Tag Archives: News

AVG

Self-Driving Trucks Ahead  

The Freightliner Inspiration Truck is the first licensed autonomous commercial truck to operate on an open public highway in the United States and made its debut by driving across the Hoover Dam earlier this month.

Video

Freightliner Inspiration

 

Of course, the mix of radars, sensors, lasers and technology that enable autonomous driving is applicable to many other forms of transportation. But the self-driving truck is a very natural and promising extension of the category.

With its truck, Daimler promises to unlock autonomous vehicle advancements that reduce accidents, improve fuel consumption, cut highway congestion, and safeguard the environment.

The Freightliner Inspiration is only a prototype of what is could be reality in ten years’ time and, for now, Daimler has made it clear that it is still relying on drivers.

“The driver is a key part of a collaborative vehicle system,”  Richard Howard, Senior Vice President at Daimler said at the Freightliner Inspiration’s unveiling. “With the Freightliner Inspiration Truck, drivers can optimize their time on the road while also handling other important logistical tasks, from scheduling to routing. The autonomous vehicle technology not only contributes to improved safety and efficiency, but allows for improved communication through connectivity and integration.”

Autonomous trucks are already used by mining conglomerate Rio Tinto in Western Australia to haul millions of tons of material.

Automation for trucking and haulage is so significant as logistics are so important when it comes to shipments. Often, drivers are pushed to the limit to make deadlines. Combine human fatigue with mechanical failures, and the results can be deadly.  A 9,000 gallon unleaded gasoline tanker fire in Detroit and a school bus tragedy in California, are just two of the most recent and tragic examples where automated driving could have made a difference.

The latest statistics from the US Department of Transportation (DoT) showed that 342,000 large trucks were involved in traffic incidents during 2013 with 3,964 people killed and 95,000 people injured. Those are some scary stats and ones that make automation, or semi-automation, an imperative.

Don’t get me wrong. I’m not knocking the drivers. These are hard-working men and women who are up against crazy schedules and are often away from their families for weeks at a time.  Imagine driving full-time? It would be both physically and mentally exhausting.

The Walmart driver involved in the crash last June that seriously injured actor Tracy Morgan and killed his fellow passenger, the comedian James McNair, was reportedly nearing his drive-time limit when he rear-ended their car.  (Just this week, Walmart announced it had reached an undisclosed settlement with Morgan, after earlier settling with McNair’s family.)

On another cautionary note: just as car hacks have become a problem with autonomous cars, security is even more paramount with trucks and their automation systems.

As we previously reported, the remote car hack scenarios and vulnerabilities being experienced caught some of the top car manufacturers by surprise. I hope that when it comes to autonomous trucking, that manufacturers have taken note and are thinking further down the road.

Panda Security

The Police Virus strikes again! Android systems attacked!

The Spanish Police has warned of the reappearance of the Police Virus for Android.

Here we explain you how can they attack your cell phone, and what can you do to protect it!

android virus police

*** Posted June 2, 2014

A few days ago a new Android malware showed up, Android/Koler.A. It was in the news as it was actually a Police Virus / ransomware attack, similar to the ones we have seen in Windows computers, but this time it was targeting mobile phones.

Although in this case this piece of malware cannot encrypt any of the phone data, it is nasty and it is really difficult to get rid of it (without antivirus for Android), as the warning message is always on top and the user has only a few seconds to try to uninstall it.

While we were studying it, we found a new variant exactly the same as the first one but this one was connecting to a different server, in order to download the proper warning. And this server was still up… It turns out that the cybercriminals made a small mistake configuring it and left the door half-opened  Sadly, we could not get access to all the information there (there was a mysql database with all the payments, infections, etc. that we couldn’t reach ) but still we were able to download some files from the server and take a look at how it works.

I won’t go into details about the mistake they made to leave that door half-opened, as of course we do not want to help them ;)

Unsurprisingly, the way it works from the server side is really similar to the ones targeting Windows and that we have seen in the past: a number of scripts to geolocalize the device and show the message in the local language and with the images of local law enforcement. It saves information from all infected devices in the database and it takes the IMEI number of the mobile phone, adding the MD5 of the malware that is infecting the device. Doing this they can track the number of infections per malware variant and measure the success of their different infection campaigns.

