Tag Archives: News

Panda Security

Google, Facebook and Yahoo join forces to fight against scammers who inflate the clicks on their ads

bots

The online advertising industry has witnessed the emergence of “invisible enemies” that pass themselves off as regular online users – the infamous bots. This network of zombie users has become a serious headache for businesses and this is reflected in recent data. According to a recent study, advertisers worldwide look set to lose $6.3 billion dollars per year (roughly €5.7 million) due to these scammers that try to imitate human behavior.

The investigation also signaled that 23% of all advertising video views and 11% of clicks on advertisements were carried out by botnets. This detail is harmful to the advertisers, as it implies that they are paying in order to artificially inflate page clicks and video views, which results in their campaigns losing credibility.

This worrying situation has forced leading technology companies to come together in the fight against the bots. Google, Facebook and Yahoo have recently joined forces with specialized digital marketing agencies such as Quantcast, Rubicon project and MediaMath. The Trustworthy Accountability Group, a group created by the American Advertising Association and the Interactive Advertising Bureau, has been the main diver behind this initiative to put an end to the fraudsters.

The agreement that they reached can be summed up as follows: there’s strength in numbers. Each of the businesses has its own internal blacklists – databases which contain information relating to suspicious IP addresses. Now, they will combine all of them to create one massive database which will allow them to block the bots.

“The industry is united in this fight and we are going to win the war against fraud”, stated Mike Zaneis, the executive director of the Trustworthy Accountability Group.

The DoubleClick blacklist, a platform for creating and managing the online advertising for Google, filtered 8.9% of web traffic in May. This database will be the most important for this information sharing program that will identify the bots that are designed to evade detection by the IAB/ABC International Spiders & Bots List.

bot

“By pooling our collective efforts and working with industry bodies, we can create strong defenses against those looking to take advantage of our ecosystem. We look forward to working with the TAG Anti-fraud working group to turn this pilot program into an industry-wide tool”, explained Vegard Johnsen, Product Manager Google Ad Traffic Quality, on the company’s online security blog.

A study carried out by Distil Networks estimated that, during 2014, malicious bots appeared in 22.78% of web traffic. This compared to 36.32% of “good” bots while humans only accounted for 40.90%. The harmless bots were able to be identified and this prevented them from carrying out any malicious activities.

Mountain View has detected fraudulent web traffic generated by platforms such as UrlSpirit, which uses Internet Explorer to visit a list of websites that generate up to 500,000 fraudulent requests per month, and HitLeap, a web-sharing service with 1,000 fraudulent advertising requests in the same period.

“By contributing our data-center blacklist to TAG, we hope to help others in the industry protect themselves,” claims Vegard Johnsen of Google. TAG will soon launch a pilot program which will collect a series of general principles, although the actual tool for detecting the online fraudsters isn’t available until the end of the year.

The post Google, Facebook and Yahoo join forces to fight against scammers who inflate the clicks on their ads appeared first on MediaCenter Panda Security.

AVG

Technovation 2015: Security by the Numbers

Being a finalist at Technovation 2015 means competing against over 400 apps from 64 different countries. The challenge? To build an app in just a few months that would help solve real-world problems such as sports concussions or childhood obesity.

I had the pleasure of leading the “Security By the Numbers” workshop at Technovation 2015 #wpitch2015. This workshop is designed to help the young finalists visualize themselves as entrepreneurs and transition their prototypes into market-ready apps.

So what defines a market-ready app? Increasingly, the answer is security. From the continuous stream of high-profile data breaches to the rising prevalence of malicious apps on Android, the lack of app security has proven to be a gold mine for cybercrime. In fact, a recent study by IBM found that the cost of data breach could be as high as $300 per single lost record and $154 per record on average.

As with all good design, app security is not a simple afterthought. That’s because security to the app is like a shell to a turtle, it’s a skeletal structure that needs to be designed for.

Turtle

 

This workshop used an AVG app with over a million users to illustrate three key principles of app security:

  1. Prevention – What are some common mistakes and vulnerabilities?
  2. Detection – What are the tools and resources for detecting malicious activity?
  3. Continuous Monitoring – How do you implement a robust monitoring infrastructure?

