Tag Archives: Panda Security

Panda Security

Antivirus For Mac: Is It Really Necessary?

Leave a comment

pandasecurity-mac-antivirus

The last few days have been intense for Apple fans. Last week, Apple’s Worldwide Developers Conference took place, where they presented the company’s new hardware and software. The “bitten apple” went into depth about their new operating systems for iPhone, Mac, Apple Watch and Apple TV but… what about security-related updates?

Following the horrible San Bernardino attack from last December, a controversial topic stemmed regarding the attacker’s iPhone. Apple’s case against the FBI initiated a dispute between user privacy and government access to personal data.

Meanwhile, other giants in the sector, like Facebook and Google, showed their support for Apple by promising to implement more effective encryption tools in the future. WhatsApp was the first to use end-to-end encryption.

Now Tim Cook presents a new file system called APFS, the Apple File System, which incorporates a new encryption system that gives developers multiple options like leave something unencrypted, encrypt it with a unique password, or encrypt it with multiple passwords. The Apple File System is already available online for developers and the new version will leave HFS system and improve security and data encryption.

Why is my Mac vulnerable to advanced threats?

Despite efforts of large security companies, the truth is that no operating system is 100% reliable. Apple computers are not the Macintosh systems that we once knew. Years ago, they had a safety-guarenteed reputation, with a different and solid operating system than others. At that time, hackers targeted computers with Windows operating systems, however, as Apple’s popularity has grown, so have the malicious-code-making hackers. Mac OS X is no longer impregnable and needs mac antivirus software.

In the recent PandaLabs’ Q1 report, experts discussed the latest threats directed specifically towards Apple operating systems. One example of this is the highly powerful ransomware based on Encoder, called KeRanger, which managed to infect Apple users at the beginning of 2016. We all remember the major Trojan attacker flashback and Browlock, also known as the Police Virus or Shellshock. All of the previously mentioned examples confirm that attacks on Mac OS X are growing.

While it is true that the number of threats in the Mac’s operating system are lower than other platforms (such as Windows) we must be aware of the importance of an effective antivirus for Mac in order to fully enjoy our Apple computers. Enough excuses, let’s start preventing viruses!

The post Antivirus For Mac: Is It Really Necessary? appeared first on Panda Security Mediacenter.

Panda Security

If You Add Extras to Your Web Browser = Extra Danger for You

Leave a comment

pandasecurity-browser-1

Web browsers are full of dangerous options that nobody uses. Most computers come with pre-loaded web browsers like Microsoft Internet Explorer, Mozilla Firefox, and Apple Safari, but these default web browsers are not configured for secure web browsing.

Anytime users are surfing the web, there can be a “variety of computer problems caused by anything from spyware being installed without your knowledge to intruders taking control of your computer”, as stated on the US-Cert website.

What may seem like a cool option for your Web Browser, could actually be a gateway for cyber-attackers that goes unseen to the average computer user. Sometimes “less is more”, and when it comes to computer security, the less entry-points a cyber-criminal has, the less we have to worry about defending ourselves.

There needs to be a complex balance between having freedom to use new technology functionalities, like web browser options, while at the same time, keeping the door shut to cyber-criminals.

But why download options if they are pointless? 83% of the latest browser functionalities are completely unnecessary, as revealed in a study from the University of Illinois. In fact, only 1% of the 10,000 most popular web pages use these features in some way, many of which do not even prove that they are useful.

83% of the latest browser functionalities are completely unnecessary.

A good example of this are the Ambient Light Events (ALS) that are designed so that websites perform differently depending on the levels of light that surround the device, and adapt the computer brightness to it. Although it sounds helpful, only 14 of the 10,000 websites that were cited in the study implement this and very few users are even aware that it exists.

 

pandasecurity-browser-2

 

Iframes is another story. It has become a very popular HTML element that is used in many different types of websites; interactive spaces on a web page allow users to insert part of another page onto their website (this is known as embedding). At least half of the most popular websites use this technology, and yet it is blocked 77% of the time due to security reasons. In 2013, hackers seeded Internet searches with malicious iframe code, leading to iframe overlay attacks on many prominent networks.” The majority of social networks have stopped using this program.

 

Something else that has caught our attention is vibrate API, which enables websites to manage features on devices… if they decided to use them. Today, only 1 out of the 10,000 most popular websites does this, but still, the features remain available, not only for legitimate developers but also for potential attackers who could use it for their own benefit, for example to spy your conversations (like they did here).