This Trojan is targeting users from 31 different countries from all around the world; 23 of them are Europeans:
Austria, Belgium, Czech Republic, Germany, Denmark, Finland, France, Greece, Hungary, Ireland, Italy, Latvia, Netherlands, Norway, Poland, Portugal, Romania, Spain, Sweden, Switzerland, Slovenia, Slovakia and United Kingdom.

Users from these countries are also being targeted: Australia, Bolivia, Canada, Ecuador, Mexico, New Zealand, Turkey and United States of America.

What if you have already been infected?

Well, probably you won’t have an antivirus installed in your phone, which makes the clean up a bit difficult. The “infection” screen will be on top of everything, and this malware also disables the Back key. However the Home button will still work, so you can give it a try, push the Home buttom, go to the App menu and uninstall the malicious app:

Android ransomware

 

The bad news is that you will only have 5 seconds to do this, as the warning screens pops up every 5 seconds. What can you do then? Well, you just need to restart your phone in “safe mode“. Depending on the mobile phone you have, it can be made in different ways. Those running pure Android versions (Nexus, Motorola) only need to go to the shutdown menu and press for a couple of seconds on shutdown, until the following message shows up:

reboot mode

 

Click OK, and once the phone is restarted you can uninstall the malicious app. To go back to normal just restart the phone in the usual way. If you are using a phone with a custom Android version (Samsung, etc.), you can easily use Google to find out how it is done in your device.

We managed to grab the ransom message screens for every country, where you can find a number of known people, such as the Obama (president of the United States), François Hollande (president of France), Queen Elisabeth… It was also funny to see in the US one that they mention Mandiant (the company who showed up how China had in their army a cyber-espionage unit).

The post The Police Virus strikes again! Android systems attacked! appeared first on MediaCenter Panda Security.

AVG

No such thing as a free lunch, but there is ‘free coffee’ at Starbucks

Have you added up your spending on Starbucks coffee lately?  If like me you grab a coffee five days a week at $3.65 then you have an annual bill of just under $1000. When I saw that a hacker had found a way to get unlimited free coffee it caught my interest, especially see that there have been a number of Starbucks related issues over the last 12 months.

Egor Homakov’s hack is more a logic mistake or bug than a hack, you can read his blog on how he did it in detail here. He started by purchasing three gift cards with a value of $5, the type anyone can purchase over the register.

Registering the cards online at starbucks.com then allows you to move money between cards and top them up as necessary. Homakov then started sending requests to move the cash between the cards using 2 different browsers at the same time. Doing this, he managed to break the logic and transfer the same $5 from card A to card B twice confusing the Starbucks system and gaining $5 in the process, thus making himself an extra $5.

This was possible thanks to what is known as a Race Condition in the way the transaction is processed.  It takes place in two steps, the request and the acknowledgement.

In theory, this exploit could be run indefinitely to generate an unlimited amount of funds on a gift card.

Homakov did not do this though, after gaining the extra cash he tested the cards in a store purchasing coffee and a sandwich at a total of $16.70, proving he had more than he started with but limiting the loss to Starbucks to just $1.70.

Receipt

Image courtesy of sakurity.com

As a responsible security expert he contacted Starbucks through their support system on March 23 and did not receive a response until April 29, and the bug has now been closed.

There seems to be a pattern of hacks and bugs at Starbucks, just a few weeks ago there was another issue with gift cards and the transfer of funds linked to bank account, see the analysis here. And last year there was an issue that passwords on the Starbucks app for iOS were being held in clear text, this one had a similar experience with Starbucks taking time to answer the disclosure from the expert, see the article here.

Starbucks mentioned the word ‘fraud’ when talking with Homakov rather than understanding that a responsible expert may have just saved them millions of pounds and saying thank you.

Personally I think he should be rewarded with at least a years free coffee, at $1000 it would seem a small price to pay.

You can follow me on Twitter @TonyatAVG

 

 

 

 

Panda Security

Watch out! A simple Arabic text message can crash your iPhone!

iphone 6 plus

Do you have an iPhone? Yes? Well, then the following news may be of interest to you!

A new security flaw has been discovered in iOS, Apple’s operating system. This vulnerability affects iPhones running iOS version 8.3, although other versions could also be affected.

According to the BBC, a specially crafted text message can cause vulnerable devices to crash and reboot. More precisely, the malicious message, containing Arabic characters, causes iMessage to crash and the iPhone to reboot.

sms iphone

Apple is aware of the issue and has announced they will make a fix available in a software update. We’ll keep you updated with any new developments!