This was particularly beneficial for the students because it provided them a glimpse into the technical infrastructure and monitoring that can support a large scale mobile application.

My favorite feedback from the workshop was “Technovation was an enlightening experience and helped me see this as a career, this workshop helped me understand what it would take to take my ideas to market.”

It was an inspiration to be surrounded by so many bright, driven and accomplished young women. I’m excited to see a future with a more diverse and inclusive tech industry!

AVG Technologies @AVGFree is a gold sponsor of Technovation thanks to the efforts of Anar Simpson @AnarSimpson, Todd Simpson @ToddSimpson and Judith Bitterli @JudithBitterli.

 

Mariya Snow @mariyasnow is a Senior Engineer at AVG Technologies.

AVG

Google Timeline knows everywhere you’ve ever been and can show you

When security experts warn us about sharing and publishing our location data, it’s easy to think that they are exaggerating the importance, and really what harm can come from “checking-in”?

I got a nasty shock this week when I found out about Google’s new Timeline feature which it launched last week.

Timeline will dot everywhere you’ve accessed Google Maps and plot it on a map. Mine, for example, looks a bit like this.

Google Timeline

 

As you can see, a couple of trips around Europe but most dots are in and around London, where I live.

This alone is quite strange to see but it gets creepier. Click on any one of these dots and it opens your journey. Here for example, is my stroll around Barcelona at Mobile World Congress last year.

Timeline 2

 

This is an exact map of where I went, which roads I took and how long I stayed at each location. Very surreal to see, given that I wasn’t even sure I was actively using my phone to navigate.

Google Timeline allows you to search for your location by date, so if I wanted to know everywhere I went in October 2013, or even on a specific day, I can find out.

Timeline 3

 

Google Timeline also arranges these journeys for me by calling them useful things like “Day Trip to Cambridge”.

Timeline 4

 

This is a brand new feature and one that has certainly made me reconsider how much data I leave behind in my everyday life.

Naturally, all of this information is private and only visible to me, but I strongly suggest you access your own Google Timeline and see whether you are comfortable with what information is being stored.

 

Here’s how to switch it off:

Turning off your location tracking is simple. In Google Timeline, click the cog at the bottom right corner and select Pause Location History.

Timeline 5

You’ll see the following message

Timeline 6

Click “Pause”.

 

Within the options, you can also delete all stored location history and even download your history.

AVG

Just how safe are connected cars?

Last week, Wired published an article ‘Hackers remotely kill a Jeep on the highway – with me in it’ detailing the actions of two well know hackers Charlie Miller and Chris Valasek. In the words of the journalist, Andy Greenberg, he agreed to be their ‘digital crash-test dummy’.

The hackers managed to remotely control many important functions of the Jeep, including braking, transmission and accelerator. They also controlled the wipers, air-con and radio, but the threat is very different when someone can control the driving and safety features of the vehicle.

Miller and Valasek proved in 2013 that they could hack a car, at that time a Ford Escape and Toyota Prius, but at that time they demonstrated it from the back seat and they needed to be physically connected in the car.

This latest demonstration of their skills show that in this instance they could control the vehicle remotely, which is of course a very different risk.

This story has so many similarities to the recent stories about the ability to hack an aircraft and control it. Experts in avionics were quick to disclose that only in a few aircraft have the infotainment systems connected to the control of the aircraft and in all cases the pilot has a manual control button in the cockpit to take control and fly without the reliance on technology in this way.

While similar stories they are two very separate industries, the automotive industry regulators would appear to be in catch up mode as opposed to setting definitive standards for the industry to follow in advance of deployment in the field.

My other concern raised by this and previous stories about car vulnerabilities is the method of deployment of the fix. There is a software update available for the Jeep, it can be downloaded and loaded through a USB stick. While this sounds simple it should not be left to the consumer to perform updates of this importance, if there was a manufacturing fault in the breaks of a car they would be recalled and a trained mechanic would repair them. While the dealer may load the software for you its my opinion that when a major vulnerability like this is found the car companies should be made to do a full recall and take responsibility.