 

A cybercriminal could use the vibration of your Smartphone to spy your conversations

 

The difficult balance of taking advantage of available options while maintaining security seems is difficult to have, at least in regard to the browsers. To be protected, users better have a good anti-virus that is capable of stopping assailants if they get through these online-cracks.

The post If You Add Extras to Your Web Browser = Extra Danger for You appeared first on Panda Security Mediacenter.

Panda Security

Cybersecurity: An Opportunity For Digital Transformation

Leave a comment

pandasecurity-digital-transformation-1

Although it is not a buzzword quite yet, the reality is, digital transformation is already impacting our professional and personal lives. Not a day passes without the media telling us what “it” is, why “it” is necessary, while bombarding us with examples of companies that are immersed in “it”.

It’s a fact that our lives are becoming more digital. We buy, we work, we store information, and we even communicate with other people through media and digital platforms. Just as we protect our analogue lives, we must protect our online lives.

pandasecurity-digital-transformation-2

Security plays a key role as a facilitator for Digital Transformation. 64% of managers recognize that cybersecurity is one of the pillars of this transformation, and not without reason.

There are two ways we can see this challenge: as a threat or as an opportunity. To approach Digital Transformation as if it is a threat is exaggerated….apocalyptic. We don’t want to downplay these threats… of course they are real, they really are! But fortunately, everyday there are more and better tools to protect businesses and their digital lives.

The cyber-security industry offers a plethora of services and products that are cheap, accessible and effective, and as a result, users are going to be better protected during their Digital Transformation. The cloud has been a great facilitator by implementing this change, protecting all kinds of businesses, regardless of size and sector.

And the same happens with cyber-security in the framework of digital transformation. 43% of executives consider security as the first challenge to address when implementing digital transformation. After all, we cannot really be digital without being protected. Knowing how to take on these changes in a positive way is, without a doubt, a competitive advantage for any organization.

And how do we protect ourselves?

While the technology that positively impacts us grows, so does malware and cyber-threats. These developing threats have a high human component and adapt to the various changes and stoppers that the cyber-security industry has put into action to fight them.

Therefore, in order to fight these threats, human response is absolutely necessary. As humans, we have a great ability: we are adaptable (yes, although we are talking about digital transformation we must remember that we are people). Fortunately there are cyber-security solutions for your business that support last generation technology and are capable of combining adaptability and human component, while allowing you to achieve an extremely high level of security.

Whether we like it or not, digital transformation is creating a new era… changing how we do things, how we live … and we are already fully immersed into it. We have a great opportunity to be more effective, efficient, fast and agile. The technology is there. Let’s take the bull by the horns and learn to protect ourselves like we already do in our analogue life. We will not regret it.

The post Cybersecurity: An Opportunity For Digital Transformation appeared first on Panda Security Mediacenter.

Panda Security

That no-good-Tinder-match wants to steal your money!

Leave a comment

pandasecurity-tinder-botsMillions of people have been virtually stood-up by a potential partner that swiped left on the dating service, Tinder. To swipe left or swipe right—a decision made in an instant—is love in the times of the Smartphone…or so we think.

 

There is something that we didn’t take into account while using Tinder to find our future soulmates: many of our matches, and potential hook-ups, are actually robots that want to take us for all we’re worth. And unfortunately, these scammers are getting better and better at what they do.

 

Once they have established contact with their victim, the scammers use Tinder’s chat service to message their victim a link that will lead them outside of the app, usually to a premium service that takes users to a payment area (or any area where they may have to submit credit card credentials).

 

A seemingly less-dangerous variant of this scam encourages the victim to download some type of software, so that the bot’s creator can pocket some change for every visitor they deceive. In the worst cases, the download will contain a malicious code that might infect the victim’s phone.

Your “match” will lead you to a premium service area where you will have to pass through a payment page.

 

How can I detect them?

 

You will be able to recognize these scammers by the type of actions they attempt to carry out, like asking you to exit the app to an external private chat, tempt you with a better “glimpse of them” by asking you to pay for “their” videos or photos, or even try to play a game with you to see if you can beat them. They might attempt the classic “Nigerian Prince” illusion, and ask for a money transfer so they can buy a ticket to come see you, since they are so far away.

You can recognize these robots by the appealing yet limited phrases they use

 

You can also recognize the Tinder bots by their profile photos. The scammers use photos of models and actors from the internet, sometimes from pornographic pages, to attract their victims. If the procedure is automated, the language used will be very limited…whatever you say, the response will be similar. If you find anything like this, be suspicious!

The post That no-good-Tinder-match wants to steal your money! appeared first on Panda Security Mediacenter.

