Tag Archives: News

AVG

Is our data ready for the wearable health revolution?

This week MEF issued a report on the use of wearable devices in the health sector, both relating to personal consumption and also when recommended or used by health professionals.

According to the report, “the global health and fitness app market is currently worth $4 billion, and is predicted to be worth $26 billion by 2017”. This means that we’re going to hear a lot more about health wearables in the future.

The biggest selling point for wearables is their convenience. They can passively track our activity, pulse and other vital data points that allow us to make health and lifestyle decisions.

Imagine a future where a patient that needs frequent monitoring for diagnosis can go about their daily routine while a wearable tracks and transmits their data back to the doctor for analysis.

This remote diagnosis is potentially an incredibly simple way to provide doctors with the information they need without waiting time, travel time and consultation time.

There have been some very interesting developments in this area over the past year as well, with Google researching contact lenses that measure blood sugar to the use of wearable camera technology used in surgery so a remote surgeon can assist.

MEF’s report also showed that the adoption of wearable technology in health is lower in Western countries and some of the lowest is seen in Germany and France.

I believe that patients in these countries are more aware of data security and privacy risks having seen many data breach stories in the news over the last few years.

Trust and data security are fundamental to the success of mHealth. Wearables are blurring the lines between recreational and medical data.

By law, medical data needs to be encrypted and authenticated (HIPPA in the USA for example) but recreational data as captured by most wearable devices does not.

Moreover, manufacturers of wearable fitness trackers and other activity monitors are not operating in a regulated market and companies could be using this data in ways that we neither agree with nor understand (even though it may be in their policy documents).

If commercial companies are to hold data that we really only expect medical companies to hold then maybe the regulations should apply to them as well.

While it may be boring, I would recommend reading the privacy policy and terms of use of anything collecting what is very personal and sensitive data and making a choice on whether you want to share this data.

AVG

AVG Named Top International Security Company to Watch

Research and market intelligence firm Cybersecurity Ventures recently released the results of the “CyberSecurity 500, Hot Cybersecurity Companies to Watch in 2015”.

The Cybersecurity 500 is an impartial list that ranks security company’s based on merit according to the selection criteria. 

Criteria include customer base, company growth, product reviews, media coverage and event attendance.

 

Top international company

With headquarters in Amsterdam, AVG  was the top ranked security company in a growing international field. With 22% of the Cybersecurity 500 listed companies based outside of the US the cybersecurity industry is continuing to show strong growth.

According to the latest Cybersecurity Market Report, The Cybersecurity industry is growing from $71 Billion in 2014 to $155+ Billion in 2019.

With 200 million active users and counting, it’s clear that AVG is in a very strong position to help secure devices, data and people across the globe.

Cyber Security 500

The importance of mobile

Founder and CEO of Cybersecurity Ventures Steve Morgan explained that  AVG’s mobile user base was a major factor in achieving such a high ranking.

“Half of AVG’s active customers are using their software on mobile devices. That’s 100 million mobile users, which makes AVG a top competitor in an exploding market for iOS and Android security.”

If you have an Android device, protect it with AVG for free now.

For more tips on keeping your Android device safe, check out our AVG Academy video:

 

Video

Securing Your Android Device

 

 

 

Panda Security

The White House has been hacked

White House hacked

White House deputy national security adviser Ben Rhodes informed about a cyberattack to the White House.

Rhodes told the CNN that hackers gained unauthorized access to the computers non-classified systems and sensitive information, though their classified systems weren’t compromised.

Rhodes wouldn’t confirm or deny if the attack was carried out by Russian hackers or when it happened, but he hinted that it hadn’t been recently. (Wasn’t in the salt couple of days)

Without going into details, during his report he commented that a series of security measures to evaluate and mitigate the damage have been taken.

The post The White House has been hacked appeared first on MediaCenter Panda Security.

AVG

A lesson in online identity

This week I noticed two news stories that brought this advice to mind.

The first involves the popular dating app Tinder, where a developer exposed a serious security flaw to trick men into flirting with each other, thinking they were talking to a woman.

I am sure you can imagine the type of messages that went back and forth and the anger when men realized that they were talking to other men looking for women.

The developer claims that he created the hack to highlight the harassment that women often face on dating apps.

The second story is rather amusing but also very serious, a convicted fraudster escaped from prison by tricking prison officers with a fake bail email.