I wonder how many car drivers of connected cars have the latest software loaded in the cars today? I suspect that many BMW drivers that were subject to the ‘unlock’ hack earlier this years are still driving around in a vulnerable car.

There is light on the horizon as US and UK Government departments that control standards in this area are both reportedly writing new guidance. I am sure that in the next few months they will be published but of course implementation in manufacturing takes time and the risk grows with every new ‘connected’ car that rolls off the production line.

 

AVG

Tech’s Not So Free Lunch

On the macro level, for example, and in the “plus” column, is the transparency practice of many leading tech firms, revealing the diversity of their workforces. And on a more micro level, the big security industry RSA Conference this year essentially banned “booth babes” by stressing strict dress attire for its exhibitors.

Bravo!

Now we come to a step back. A new report by Forbes is that the hottest lunch spot for many SF male techies is, rather unbelievably, a strip club…

The lunch spot of the moment is apparently the Gold Club in San Francisco’s SoMa district, which is conveniently located within walking distance of top tech companies such as Yelp and Salesforce. (You can read the article about this here.

Supposedly the attraction is a cheap lunch: for a $5 cover charge, you get a free lunch buffet and …enjoy dancers. (Ironically, Silicon Valley tech companies have long been the providers of free and subsidized lunches for employees –all to attract the best talent, keep them on campus and at their desks…)

Is the new lunch fad simply a good deal on a buffet? Innocent fun? A way to escape the drudgery of staring at a screen all day?

To me, it’s inappropriate and more troublesome than that. It’s one more manifestation of the techbro culture that permeates our industry.

Worse, it seems to have gotten the wink and nod from many tech firms. For example, according to the Forbes article, one well-known tech firm’s hiring managers would take prospective hires to the Gold Club—which was referred to by the secret code name of “Conference Room G.”

But I don’t want to make light of this. Regardless of your take on strip clubs (whether they objectify or empower women), for the tech industry, which has always been exclusionary (both of women and minorities), it’s simply one more example of the way it can be careless and tone-deaf.

Another take-away from this is that corporate culture doesn’t just come from the top. These techbros are influencing their workplace just as much – arguably more so– as their managers are. Imagine being a woman or gay male programmer and hearing guys in the break room talking about their great lunch… How excluded would you feel?

On another cautionary note, this sounds like a lawsuit waiting to happen, whether an unsuspecting worker is taken to a club by colleagues and feels uncomfortable, or overhearing the guys talk about their fun in the workplace…

On that note, we were reminded just this past week of the most famous sex discrimination lawsuit to date in the tech industry: the case of Ellen Pao against Kleiner Perkins. In March, the highly reported case ended with Ms. Pao losing her lawsuit, but tarnishing the reputation of her former employer, a gold standard Silicon Valley VC firm.

Fast forward and Ms. Pao was recently forced out of her interim CEO position at the Internet community site Reddit. (The New York Times headline read: “It’s Silicon Valley 2, Ellen Pao 0: Fighter of Sexism is Out at Reddit.”)

Ms. Pao wrote an Op-Ed column about her ordeal at Reddit, which appeared this past weekend. In it she chronicled the work she and the company did to try to prevent and ban harassment on the Reddit site and the resulting “attempts to demean, shame and scare” her into silence that ultimately led to her resignation.

As Ms. Pao has noted, I couldn’t agree more: “It’s left to all of us to figure it out, to call out abuse when we see it.”

Sex discrimination and harassment –and resulting lawsuits— have been happening in other industries for years. No, the tech industry didn’t invent sexism or the wheel. But as they say… we’ve driven the car into the ditch all the same. These are glaring examples of the distance we have to travel.

Panda Security

Panda Security, compatible with Windows 10

Next Wednesday, July 29th, Microsoft will launch Windows 10. This new version has been gaining lots of attention in recent months and there are many people eagerly waiting what is seen as the launch of the summer.

If you are one of those and you have a Panda product, then fear not – Panda Security’s antivirus is completely compatible with Windows 10!

windows10 compatible

All of the products from the 2015 range are compatible with the new version of Windows and, if you have an older version but are thinking about updating your operating system, we recommend that you download your antivirus for Windows 10.