Panda Security

Project Abacus: The End Of All Passwords

Leave a comment

pandasecurity-abacusGoogle wants to kill passwords. They have developed Project Abacus, a system that aims to make passwords obsolete and secure your devices ten times more than a fingerprint sensor. So what’s the downside? This new privacy system comes at the expense of knowing absolutely everything about the smartphone’s owner. Its new security system is also… a creepy one.

To get rid of unlock patterns, passwords, or fingerprint readers on smartphones, Google has proposed a “trustworthy score” that will be calculated using your personal mobile devices, and deciding whether or not the terminal should be unblocked.

To obtain this score, the smartphone will use all of the user’s information: movement habits, typing speed, location and even biometric data, like voice or facial recognition. In summary, by using the combination of this information, the smartphone will know if the person attempting to unlock it is its owner.

To achieve what it aims to do, Google must constantly keep track of our smartphone use. Your employees will be spied on 24/7 from their personal devices while Project Abacus makes their digital life more secure and comfortable. With Project Abacus, all of your personal information is in Google’s hands.

When Your Apps Spy On You…

The search-site’s plan does not only happen to use this system to unlock Android devices, but it goes far beyond that: the company has announced that it will launch an API so that developers can use Project Abacus as an identification method in third-party applications. The days are numbered for stored passwords and two-step verification. Not only will Google have access to employee information, but any company that uses Project Abacus will be able to use it as a security system.

The problem with Project Abacus is not only the fact that Google and other businesses would have access to the data collected from the phones, but they could also spy on us in real-time. Passwords would no longer be the objective for cyber-attacks. The new goal for cyber-criminals would be to obtain the huge amounts of personal information that would be available about your company and its employees.

Google is taking measures that could be a good compliment to a computer security system, but it is important to remember that they are also increasing the likelihood of a cyber-attack by accessing so much personal data from users. Cyber-criminals are constantly reinventing themselves and putting your at risk, so it is essential to protect your company with the most advanced cyber-security solutions.

The post Project Abacus: The End Of All Passwords appeared first on Panda Security Mediacenter.

Panda Security

The Most Effective Tools to Keep Your PC Malware-free

Leave a comment

pandasecurity-panda-cloud-cleaner

Malware creation continues to break records on an international level, as proven with the data from Q1 of 2016. Experts are identifying new malware samples every day that endanger the internet security on all of our devices.

Our day-to-day lives are effected, if not immersed, in unprecedented technological changes. As the world continues to become more digital, our personal and work environments continue to be susceptible to the +227,000 new threats that lurk on the internet.   Although our online habits continue to change and reflect these developments, we must remember that technology also opens the door for extremely aggressive cyber-attackers who are financially motivated. But, if we take preventative and adequate security measures, we will be able to protect ourselves from financial harm.

Panda Security would like to accompany our users in their digital transformation by offering solutions for a wide variety of devices and for different budgets; let’s work together to prevent, detect, and remove any kind of malware that is trying to sneak into your computer (and your bank account). Taking care of our computers’ “health” is the best way to save money… don’t wait until it’s too late! Tools like our Panda Cloud Cleaner are the best for working against cyber-crime.

In a recent test comparison, Panda Cloud Cleaner has proven to be one of the best free anti-virus tools in the market. Among the number of solutions tested and analyzed, Panda Cloud Cleaner was rated as outstanding in analysis modes (it is both fast and complete), and was able to eliminate all malware without having to install another anti-virus tool.

pandasecurity-table-cloud-cleaner

As you can see, Panda Security’s solution is rated as one of the most effective solutions for detecting and disinfecting malware.

Businesses maximize their profits by taking advantage of the newest technology and latest products that are lighter, more efficient, and easy-to-use. One of the tools you can add to this is the newly designed Panda Cloud Cleaner, with new ways to detect, disinfect, inform, and protect from the start. Panda’s top priority is to keep users safe and maximize security in all aspects of our digital lives.

The post The Most Effective Tools to Keep Your PC Malware-free appeared first on Panda Security Mediacenter.

Panda Security

Do Your Employees Download Pirated Software? How To Prevent It:

Leave a comment

pandasecurity-software-1There are many popular programs that might be available on a user’s home computer, but that are not available at their workplace. A popular image editing program like Photoshop, or Microsoft Office, might be too expensive for a small or medium-sized company that could opt out for more affordable, or even free, software solutions.

However, some employees are unwilling to conform to using these less popular tools, and often, they try to install pirated versions on their computer at work (that are unauthorized on their company computers). The consequence of downloading pirated versions goes far beyond the obvious legal repercussions, which can be very serious for companies. Pirated software is one of biggest entry doors for malware to enter companies.

