit a link that points to an infected website via either a malicious ad campaign or using spear-phishing techniques.
  2. An attacker on the same network as you could inject the exploit by intercepting your mobile network traffic destined for the browser.
  3. Infection of 3rd party apps that are using the vulnerable software library.

Zimperium has said that they notified Google’s Android Security team in August, and that Google responded quickly to try and fix it. They’ve also said that full technical details of the exploit will not be released publicly until Google has confirmed that the issue has been fixed and is available to users.

Bugs and vulnerabilities in operating systems are not uncommon. This exploit highlights the need for users to ensure that their devices are running the very latest version of their operating system and applications.

Unfortunately, unlike the first time Stagefright appeared, when disabling the automatic retrieval of MMS messages could prevent your device from being infected, this time we need to wait for the update from Google, our phone carrier as well as our handset manufacturers to make it available to us.

In the meantime there are some precautions you can take:

  • Check with your handset provider or carrier for a patch/update.
  • Update all the apps you have on your device.
  • Avoid downloading media files from untrusted sources, and even when trusted, use caution.
  • If you haven’t disabled the ‘Auto retrieve MMS’ feature, switch it off now.

Remember, the most important thing you can do is keep your operating system and apps up to date. For that extra layer of protection, download AVG AntiVirus for Android to help protect your devices against malicious phishing sites.

Follow me on Twitter @TonyatAVG

Panda Security

All it takes is a laser pen to confuse the so-called “smart car”

smartcar

Besides radars, cameras, or a GPS system, Google decided that its driverless car would also have a powerful eye mounted on top of the vehicle which is capable of 360 degree vision. LIDAR (Light Detection and Ranging), the aforementioned eye, is capable of measuring distances thanks to a laser light which creates a 3D map of all that surrounds the vehicle.

Despite this technology allowing the car to hit the roads, driverless, without committing any of the errors that befall human drivers, the manufacturers of these autonomous cars aren’t claiming victory just yet as the LIDAR sensors aren’t fully bulletproof. Jonathan Petit, a security expert, has demonstrated their vulnerabilities by showing that they could be easily tricked by external sources.

The investigator managed to fool the sensor by using a laser pen and a pulse generator, which he also claims could be swapped for a Raspberry Pi or an Arduino. So, to trick a smart car, all you need to do is spend around 60 dollars (about 53 euro).

With this system, potential attackers could make the car believe that there is a wall, a person, or another car beside it, obliging it to reduce its speed. They could also send it false signals leading the car to stop itself completely for fear of crashing with these non-existent objects.

While the radars operate on private frequencies, which makes the less vulnerable, Petit was easily able to record and imitate the laser pulses emitted by the LIDAR system. He was able to make various copies of the false obstacles and even move them, thus confusing the sensor and making it believe that the illusion was real from distances of 20 to 350 meters.

google car

Petit will present the details of his investigation at the upcoming Black Hat Europe conference, which takes place in Amsterdam in November. For the moment, however, all that he has revealed is that one of the main selling points of these cars is vulnerable.

Google’s driverless car uses the LIDAR technology of a company called Velodyne, which is based in Silicon Valley and has developed a device capable of storing more than a million pieces of data per second, allowing the car to continue its journey without incident.

This invention doesn’t come cheap, though. Each unit costs 85,000 dollars (around 75,000 euro) and this investigation shows that a high price doesn’t necessarily mean high security protection – even the most expensive ones are at risk.

Although attacks are limited to a specific device for the time being, this expert argues that all manufacturers should keep security in mind and take necessary steps to avoid any dangers on the roads. “If a self-driving car has poor inputs, it will make poor driving decisions,” claims Petit.

The problem could be resolved with a stronger detection system: “A strong system that does misbehavior detection could cross-check with other data and filter out those that aren’t plausible. But I don’t think carmakers have done it yet. This might be a good wake-up call for them.”

It’s not just Google that has tested out these LIDAR systems – the likes of Mercedes, Lexus, and Audi have also tried out prototypes on their cars, which means they also need to keep in mind any potential security risks if they want their driverless cars to become the next step in automobiles.

The post All it takes is a laser pen to confuse the so-called “smart car” appeared first on MediaCenter Panda Security.