How to download an antivirus for Windows 10

It couldn’t be easier! All you need to do is go to the webpage and download your antivirus for Windows 10 which will keep your computer protected against all types of threats.

So, there you have it. On our end, there’s no problem, so now it’s up to you whether update your computer to Windows 10 or not!

The post Panda Security, compatible with Windows 10 appeared first on MediaCenter Panda Security.

Avast

Weekend wrap-up: Cybersecurity news from Avast

Here’s your wrap up of security and privacy related news from the first half of July.

Mr Robot TV shows about hackersWe are very excited to announce the debut of a new series of videos called Avast Hack Chat. Every week we invite a security expert to talk us through the hacks on Mr. Robot, USA Network’s summertime hit TV show. We also talk about current news, technology in pop culture, and tips that you can use in your everyday life to keep your devices and data secure. Please subscribe to Avast Hack Chat on YouTube to see all of our videos.

 

Read our reviews of the hacks

Pilot episode 1: Are the hacks on Mr. Robot real?

Episode 1.1: Mr. Robot Review: Ones and Zer0s

Episode 1.2: Mr. Robot Review: d3bug.mkv

Episode 1.3: Mr. Robot Review: da3m0ns.mp4

Episode 1.4: Mr. Robot Review: 3xpl0its.wmv

It’s too bad that hacking is not just for TV and movies. Even trusted websites can fall victim to cybercrooks. Online shopping just got a little more risky when the largest e-commerce platform was hacked in order to spy on customers and steal credit card data.

Government agencies, businesses, and individuals need to stay on alert for ransomware. That’s the malware that locks up your files and demands that you pay money to provide the key. Cryptowall recently joined forces with a click fraud botnet to infect individuals and businesses. Our blog explains how to stay safe against infection.

Critical zero-day flaws were discovered in the Adobe Flash Player, Oracle’s Java, and Microsoft’s Internet Explorer. Patches for each have been released. In addition to these patches, Microsoft released a rare emergency “out-of-band” Windows security patch. Make sure that you apply these patches so your machines are running the most secure versions of software.

icon-browser-cleanupNow for some good news. Avast Browser Cleanup removes those unwanted browser add-ons. You know the ones. They take up space on your browser, change your search engine, and even your home page. Avast Browser Cleanup has removed more than 650 million unwanted add-ons and extensions from our users’ browsers in the past two years. You can get it for free in all Avast products or download it as a standalone version.

Avast for Business protects a private school for free

Schools and businesses around the USA are also happy. Two schools; one in Ohio and one in Arizona have recently adopted Avast for Business software to protect their entire network for free. And one lone IT administrator is now able to efficiently manage 500 computers because of Avast for Business’s cloud-based web console.

BYOD, or bring your own device, is a common practice at many businesses around the world. CEO Vince Steckler announced the acquisition of Remotium, a leader in virtual enterprise mobility. Their technology provides enterprises with secure access to business-critical applications from anywhere and from any mobile or desktop device.

SecureLine VPNStudents wanting to know how they did on their AP test installed Avast SecureLine VPN so they could see the scores right away. We have extended the 7-day free trial for an additional 30 days for all these clever kids. We hope you will keep your devices safe while using unsecured Wi-Fi around your new college campus this fall.

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

AVG

The UK gets ready for automated vehicles

Earlier this July, the British government published “The Pathway to Driverless Cars: A Code of Practice for testing”, a fourteen page document clarifying the legislation around driverless vehicle testing in the UK.

As expected, the document is heavily skewed towards safety, with stipulations for operator overrides and emergency service procedures among others.

That’s not the part that I found interesting about the guidleines. That came later, and was more focused on data collection and cyber security.

As we have come to expect from our connected devices, data collection is inevitable. The government’s outlines mandate the following as minimum data recording functionality on the vehicle.