Pirated software is one of biggest entry doors for malware to enter companies.

To prevent employees from using unlicensed software, which has the potential to compromise your company’s computers, it is essential to establish a proper software management policy (SAM).

pandasecurity-software-2

First of all, businesses should maintain an updated inventory of all active software (i.e., a list of all licensed programs and the workers who use them). Overall, this will serve to detect the programs that are necessary for employees’ work, and which ones should resign.

It is also important to control the detailed information associated with these licensed programs: when the program was bought, when it needs to be renewed, if there are any updates or patches that have not been downloaded yet; this will prioritize our resources so we are able to control budgets and facilitate decision making.

Businesses should maintain an updated inventory of all active software in order to better manage budgets and facilitate decision making.

It is also important to educate and sensitize workers about good practices in relation to software. Unfortunately, on many occasions the company technical departments are unaware of the programs that their colleagues are installing without permission. In fact, around 30% of employees use tools that their bosses don’t know about.

The problem is bigger than it may seem. In 2015, according to a study by the Business Software Alliance (BSA), 39% of software installed on computers worldwide are unlicensed. Those companies using unlicensed software programs are basically drilling holes for cybercriminals, giving them a way to enter their systems and allowing them to endanger their company with malware.

Downloading pirated software increases the likelihood of having a cyber-attack. It is important that you protect your business with advanced cyber-security solutions, like Adaptive Defense 360.

The post Do Your Employees Download Pirated Software? How To Prevent It: appeared first on Panda Security Mediacenter.

Panda Security

Are Your Passwords For Sale On The Black Market?

Leave a comment

FOTO_1

Myspace is joining the list of 2016’s data breach victims, alongside Tumblr and LinkedIn. Yes, Myspace still exists and in fact, if you registered for the social media site prior to 2013, your old log-in information could have been compromised.

360 million emails and passwords were leaked in what is being called one of the largest mass data breaches in internet history. A few days ago, LeakedSource—a search-engine capable of searching leaked records—claimed to have learned account log-in information for a massive number of MySpace users.

Myspace acknowledged in its blog that cyber-criminals have gained access to log-in information from those who registered prior to June 2013. Until that date, passwords were protected by the hashing algorithm “cryptographic SHA1”, which is an outdated and insecure system which is no longer recommended.

The black hat, Peace, recently put the leaked data up for sale on the dark side of the net for six bitcoin (approx. $2,800 US or 2,400). This cyber-delinquent is also behind the Tumblr leak, where 65 million accounts were compromised, and the LinkedIn data breach (117 million leaked). As with Myspace, Peace attempted to sell the stolen information from Tumblr and LinkedIn on the black market.

Remember the Ashley Madison scandal? Well, the number of passwords stolen in this data breach is higher than those stolen in the Ashley Madison leak. If we take into account that the number of stolen passwords is higher than those stolen during the Ashley Madison scandal (39 million passwords leaked), it is particularly worrying.

FOTO_2

Prevention is Better Than Cure

Recently, LinkedIn required a password change for users whose personal data may have been compromised in the breach. Tumblr has done the same. For now, the former friend-network has ensured users that the matter is being investigated and that the company is implementing new security measures.

Nevertheless, internet users and social-network fiends should not wait for a big leak before they take steps to protect their privacy. One of the commandments of Internet safety is to periodically change passwords and to register different passwords with different services so if your data is compromised it only effects one set of log-in credentials.

One of the commandments of Internet safety is to periodically change passwords

With all those constantly-changing passwords, how can we remember them while remaining secure? It’s easy.  You can use password managers like Dashlane, which allows you to determine a password’s level of security and control them from the same page.

There are also great security solutions that offer a larger degree of protection and include a password manager… all you need is a master password to access all of your favorite internet services. It maintains your online privacy… at all times!

The post Are Your Passwords For Sale On The Black Market? appeared first on Panda Security Mediacenter.

Panda Security

Beware of Online Invoices! A Newly Discovered Threat Has Already Crossed Borders

Leave a comment

endesa 4

Just a few days ago we received an alert from Endesa, a Spanish electricity company, warning us of a new online scam targeting victims through fraudulent emails. The cyber-criminals send out fake invoices to Spanish users, using the Endesa name, and then the attack hits soon after. Unfortunately, the cyber-criminals were successful in their first attack and have expanded to other countries. It is very difficult to estimate the number of people who have received the email and who have fallen victim to this scheme.