Panda Security

Pay with Bitcoins to save a hacked phone? It’s a scam!

bitcoins

The Telematics Crime department of Spain’s Guardia Civil has warned of a new type of fraud which affects mobiles. This new operation consists of cybercriminals saying that they have taken control of your device and threatening to reveal private information to your contacts.

They do it via an email similar to this one:

hacking mobile

In this email they give you 48 hours to transfer two Bitcoins (a virtual currency that has a real value) which will increase to five Bitcoins if you don’t pay before the 48 hour limit. By the seventh day, if you haven’t completed the transfer, your private information will be made public.

However, according to the Guardia Civil, this is nothing more than a scam and you should be wary of falling for the trap. Be warned!

The post Pay with Bitcoins to save a hacked phone? It’s a scam! appeared first on MediaCenter Panda Security.

AVG

Gamers can have a big impact on cybersecurity

Video games are very big business. The industry was calculated at $22.41 billion in the U.S. alone, by the researchers at NPD Group in 2014.

The insatiable appetite for games and resulting economic impact of gamers has been credited with driving major tech industry advancements, from better graphics that require ever-higher processor speed to driving down costs of pricey tech innovations making it more accessible in all markets.

Perhaps now is time for gamers and game developers to play a role in helping to shape cybersecurity.

New research shows concerns about cybersecurity among gamers and that the majority of gamers lack confidence in game developers’ ability to ensure their security. According to a new study by PlayFab, the back-end services provider for games, 83% of gamers believe that game developers should be responsible for securing a player’s personal data – though fewer than 40% said they currently feel confident with the safeguards.

When asked about the security of their game accounts and experiences, more than 80% ranked either personally identifiable or financial related information as the most important thing to protect. The concern is not surprising, considering high profile data security breaches that have taken place across the industry, including the huge hack of the Sony PlayStation Network, when hackers stole identity information for up to 77 million players.

“These survey results underscore both the opportunity for game developers to improve trust by focusing on security measures, and the importance that they do so to safeguard an audience that relies on them,” noted James Gwertzman, co-founder and CEO of PlayFab.

Meanwhile, gamers are also being enlisted to help the cybersecurity industry fight cybercrime – by doing what they do best.

In the UK, gamers are being recruited to fill the cybersecurity skills gap as part of the Cybersecurity Challenge UK, a government and industry-backed program designed to promote cybersecurity as a profession.

As part of the effort, the UK government has launched a new 3D video game platform, a browser-based massively multiplayer online game (MMO), where members of the general public of all ages and abilities are invited to participate and crack codes in cybersecurity games.

Stephanie Daman, the CEO of the Cybersecurity Challenge UK recently told the tech website Motherboard, “…a lot of people who are very good at cybersecurity are also gamers.” She identified a convergence of traits that make gamers good security professionals, “It’s that urge to find out how something works, to pursue a trail, to get to the end, to see what’s there.”

If we can transfer gamers concerns around cybersecurity and apply their skills to protect our data, everyone wins.

Game on.

AVG

AVG achieves top scores from AV-Test and AV-Comparatives

Are there things in life that you can really say you are 100% sure about, I am sure there are a few but not very many.

In the last week here at AVG our virus research teams and engineers have achieved not just one great test result, but two. The AV-TEST results show that AVG achieved 100% detection of real-world malware and 100% detection of widespread malware. Then followed the AV-Comparatives Malware Removal report awarding AVG with the highest award mark of Advanced+.

Whether you are a consumer or business looking to make a decision on what Anti-Virus/Malware product to use, then independent results from internationally recognized testing organizations should help you make the right decision.

For businesses selecting the right product to stay safe is particularly important, in many cases you are not just protecting your company data but also the personal information that you hold about your customers.

The double 100% result from AV-TEST is particularly important as this shows that our products are protecting you without compromise whether the threat is new and only just appeared, as detailed in the real-time test, or whether it’s a known malware variant that is widespread.

I asked Andreas Marx, CEO of AV-TEST what the significance of the 100% result means, he said “Here at AV-TEST we understand that consumers and businesses rely on specialist organizations such as ourselves to test products they rely on for their security and protection. When a vendor scores 100% in both the real-time and widespread sections of our protection test, it provides a data point that allows consumers and businesses to make informed decisions. We congratulate AVG for achieving the 100% result in our August test.”