As a minimum this device should record the following information (preferably at 10Hz or more):

  • Whether the vehicle is operating in manual or automated mode
  • Vehicle speed
  • Steering command and activation
  • Braking command and activation
  • Operation of the vehicle’s lights and indicators
  • Use of the vehicle’s audible warning system (horn)
  • Sensor data concerning the presence of other road users or objects in the vehicle’s vicinity
  • Remote commands which may influence the vehicle’s movement (if applicable)

 

Add to these minimum prerequisites some other specific datasets such as location (for traffic updates etc.) and you begin to get the picture. Very soon our connected, driverless cars will become a hive of activity, bringing convenience to our daily lives but documenting it like never before.

In fact, immediately following the data collection requirements, the document then went on to establish expected behavior for handling this data.

“Testing is likely to involve the processing of personal data. For example, if data is collected and analysed about the behaviour or location of individuals in the vehicle, such as test drivers, operators and assistants, and those individuals can be identified.”

Will our own cars present a privacy risk to us in the future? Thorough data logs of everything we do and everywhere we go suggest that it might. Who knows, perhaps we’ll see an optional “incognito mode” like we see in some web browsers, where you can drive “off-record” for a limited time.

I was also pleased to see the inclusion of some basic cybersecurity standards included in the document. As our digital world rapidly merges with the offline, it becomes ever more important to safeguard the things that matter most from attack.

The document stipulates:

“Nevertheless, manufacturers providing vehicles, and other organisations supplying parts for testing will need to ensure that all prototype automated controllers and other vehicle systems have appropriate levels of security built into them to manage any risk of unauthorised access.”

This is hardly comprehensive but it does make developers consider cybersecurity from the outset.

While time will tell just how ready the people of Britain are for driverless vehicles, but it’s good to see that the government is addressing safety concerns both on the road and online.

AVG

Google cracks down on ad-injectors

The reality of the web is that not every site is secure. However, most of us get by just fine by sticking to well-known websites from trustworthy companies. Antivirus plays its part by scanning websites and letting you know ahead of time whether or not a site is trustworthy.

While this helps protect against most browser based threats, one area that is commonly exploited is ad-injection. Unlike the bulk of a page’s content, ads tend to be loaded from an external ad server or Content Delivery network (CDN).

Ad Map

Image source

 

Attackers have found a way to insert malware into the advertising code, which in some cases can circumvent the web page’s security and serve malicious code to the visitor.

In an effort to combat ad-injection malware, Google’s Safe Browsing team announced that when Chrome detects a possible ad-injection on a site that it will serve its famous “red screen” advising the user that the site is potentially unsafe to visit.

Red screen

 

How to activate Google Safe Browsing

Activating Google Safe Browsing is simple.

In Google Chrome, select the drop down menu in the top right hand corner.

Select “Settings”

Chrome Menu

 

Ensure that the “Enable phishing and malware protection” button is checked.

Chrome Privacy Settings

AVG

AV-Comparatives describes AVG AntiVirus for Mac® as ‘flawless’

While this makes us at AVG proud it’s the commentary that the editor uses to describe our Mac product that really pleases us. “AVG AntiVirus is a simple, easy to use antivirus program for Mac, with all the essential features. Its detection of Mac malware was perfect”.

In fact the test results state that not only did the AVG product score 100% in the detection of Mac malware but it also scored 100% in Windows Malware Detection. We at AVG believe that you should feel protected across all of your devices, so we work hard to block the bad stuff regardless of which operating system you prefer.

Our Mac product is simple and easy to use, with features to scan the ‘Entire Mac’, ‘File Scanner’ and ‘Real-Time Protection’ it could not be easier to keep your Mac secure.

If you are one of those Mac users sitting there without protection then you need to think about the assets and information that you have on your machine. While there are limited examples of malware for the Mac platform it could be devastating if it infects your machine.

Imagine taking the view that you have never seen someone you don’t know try opening the front door of your house, so you leave it unlocked. On the day that the chance burglar does try the door and its unlocked then the burglary is likely to be very bad as there is nothing stopping them from emptying your entire house.

Loading the AVG Antivirus product on you Mac, just like locking your door, is a preventative measure that all Mac users should take to stay safe. And what makes this even more compelling is that it’s completely free.

Download AVG AntiVirus for Mac from here.

You can follow me on Twitter @TonyatAVG and find my Google+ profile here.