Using a mobile phone, Neil Moore created an email account belonging to a fake domain closely resembling the court service’s official address. He then emailed the prison’s custody inbox with instructions of his release.

Authorities only noticed Moore was missing three days later when lawyers turned up to interview him. Fortunately, he later turned himself in and was charged with “escape from lawful custody” where the judge described the behavior as ‘ingenious’ criminality.

There’s a chance that you’ll think these stories are quite amusing, which of course they are, but both have different but serious consequences.

When we communicate with others online it’s important that we validate them in the same way we would in real life. We scrutinize people’s behavior and appearance to make an informed decision on trustworthiness and character.

You of course can’t look someone in the eye on the Internet, so it’s doubly important to scrutinize their credentials (email addresses, user names etc) and their behavior (what they are asking of you and what they claim).

Perhaps that’s a lesson that the folks at Her Majesty’s Prison Service could do with learning.

Follow me on twitter @tonyatavg

AVG

World Back Up Day: Five Tips for choosing a Cloud Storage Provider

Billions of people use the Internet every day. We use it to work, play, create and share memories. World Back Up Day is an annual reminder to protect our most precious files from being lost forever.

After all, what would you miss if you lost everything?

Cloud based back up services are incredibly cost effective and most allow you to access your files from anywhere in the world.

So if you’re ready to celebrate World Back Up Day, I have five tips on how you can pick a secure cloud storage service.

Is it for business or personal use?

There are plenty of free options, before you trust a service with your personal or critical business files you should make sure it is reliable and secure.

What type of files are you storing and why?
Different cloud services offer various features and options that might suite your particular need. For example video or photos back up.

What level of encryption do they offer?

Does the cloud storage service offer encryption? If the provider is hacked, your data will be vulnerable. If the provider don’t provide encryption then you should consider encrypting it yourself before you upload.

Are there additional security features?
If possible, use additional security features like two-factor authentication and login notifications to help prevent unwanted breaches.

Do you have adequate backups?
Don’t rely on a single backup, especially for your critical files. You should also backup regularly.

 

Until next World Back Up Day, stay safe out there.

AVG

Heartbleed: One Year On

When news of the Heartbleed vulnerability broke this time last year, it was a watershed moment for the Internet and especially for security.

OpenSSL, the fundamental layer of encryption used by major websites around the world, was found to be flawed. Through a specific type of attack, a victim’s personal data including passwords, financial credentials could be stolen.

While the discovery of a vulnerability in OpenSSL didn’t come as much of a surprise to those who work in the security industry – after all, completely secure code is a rarity. Instead, the shock was the extent of the vulnerability, with around 60% of the entire web at risk.

Now, a year on, I’d love to be able to say that we’ve learned many lessons from Heartbleed and that the web is now a more secure place. Sadly, it’s not as simple as that.

Public awareness remains a major issue for Internet security. Recent research from password security developer Dashlane indicates that a year on, 86% of American’s have not heard of Heartbleed.

Dashlane spoke to AVG’s Chief Strategy Officer, Todd Simpson, about their results.

Video

The State of Online Security One-Year After Heartbleed

 

However, awareness is just one issue. Months after Heartbleed broke, I wrote of several further vulnerabilities in OpenSSL that had also emerged. Although each vulnerability discovered is theoretically a vulnerability fixed, it highlights the fact that this is still much work to be done. This is particularly true of open source software.

Open source software has several major benefits and will be around for a long time yet, but vulnerabilities such as Heartbleed demonstrate that there is risk and responsibility for all of us to protect the systems we have come to rely on.

Why has there been so little progress in securing OpenSSL and similar open source systems since Heartbleed appeared?

In my opinion, the issue lies within the very nature of open source software. OpenSSL is incredibly useful and has been adopted throughout the world, but how many people pay for OpenSSL, or donate time and money to keep it functional and secure? Not so many.

The OpenSSL Project does a great job finding and fixing vulnerabilities when they appear but in order to truly move the dial for Internet security, we need more investment.

Right now, the hands of the world’s online safety is in the hands of only a few coders working in small teams. That simply won’t do.

In April last year I wrote a blog highlighting a number of ways that we can all work together to improve the security of open source software.

Ultimately, it comes down to the fact that vulnerabilities will always exist; it’s up to all of us to take responsibility for our security.

