Tag Archives: News

Panda Security

ICSA stands out Panda Security for 15 years of excellence

icsa labs

The good performance and the excellence of Panda Security has been recognized by ICSA (International Computer Security Association) because of having received quality certifications on their products for the last 15 years.

Panda Security received the 15 year ICSA Labs’ Excellence in Information Security Testing (EIST) Awards which recognizes Panda’s “outstanding achievements” maintaining the quality certification of their products during these 15 years.

Stephen Gaus, ICSA Labs Business Development gave the award to Luis Corrons, Technical Director of Panda Labs during the RSA 2015 Conference in San Francisco.

luis corrons icsa

This distinction recognizes the resources, dedication and efforts invested by Panda Security to maintain this certification. Also highlights the “willingness to persevere the quality” of their products to benefit their customers and the security universe.

Congratulations to all! :)

The post ICSA stands out Panda Security for 15 years of excellence appeared first on MediaCenter Panda Security.

Panda Security

Cyber-attacks made it into the Global Risks TOP 10

computer office
Almost every day, we hear news about cybercriminals leaking confidential information, cyber-attacks to the media, massive cases of phishing or WhatsApp scams.

That’s why for the first time risks from cyber-attacks are part of the TOP 10 Global Risks, ranked ninth according to Aon Risk Solutions, Aon plc global division of risks management.

The participants in this survey pointed out that brand damaging and maintaining the company’s reputation is what organizations fear the most. The online risks’ “increasing importance” is linked to the consequences a company may face when its sensitive information has been compromised.

This survey confirms what the Global Risks Report 2015, elaborated by the WEF, had already reported, including cyber-attacks within the most pressing dangers of the future. Stating that companies should consider cyber security as priority.

This is confirmed by experts and data. If PandaLabs described the year 2014 as the year of massive cyber-attacks, we are sure we will see an increase of this types of threats during this year and the ones to come. That’s why if you want to protect your company’s servers and endpoints try our solutions for business and you will sleep a little more soundly at night.

The post Cyber-attacks made it into the Global Risks TOP 10 appeared first on MediaCenter Panda Security.

AVG

Can a plane be hacked and controlled through inflight Wi-Fi?

A number of leading publications jumped on the report and within hours, it had become a viral sensation.

Like most, when I first saw the article I had a brief moment of serious concern, especially as I travel frequently on business. On further consideration, I decided to investigate further as there is extensive regulation and compliance in the aircraft industry.

We have seen many industries struggle with security as more services move to digital and connect to the Internet of Things. One example is the medical industry where devices handle sensitive data. This article in The Atlantic gives a great summary of the points.

So based on what we’ve seen in other industries, would a vulnerability on an aircraft seem farfetched? Probably not.

However, as I mentioned, aviation is a highly regulated industry with security standards and safety at its core. It would therefore surprise me if someone left the backdoor open and the aircraft’s avionics were accessible through the Wi-Fi.

The following diagram is probably what made this report go viral.

Plane Wi-Fi

 

The government report and its diagram may be highlighting an area of concern but according to Dr Phil Polstra, as stated in a Forbes article ‘The GAO report was put together by people who didn’t understand how modern aircraft actually work’.

Based on Dr Polstra’s comments and his credibility as an expert in this area I think we can rest assured that the frightening nature of the article that went viral is a false alarm.  The real risk here is someone publishing a report when they may not have fully understood the subject matter.

I will be getting on a plane soon and will not be concerned that the person in the seat next to me might be hacking the flight system. However, if they could adjust the temperature and lighting around my seat, that would be useful.

Follow me on twitter @tonyatavg

Title image courtesy of ArsTechnica

Panda Security

When Minecraft Meets IT Security

 

minecraft panda

The phenomenon that is Minecraft began life back in 2009 as a sandbox construction game and has grown into one of the most popular games in history with hundreds of millions of players all over the world interacting via computers, consoles and mobile devices – there is even a dedicated version for the Raspberry Pi where programmers are encouraged to modify the game code for educational purposes.

Video game merchandise based around the Minecraft world tops the UK charts for sales in 2014 and over 2 million Minecraft books were sold in the UK last year.

The fan-base have created extraordinary objects and landscapes including a 1:25 scale Ordnance Survey map of the UK, a working 16-bit computer and a plan for a life size model of the British Museum is underway.

There are YouTube channels dedicated solely to Minecraft and top vloggers such as Stampy (@stampylongnose) who dedicate their lives making Minecraft adventures to show their millions of followers – with nearly 4 billion Minecraft videos viewed on YouTube every month.