The post Watch out! A simple Arabic text message can crash your iPhone! appeared first on MediaCenter Panda Security.

AVG

Fake IRS claims: What happens when data falls into the wrong hands

Over the past 18 months we have witnessed monumental data breaches affecting tens of millions of users. As consumers though, do we worry about what happens to our leaked data?  Are attackers aggregating it with other sources, are they applying for credit in my name or even using medical services?

We should be concerned and the latest disclosure from the I.R.S. demonstrates what can be done when  attackers gain access to our valuable personal information. Using Social Security numbers, dates of birth, home addresses and other personal information, cyber criminals have accessed over 100,000 past tax returns.

Once they have the past return, they can file a new return with new data including the refund destination account. As a result, the IRS issued $50 million in refunds before detecting the intrusion method.

Fraudulent tax claims are nothing new to the I.R.S. In 2013 the agency paid out a massive $5.8 billion in falsely claimed refunds. IRS spokesperson, John Koskinen, said “These are extremely sophisticated criminals with access to a tremendous amount of data.”

Cyber criminals have amassed a huge amount of data through the many data breaches but also through our own propensity to share our data without due consideration. The IRS has successfully put a stop to this particular form of attack, but  with so much data available, it’s only a matter of time before the bad guys work out another way to make fraudulent use of it.

 

What can you do to protect against identity theft?

Avoid Cold Calls: If you don’t know the person calling then do not hand over payment or personal details. If in doubt, hang up and call the organization directly to establish you are talking to legitimate operators.

Set privacy Settings: Lock down access to your personal data on social media sites, these are commonly used by cybercriminals to socially engineer passwords. Try AVG PrivacyFix, it’s a great tool that will assist you with this.

Destroy documents: Make sure you shred documents before disposing of them as they can contain a lot of personal information.

Check statements and correspondence: Receipts for transactions that you don’t recognize could show up in your mail.

Use strong passwords and two factor authentication: See my previous blog post on this, complex passwords can be remembered simply!

Check that sites are secure: When you are sending personal data online, check that the site is secure – there should be a padlock in the address or status bar or the address should have a ‘https’ at the start. The ‘s’ stands for secure.

Updated security software: Always have updated antivirus software as it will block access to many phishing sites that will ask you for your personal data.

 

If you believe that you have been affected by a data breach, be sure to take out any identity protection service offered to you as compensation. These services scour the Internet looking for your data being misused or sold.

 

You can follow me on twitter @tonyatavg

 Title image courtesy of dineshdsouza

 

 

 

Panda Security

Scams have arrived on Instagram, watch out!

For several days now we have been seeing many brands promoting their Instagram accounts with contests and giveaways. But sadly, once again, this is a scam! The Spanish National Police has warned about it through their Twitter account.

The alleged prize are gift brochures to spend on these clothes shops. To be able to win them you just have to follow that account and share it in your Instagram account.

michael kors instagram

Tips to help you distinguish a fake Instagram account from an official one

  • Check its description
  • See if it has publications
  • Confirm the accounts it follows

Here you can see some examples:

springfiel instagram oficialspringfiel instagram falsa

Despite having seen this scam in Spain, we wanted you all to know, because we can find examples of these scams all over the world, so please be cautious, there is not such thing as a free lunch!

The post Scams have arrived on Instagram, watch out! appeared first on MediaCenter Panda Security.

AVG

Google introduce new Chrome extension rules to help protect users

Google has just introduced new rules for Chrome extensions to help crack down on unwanted and malicious extensions by only making Chrome extensions available via the official Chrome Store.

According to their blog post announcement, Google’s test phase for the rule saw a 75% drop in users complaining about unwanted extensions. Google wrote:

“We originally did not enforce this policy on the Windows developer channel in order to allow developers to opt out. Unfortunately, we’ve since observed malicious software forcing users into the developer channel in order to install unwanted off-store extensions. Affected users are left with malicious extensions running on a Chrome channel they did not choose.”

The move to a centralized marketplace for extensions is a great way for Google to establish quality control for Chrome extensions, just as it and Apple have with their respective app stores.

Chrome extensions are a great way to customize and optimize your browsing experience. For example AVG’s Crumble extension blocks online trackers and cookies allowing you to surf without surveillance.