Panda Security

How to withdraw money safely without a credit card

We have been warned many times, advised to hide the hand while dialing our secret number when withdrawing money from an ATM. However, cloning credit cards or phishing is a criminal offense that doesn’t require the cybercriminal’s physical presence to access numbering scheme, expiration date and CVC number.

The methods used by criminals include, fake emails from the alleged entity asking to change the passwords or enter the pin, or hacked POS terminals which transfer the customers banking information. Once duplicated, card can also become a commodity between criminals, dealing with them in an online black market.

Neither the traditional magnetic stripe nor the latest chip installations have managed to slow down cloning. This latest technology seemed promising: it generates a unique code for each transaction, which hinders fraud.

credit card

Nevertheless, security experts at Cambridge University demonstrated that data phones and ATMs fail when producing random numbers. Actually, it can be predicted applying the needed methods.

Banks are looking for alternatives to protect their customers from possible attacks. The latest idea is eliminate credit cards (if something creates problems, what a better solution than to wipe it away) and replace them with mobile phones. If we are already able make transactions with our smartphone, why wouldn’t we be able to withdraw money?

BMO Harris Bank, one of the subsidiaries of Bank of Montreal Canadian, has launched the biggest ATMs network that uses this new system. In order to use them you don’t need to remember any password, or cover your hand while dialing the pin with the other one.

smartphone

The entity’s customers only have to take out their mobile phone, download and register in to the banking application Mobile Cash. What follows it is nothing like the traditional method, of pressing the machine’s keys or the screen.

The app asks the user the amount he wants to withdraw and only saves the banking details during the communication with the ATM, where he must select the option Mobile Cash.

Then the machine generates a QR code, like the ones airlines or concerts halls use. Simply hold the smartphone so it reads the QR code and automatically orders the withdrawal.

bank app

Those who are for this system, maintain that it will speed up transactions and it ensures safety, since the mobile tool doesn’t store any banking information on your phone permanently.

A cybercriminal has to access your mobile phone and get the password you use in the banking application to freely manage the money in your account. Although some banks believe this is not an easy process, the issue may raise a number of concerns.

Every day we discover new cases of apps that without the user’s permission access certain personal data, information stored on other features and smartphones vulnerabilities and backdoors. How can an application guarantee complete security?

Withdrawing money through our smartphone is still not available worldwide. But when the possibility arrives we will have to analyze the possible consequences it may carry. Convenience and speed in transactions are not the only things that matters.

The post How to withdraw money safely without a credit card appeared first on MediaCenter Panda Security.

Panda Security

Do you use uTorrent? Careful with what it installs in your computer!

pc with torrents

If you love downloading things of the Internet, probably you know uTorrent, one of the most famous clients of BitTorrent, which allows us to download files quickly and free. In spite of the annoying banners that constantly accost users. There are many webs where you can check how to eliminate these sponsored advertisements.

Nevertheless, Bit Torrent, with 150 millions of users per month, suffered strong reviews in the last few days because of their latest update design. As one user explained in the uTorrent forums, they had installed new software, without warning him. He only realized it when he saw that his processor was consuming more resources than it should.

In this particular case, the program that sneaked into his computer was EpicScale, a mining bitcoins software. To those who don’t know how the Cryptocurrency works, mining is the process that replaces currency issuance. Users offer part of their computer resources for the community’s benefit and then obtain some cryptocoins.

uTorrent

After the first message, many more users protested, ensuring that EpicScale was installed on their computers without them knowing it. Bit Torrent, uTorrent’s parent company, confirmed the service’s inclusion in the last update, but assures the users were notified. “We have reviewed the issue closely and can confirm there is no silent install happening…. Most likely these users accepted the offer during install,” the company explained.

Therefore, or users are mistaken or there is a lack of transparency in the system. After revising the whole process experts at Trusted Reviews concluded that because the system design, users were misinformed. Now, they don’t dismiss that the problem may be due to a faulty installation. So if you are uTorrent user check if it has also installed EpicScale and, if you want, remove it so it stops consuming your computers resources.

Some users stated that they couldn’t uninstall the program completely with the Control Panel feature “Add/ Remove Programs” nor erasing the program’s data. One of the recommendations already spreading through the Internet is to uninstall EpicScale with the help of CCleaner.

bitcoins

Another option is logically stop using uTorrent. Torrent Freak has already included a list of ten possible alternatives that you can use if you want to abandon this P2P client and continue downloading “torrents” safely: qBittorrent, BitTornado, Vuze or Tribler are some of the options available to continue downloading.