In the past few hours, a similar attack has arisen. The state-owned electric company in Poland, PGE, has fallen into this cyber-criminal network, amplifying this attack-method to an international level. Just like the incidents in Spain, important and sensitive information, belonging to both companies and individuals, have been infected after opening an infected file with the supposed electricity bill (which is really high, by the way).

We are facing a massive fraud that has transcended borders with a very lucrative goal: forcing you to pay a ransom to reclaim your personal files.

In both cases, the campaign has worked in a very similar way: by sending false invoices using the name of an electricity company, while infecting the computers of naïve victims with a locky computer virus. Although the malware has only reached Spain and Poland, it’s quickly growing and your country could be hit next.  Here are some tips to help you combat this threat:

The Online Invoice Scam, Step-by-Step.

  1. In both of the analyzed cases, the email in question reaches the spam mailbox and in the subject box is the name of an electricity company that corresponds to the country.
  2. It appears as though the fake invoice is the same in both countries. After carefully analyzing the PGE situation, we see that the message may appear somewhat messy, with Polish characters inserted into the text at random.
  3. When the user wants to learn more about the factitious bill, they will click on the button with the text “See Your Invoice and Consumption” that appears below the energy consumption summary. But by then, it is too late. After clicking the fake button, the ransomware that is contained inside the Zip file is executed and a malicious Java code script begins to run on the system.
  4. In this case, the schemers continue to trick their target by asking them to complete a Captcha to gain access to the Zip folder. This makes users think that they are carrying out a safe action, but in reality, their cyber-security is being controlled by a very powerful ransomware.
  5. Once the malicious program has been executed, the user will be blocked from accessing personal files. Locky is an aggressive kidnapper and will only return the personal information once a ransom has been paid.

Endesa 3

Don’t fall into a Scam That Is Tailor-Made for You

Each time, there are more detailed and customized attacks. Their creators are getting away with their wrong-doings using the names of prestigious companies, making it easy to fall into this trap.

One thing is clear: if you are not protected against this type of ransomware, your personal and company files are at risk of being abducted.

Avoiding this situation will free you from paying a ransom and will prevent giving up important information and time to the internet’s predators. There is one solution on the market that is able to control any and all types of threats, including Cryptolocker: Adaptive Defense 360.

When you receive an electric bill, you should only worry about how much energy you have consumed. Here at Panda, we will continue on our mission to detect and neutralize all threats and protect all of our customers.

 

 

 

 

 

The post Beware of Online Invoices! A Newly Discovered Threat Has Already Crossed Borders appeared first on Panda Security Mediacenter.

Panda Security

Learn how to protect your information on International Archives Day

Leave a comment

The entire world population generates and saves enormous amounts of essential information every day. We do so not only to remember and look back on the past, but also, our companies and institutions need this information to run efficiently and transparently.

That is why today, on International Archives Day, we wish to stress the importance of safe and responsible preservation for all kinds of files and, in particular, those which contain personal information belonging to people and companies. Do not forget: although an application, a program or an operating system can be re-installed, corporate or personal information is unique and should be a top priority.

Here are some tips to keep them from falling into the clutches of cybercriminals:

Backup Files

Now more than ever, ransomware is the greatest threat for companies and individuals, which is why backups are the most fundamental tool (and the last resort). They keep us from losing valuable information in the event of a cyber-attack. It is highly recommended to keep at least two backups: one stored in the cloud and a physical one (in an external hard disk, a pen drive, etc.)

Encryption

Before uploading files to the cloud, save them in a storage device or send them by e-mail. It is recommended that you encrypt the most sensitive information, at least, so that they will not be accessible if they fall into the wrong hands. An attacker who gains hold of your files will not be able to read their contents if this person lacks the encryption key, something that only you will have the power to.

Continuous Updating

Always keep your operating system, browser and applications updated to the latest version that is available. This allows you to protect the malware that usually takes advantage of the latest vulnerabilities. Operating your computer with an older version of software makes your most confidential information at risk for theft.

 

Do Not Use Unknown Computers or Networks

If you go on a trip and you plan on using a computer that is not yours, or connecting your mobile device to public Wi-Fi (such as at a coffee shop or at an airport…), make sure you avoid as much as possible accessing private and sensitive files. If you connect to an open Wi-Fi and you are forced to send personal or confidential information, make sure that it is encrypted and use a virtual network (VPN). Learn how to do so, here.

Install a Good Anti-virus

At Panda, we know how important your photos, videos and other files are for you. That is why we offer file encryption, backup and information protection with our anti-virus superstar: Panda Protection Service. With Panda, nobody can hijack your data! Enjoy the rest of your day.

 

The post Learn how to protect your information on International Archives Day appeared first on Panda Security Mediacenter.