The beginning of a single-player game of Minecraft is ensuring your character ‘Steve’ survives after being dropped alone into a digital world with empty pockets. ‘Steve’ must mine the resources needed to build a home and craft tools to protect him against the monsters which come out in the dark.

minecraft

This process parallels the need to protect a new computer or mobile device before it is exposed to cyberthreats – the very first thing you should do is gather security resources and craft them into protective walls and tools against the ‘monsters’ from the dark side of the Internet.

Minecraft users are well aware of these threats as recently an unpatched vulnerability, first reported to Mojang in July 2013, was published allowing Minecraft servers to be crashed

Back in January 2015 nearly two thousand Minecraft users had their login credentials leaked online with the hackers stating they had many more. How the hackers obtained the credentials is unknown with possibilities ranging from blunt force (zombie mob) guessing of credentials, targeted phishing attacks (skeletons), or even a security breach (Ender Dragon) at Mojang itself – something which the Microsoft owned software developer has since denied.

Other monsters and environmental dangers within Minecraft are also analogous to the various types of cyberthreats including:

  • Pervasive Creepers are the explosive old-skool malware simply out to cause destruction.
  • Pools of lava and rock falls can appear at any time while mining just as a drive-by vulnerability of a compromised website can infect your device while browsing.
  • Falling into a pool of lava will not only kill you, but also cause the loss of all the precious objects and clothing being carried – ensure you back up your important files to provide extra security against destructive malware and ransomware.
  • Dual threats come from Spider Jockeys similar to a vulnerability allowing malware to silently infiltrate the computer – the vulnerability must be patched and the malware cleaned to ensure enemy is vanquished.
  • The largest and most complex Minecraft threat is the Ender Dragon which uses a multitude of attack methods similar to modern Advanced Persistent Threats (APTs) – only a layered security approach, user vigilance and auditing tools (or a very heavily armed ‘Steve’) can mitigate.

Luckily there are numerous security tools that can stop these monstrous problems interfering with the smooth-running of your digital life:

  • The Antivirus and firewall are your house and walls stopping the majority of everyday threats.
  • Proactive cloud-based detection is your armour protecting you wherever you go against new and unknown threats from all directions.
  • Specific security tools are your sword, pick and shovel in the forms of virtual keyboards, application control and USB vaccines.
  • If you are lost within the labyrinth of caverns then Mobile Device Locators are your map and compass, and antitheft may restore your resources when stolen by monsters.
  • A lightweight security solution which protects without impacting on your device performance will allow you to carry all you want – Imagine discovering a huge seam of diamonds without being able to carry an iron pickaxe as your pack is full software bloat.

Panda Security offer a variety of free and paid for solutions for consumers and businesses to protect you against the cyberthreats visit Panda Security for details.

Neil Martin – Head of Marketing at the UK & Ireland arm of Panda Security

The post When Minecraft Meets IT Security appeared first on MediaCenter Panda Security.

Panda Security

Amazon-Gift: the latest virus in WhatsApp

whatsapp virus

We are always saying that WhatsApp is the favorite platform for cybercriminals to play around. And if we add the name of a giant like Amazon, the scam is bound to be a success.

The Trojan known as Amazon-Gift tell users through a WhatsApp message that both companies have joined and they are offering a gift-card. And if the user wants to obtain the check he must click on a link.

According to Tecnoexplora, this hoax is expanding through Asia and it won’t be long until it reaches the rest of the world.

But cybercriminals have gone a little further, urging users to click quickly if they want to be one of the lucky customers to win the prize as there are only 18.000 gift cards available.

The prize is none other than a Trojan that will infect your mobile phone and add it to a network from which other cyber-attacks will be launched.

So, now you know if someone sends you an Amazon-Gift forget it and don’t click on the link!

The post Amazon-Gift: the latest virus in WhatsApp appeared first on MediaCenter Panda Security.

AVG

‘Future Crimes’ – A New Book That Takes on the Future of Cybercrime

“If you control the code, you control the world. This is the future that awaits us.”
– Marc Goodman

As anyone who reads this space knows, I’m a big fan of the Internet of Things, and yet equally worried about security in this brave new world.

A new book “Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It” emphasises these points and makes some suggestions.

What struck me is that many of what crimes Goodman labels as “future crimes” are already happening all around us. From the recent ISIS hack of French TV station to the epic hacks of the past year on major brands from Sony to Target, Home Depot and Chase. We’re definitely already at the intersection of connected technology and cybercrime.

“We’ve gone ahead and wired this world but failed to secure it,” Goodman said in a tweet. “We can but it’s going to be hard.”

Goodman writes about identity theft, stolen data, smartphone hacks, and speculates worryingly about the future. He sees this getting worse, of course, with the advent of smart houses, smart cars, and an increasingly wired world.

The recent wave of cybercrimes illustrates his warnings, and is one of the reasons it’s become a hit. The book was rated as Amazon’s Best Book of the Month in March and is a bestseller on the New York Times “Crime and Punishment” list.