You can install the extension for free from here: Crumble Chrome extension.

Checking which extensions you are using is very easy to do.

How to check which extensions you are running

Checking which Chrome extensions are active is quick and easy. Within Chrome, open the menu in the top right and select More Tools. Select Extensions from the menu.

Here you can view which extensions are currently running, add and remove extensions.

Chrome Extensions

 

AVG

Google introduce new Chrome extension rules to help protect users

Google has just introduced new rules for Chrome extensions to help crack down on unwanted and malicious extensions by only making Chrome extensions available via the official Chrome Store.

According to their blog post announcement, Google’s test phase for the rule saw a 75% drop in users complaining about unwanted extensions. Google wrote:

“We originally did not enforce this policy on the Windows developer channel in order to allow developers to opt out. Unfortunately, we’ve since observed malicious software forcing users into the developer channel in order to install unwanted off-store extensions. Affected users are left with malicious extensions running on a Chrome channel they did not choose.”

The move to a centralized marketplace for extensions is a great way for Google to establish quality control for Chrome extensions, just as it and Apple have with their respective app stores.

Chrome extensions are a great way to customize and optimize your browsing experience. For example AVG’s Crumble extension blocks online trackers and cookies allowing you to surf without surveillance.

You can install the extension for free from here: Crumble Chrome extension.

Checking which extensions you are using is very easy to do.

How to check which extensions you are running

Checking which Chrome extensions are active is quick and easy. Within Chrome, open the menu in the top right and select More Tools. Select Extensions from the menu.

Here you can view which extensions are currently running, add and remove extensions.

Chrome Extensions

 

Panda Security

According to PC Magazine Panda FREE is the best free antivirus for 2015

We bring you more great news! If a week ago we told you that we had achieved 100% detention rate according to AV-Comparatives, now we want to share with you that PC Magazine has listed Panda FREE as the best free antivirus for 2015.

best free antivirus

They highlight how easy to use it is, its quick install and that it provides “excellent lab results”.  PC Magazine says the best way of not having malware is to avoid downloading it and points out that Panda FREE has two ways of protecting you against these malicious downloads:

  • Blocking all access to known malicious URLs.
  • Scanning all the files downloaded, and eliminating the malicious ones immediately.

PC Magazine has chosen Panda FREE as their “Editors’ Choice”, and assures that Panda offers the best features of commercial antivirus according them and other independent labs.

Would you like to try the best free antivirus for 2015?

The post According to PC Magazine Panda FREE is the best free antivirus for 2015 appeared first on MediaCenter Panda Security.

AVG

Help protect your family with AVG’s new VPN from Privax

As a father of three, I understand the difficulty of raising children in an increasingly online world. This first-hand experience made it even more pleasing to stand in the offices of AVG’s newest acquisition, a privacy and protection technology company called Privax, and to welcome all their employees officially to AVG.

Privax is behind a fantastic service called HMA! Pro which is a virtual private network (VPN) product that allows consumers to connect their mobile and desktop devices to the Internet securely and privately. It’s a great tool to ensure that personal data remains just that – personal data. VPNs give people more control over what information about themselves they are comfortable sharing and what they would prefer to keep to themselves when communicating, purchasing or searching online.

AVG understands that you are concerned about your privacy and this acquisition is part of our continued commitment to offering the best protection and privacy products available. It’s our goal to give you peace of mind when you go online on your mobile as well as your desktop devices. You’ve told us that you value choice when managing your own privacy settings, and for those with families, this is even more important as you look to protect your children online.

Research we carried out earlier this year with the Mobile Ecosystem Forum showed that 49% of people surveyed in 10 countries said trust prevented them from downloading or buying online, or using some or all apps from their mobile device. We also found that 72% were not happy sharing personal data with apps – compared with 65% last year.

Therefore, at Mobile World Congress earlier this year, our CEO, Gary Kovacs, made a public commitment to provide smart tools to help our customers reassert their privacy. This acquisition takes us one step further towards fulfilling this promise.

Video

Gary Kovacs Keynote at MWC 2015

 

Customers can already use our existing privacy services including AVG PrivacyFix and the Do Not Track feature of our secure search. Privax’s HMA! Pro will give you another option by helping you enjoy your favorite online activities in a safe and private environment that you can tailor to your personal sharing preferences and without compromising your privacy.