Detecting malware and stopping it from carrying out its malicious intent is important, but knowing that it has been completely removed from a device is also extremely important. The AV-Comparatives award for Malware Removal shows that we have excelled in this area too.

At an industry conference I asked Andreas Clementi, Founder and CEO of AV-Comparatives about the Malware Removal report and the AVG result, he said “An important factor for users of Anti-Malware products is not only its ability to detect malware but also its ability to remove the threat and all of the components that it installed. At AV-Comparatives we conduct an annual Malware removal test that shows a products efficiency to clean up after an infection, AVG has achieved an Advanced+ rating for 2 years in a row which shows great consistency.”

It’s important to understand that testing anti-malware products is undertaken and a point or period in time, so the results reflect the moment that these tests were carried out.

Of course our teams are motivated to continue with flawless detection results, and with the release of our new versions of our Ant-Virus range of products there are additional security features designed to provide improved detection. You can see more details in my article about our product release.

Indulge me in this moment of unashamed promotion of AVG and allow me to proudly acknowledge the commitment and dedication of the AVG teams that have delivered these awesome results, which they proudly develop to protect you, our customers.

Follow me on Twitter @TonyatAVG

AVG

AVG kicks off National Cyber Security Awareness Month with updated product suite

I am delighted that that we have released our updated Protection and Performance products and suites – consciously timed with the inauguration of National Cyber Security Awareness Month.

Introduced in the US by President Obama, National Cyber Security Awareness Month was conceived to raise awareness and education about cybersecurity, and help citizens protect the nation in the event of a cyber-incident. Throughout October, companies and organizations will be holding conversations, hosting events and taking part in Summits as they look to educate us to “Stop. Think. Connect”.

AVG fully supports this initiative, and is involved in a number of similar, designated days and months throughout the year, such as European Cyber Security Month, which aim to further security education. As we increasingly live our lives online, and the everyday devices in our homes become connected, cybersecurity has rapidly become a personal issue as well as a one of global importance. Most of us now own multiple devices and use apps for everything we do; but our growing dependency on technology, while simple to use, they bring high levels of complexity; and all too often, security and privacy become an afterthought. One of AVG’s goals is to take the complexity of your everyday, online environment and simplify it, making it as easy as possible for you to secure and manage you and your families’ digital lives and keep them protected.

The digital landscape is always evolving, and so too, must the products you use to protect yourself. The latest release of AVG’s protection products and suites are now auto-updated on a continual basis, so users will always have the latest features and capabilities without any required action on their part, removing the need for you to accept or search for an upgrades.

The new release adds significant protection capabilities, including Real-Time Cloud Detection, AI Detection and Improved Malware Detection, are also focused on real-time protection – ensuring customers are always secured against the latest threats.

These product releases continue to underscore our leadership in online security and commitment to protecting devices, data and people, at home and at work – in the August test results from AV-Test, AVG Internet Security scored 100% for both real-time and wide spread malware detection. Make sure to check back here on our blog, AVG Now, throughout the month, to hear more product and service news, and to read some of our top cybersecurity tips.

You can find out more about the latest AVG Performance and Protection products here: http://now.avg.com/avg-new-protection-performance-press-kit/

Panda Security

Has the dislike button finally arrived to Facebook? Of course not, don’t be fooled!

It’s been a few weeks since Mark Zuckerberg revealed that Facebook was working on incorporating the much awaited dislike button into its website, finally allowing users to give the thumbs down to posts that they don’t like.

As expected, some scheming cybercriminals have taken it upon themselves to introduce the dislike option ahead of the official Facebook launch. However, you’re not going to like what you get if you download it.

What’s most likely to happen if you download this fake dislike option is that you will pass all control of your account to the cybercriminals and, even worse, they could install malware on your computer rendering it unusable.

How can we find this supposed dislike button on our profiles? There are a few versions:

dislike

dislike facebook

dislike button

So, now you know that if you find anything like this on your profile that you should ignore it. Also, don’t share these fraudulent pages on your timeline!

The post Has the dislike button finally arrived to Facebook? Of course not, don’t be fooled! appeared first on MediaCenter Panda Security.