What can we draw from this? It is always advisable to read carefully all the steps in the installation wizard, just in case anyone tries to sneak a service partner, to consume your resources or for other purposes.

The post Do you use uTorrent? Careful with what it installs in your computer! appeared first on MediaCenter Panda Security.

Panda Security

CSI: Cyber. A Fake Cyber Security TV Series?

csi

It was bound to happen. The latest episode in the popular CSI series had all the ingredients to be not very faithful to reality. If we already far from credible elements in the versions of Las Vegas, Miami, and New York, what can we expect from ‘CSI: Cyber’?

In this occasion, the characters are part of the FBI’s Cyber Crimes Division.

The series premiered on March 4, 2015 on USA, and a day later worldwide. The team, led by Oscar winner Patricia Arquette, work to solve computer-related cases.

The relationship between the franchise CSI and technology has never been good. After fifteen years of fiction, they still surprise us with some of the techniques used to solve crimes. Just think how do they are able to expand images and still get spectacular resolution, which in real life would be magical.

But introducing cybersecurity elements into CSI’s typical plot hasn’t improved things. As some experts in the subject had suspected, the series has enough details to pull our hairs out, and it is not very useful if you want to learn something about cybersecurity.

Just by watching the pilot episode we can verify how much ‘CSI: Cyber‘ distorts the industry reality. Spoiler alert: from here on, there might be some spoilers of the first episode!

In one of the scenes we can see two of the experts analyzing the code searching for something suspicious, and how they find it right away. No wonders: The code is written in green over a black screen except where the malware is (barely) hidden, that is in written in red.

In addition, everything happens at tremendous speed. They are able to discover the hacking of a baby monitor based on vulnerability in the manufacturer source code in just half an hour.

As if that wasn’t enough, cybercriminals have brilliant minds, and also, twisted. In the first chapter, they create such a complex encryption key that in order to remember it they had it tattooed! Typical, isn’t it?

This first chapter is peppered with many other details that drag computer security experts through the mud. For starters, the FBI’s Cyber Crimes Division is led by a psychologist (Patricia Arquette) who hunts cybercriminals driven by one bad experience she had years back.. Maybe no expert in this matter was able to lead this Division…

It is true that we have still the whole season to finally find out if ‘CSI: Cyber‘ deals with cyber security in a more realistic way than in the first episode. In the first episode the experts manage to geo-locate the suspects through just an IP address (something that maybe a good cybercriminal won’t allow), or hacking an Xbox, what else awaits us?

Something that we can actually learn from the series is the Internet of Things, something so useful that helps us monitor every aspect of our live, also carries certain risks. As soon as something is connected to the network, it is potentially vulnerable. Anything: your baby monitor, your home’s thermostat or your toothbrush.

The post CSI: Cyber. A Fake Cyber Security TV Series? appeared first on MediaCenter Panda Security.

AVG

New ransomware targets gamers

CryptoLocker, the notorious ransomware that shot to prominence in 2013 is back and this time it is targeting gamers.

Reports suggest that the new malware targets several popular games including World of Warcraft, League of Legends and Minecraft.

What is ransomware?

The whole premise of ransomware as an effective malware attack is removing the victim’s access to important or personal files.  It encrypts certain files on your system and then extorts a ransom to unlock them.

Why is malware targeting gamers?

Gamers have become targets for malware writers as they can spend hundreds of hours playing and enjoying a game. Once the game files have been encrypted, the victim will lose access to these files, along with all the progress and achievements they may have unlocked.

How can you stay safe?

There are many things that you can do to help keep your online accounts, including gaming accounts secure.

Don’t share accounts

This is simple advice, and one that game companies often reiterate. No matter how long you’ve been playing with someone online that you don’t know in person, never hand over your details or control of your account. This recent example is enough to discourage you!

Two factor authentication

Just like with other important online accounts such as banking, many online gaming services have introduced two-factor authentication as an additional layer of account security; Blizzard being one of them.

If you’re a gamer, investigate whether or not the games and services you enjoy offer this form of protection.

Download security software

Having up-to-date security software is one of the most important measures we can all take to protect ourselves from malware and online fraud. It can check for malicious links and attachments and help protect your machine from malware.