When he writes about the future of technology, from smart pacemakers to 3-D technology, and the shadowy figures out to exploit the weaknesses of these devices, it can read like science fiction. But, as we’re fully aware at AVG, a connected future is rapidly approaching and it’s reality, not fiction.

Goodman does offer some positives, which is what made the book interesting to me: Without action this would be a litany of gloom and doom. He suggests the sharing of information between public and private sectors, something President Obama has been strongly advocating. Goodman also envisions  a “Manhattan Project” type organization combining the best and brightest from the private and governmental sector.

Goodman also says it is crucial to increase the technical knowledge of ordinary people, who use technology on an everyday basis. I think this is a very good idea. From our Clinton Global Initiative Smart User Mission to our Magda and Mo ebook series for children, at AVG we view it as part of our mission to we teach internet safety to the new generation of users coming online.  As Goodman points out, being tech savvy is only going to increase in importance.

AVG

Wear Red for Pay Equity

Today, April 14, is National Equal Pay Day, which is designed to highlight the issue of gender/pay gap.

Why does National Equal Pay Day fall in the month of April? Because that’s how far into the year it is estimated that a woman must work to earn what a man earned in the previous year! Pay-equity.org is urging supporters to wear red today to symbolize how far behind women and minorities are in their pay.

We have a long way to go, inside and out of tech on this issue. As has been reported by the Government’s Department of Labor, overall women who work full-time still make 78 cents for every dollar a male counterpart makes. You can see details here. This despite the fact that the Equal Pay Act was enacted in 1963! (Ironically, at the height of the Mad Men era.)

AAUW (American Association of University Women), one of the champions in the fight to end wage discrimination, notes that for some inexplicable reason, there is a 7% difference in the earnings of males and females just one year after they graduate college. AAUW also reports that in 2013, the disparity is even greater for Hispanics, African Americans, American Indian and Native Hawaiian women.

Furthermore AAUW reports, “working mothers are often penalized for having children, while fatherhood generally tends to boost a man’s career.” In fact, the latter was the basis of my recent talk “Boardroom or Baby” at SXSW Interactive, which was designed to begin to tackle this issue.

The good (and sometimes painful) news is that pay rates and gender discrimination have been in the news a lot lately!

Earlier this year we applauded the Academy Award winning actress Patricia Arquette for her conscious-raising remarks at the Oscar bash. (See my earlier blog.)

And pay equity is a priority for the newly minted U.S. Presidential candidate Hillary Clinton – who weighed in on the topic at the Women in Tech Conference in Silicon Valley and said in her keynote, “She’s right — it is time to have wage equality once and for all.”

President Obama clearly supports fair pay. I’m just guessing, but I think as the smart son of a single working mother he saw first-hand how wage discrimination worked. In his tenure he has signed the Lilly Ledbetter Fair Pay Act and established the National Equal Pay Task Force. You can read more here about two new executive actions to help combat pay discrimination and strengthen enforcement of equal pay laws.

Then, there are the many recent lawsuits in the tech world that demonstrate how far we have to go in terms of pay and discrimination. (I won’t go into them here.)

Needless to say, it’s enough to make anyone see red. I think any fair-minded person, no matter what their gender or identity would agree.
So what can you do besides wear red today? You can get a free equal payday kit here with a lot of suggestions. And you can educate yourself. There’s an illuminating fact sheet supplied by AAUW.

Finally… as a woman, or a minority, or really as any employee, you should feel free to ask for a wage increase if you think you are due one! It’s amazing when you review the statistics of people who just don’t ask for a wage increase.

So, while I wouldn’t say National Equal Pay Day is really cause for celebration, we can use it to raise awareness. And you can wear red… I am.

AVG

Humans the weak link in alleged White House hack

Earlier this week, it emerged that Russian hackers have successfully managed to infiltrate the computer systems at the White House.

Given the highly sensitive nature of information held within any government’s systems, we have to assume that the breach is significant. Although full details of the breach have not yet been made public (and maybe never will) some news sources indicate that President Obama’s schedule was among the information accessed.

It’s hard to see America taking this intrusion lightly, given the history between the countries and I expect to see them double down on security in the coming weeks.

Some are asking questions of the US government’s security policies and rightly so. Although protecting such a vast network of computer systems is a very complex operation. I was not surprised to learn that the attackers gained access to the system via a form of “spear phishing” attack targeting the end user.

Governments, just like any organization, are only as secure as their weakest link. Sadly, when it comes to security the weakest link is always a human. We as people are susceptible to social engineering and as such can unknowingly undermine even the most sophisticated of security technologies.
All hackers need to know is who to target and how – and then they can start to build out a profile of their victim and work out how to target them. It can take a long time but it’s often worth the wait, especially in an attack like this.

It will be interesting to see how this plays out in the coming months.