Tag Archives: Security

Redhat

Risk report update: April to October 2015

Picture of risk playing cardsIn April 2015 we took a look at a years worth of branded vulnerabilities, separating out those that mattered from those that didn’t. Six months have passed so let’s take this opportunity to update the report with the new vulnerabilities that mattered across all Red Hat products.

ABRT (April 2015) CVE-2015-3315:

ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report. ABRT was vulnerable to multiple race condition and symbolic link flaws. A local attacker could use these flaws to potentially escalate their privileges on an affected system to root.

This issue affected Red Hat Enterprise Linux 7 and updates were made available. A working public exploit is available for this issue. Other products and versions of Enterprise Linux were either not affected or not vulnerable to privilege escalation.

JBoss Operations Network open APIs (April 2015) CVE-2015-0297:

Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. The JBoss Operations Network server did not correctly restrict access to certain remote APIs which could allow a remote, unauthenticated attacker to execute arbitrary Java methods. We’re not aware of active exploitation of this issue. Updates were made available.

“Venom” (May 2015) CVE-2015-3456:

Venom was a branded flaw which affected QEMU. A privileged user of a guest virtual machine could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host’s QEMU process corresponding to the guest.

A number of Red Hat products were affected and updates were released. Red Hat products by default would block arbitrary code execution as SELinux sVirt protection confines each QEMU process.

“LogJam” (May 2015) CVE-2015-4000:

TLS connections using the Diffie-Hellman key exchange protocol were found to be vulnerable to an attack in which a man-in-the-middle attacker could downgrade vulnerable TLS connections to weak cryptography which could then be broken to decrypt the connection.

Like Poodle and Freak, this issue is hard to exploit as it requires a man in the middle attack. We’re not aware of active exploitation of this issue. Various packages providing cryptography were updated.

BIND DoS (July 2015) CVE-2015-5477:

A flaw in the Berkeley Internet Name Domain (BIND) allowed a remote attacker to cause named (functioning as an authoritative DNS server or a DNS resolver) to exit, causing a denial of service against BIND.

This issue affected the versions of BIND shipped with all versions of Red Hat Enterprise Linux. A public exploit exists for this issue. Updates were available the same day as the issue was public.

libuser privilege escalation (July 2015) CVE-2015-3246:

The libuser library implements a interface for manipulating and administering user and group accounts. Flaws in libuser could allow authenticated local users with shell access to escalate privileges to root.

Red Hat Enterprise Linux 6 and 7 were affected and updates available same day as issue was public. Red Hat Enterprise Linux 5 was affected and a mitigation was published.  A public exploit exists for this issue.

Firefox lock file stealing via PDF reader (August 2015) CVE-2015-4495:

A flaw in Mozilla Firefox could allow an attacker to access local files with the permissions of the user running Firefox. Public exploits exist for this issue, including as part of Metasploit, and targeting Linux systems.

This issue affected Firefox shipped with versions of Red Hat Enterprise Linux and updates were available the next day after the issue was public.

Firefox add-on permission warning (August 2015) CVE-2015-4498:

Mozilla Firefox normally warns a user when trying to install an add-on if initiated by a web page.  A flaw allowed this dialog to be bypassed.

This issue affected Firefox shipped with Red Hat Enterprise Linux versions and updates were available the same day as the issue was public.

Conclusion

The issues examined in this report were included because they were meaningful.  This includes the issues that are of a high severity and are likely easy to be exploited (or already have a public working exploit), as well as issues that were highly visible or branded (with a name or logo), regardless of their severity.

Between 1 April 2015 and 31 October 2015 for every Red Hat product there were 39 Critical Red Hat Security Advisories released, addressing 192 Critical vulnerabilities.  Aside from the issues in this report which were rated as having Critical security impact, all other issues with a Critical rating were part of Red Hat Enterprise Linux products and were browser-related: Firefox, Chromium, Adobe Flash, and Java (due to the browser plugin).

Our dedicated Product Security team continue to analyse threats and vulnerabilities against all our products every day, and provide relevant advice and updates through the customer portal. Customers can call on this expertise to ensure that they respond quickly to address the issues that matter.  Hear more about vulnerability handling in our upcoming virtual event: Secure Foundations for Today and Tomorrow.

Avast

Avast Wi-Fi Finder helps you stay connected wherever you are

Many of us have found ourselves in situations in which we need Wi-Fi connection and are unable to find it easily. Since we’ve become used to being connected to safe and steady Wi-Fi networks at home or in the office, it can become frustrating and inconvenient when we’re unable to establish a quick connection and gain secure online access.

For those seeking a fast, reliable and secure Wi-Fi connection, we’re happy to introduce you to Avast Wi-Fi Finder. Our new app gives you the opportunity to have a fast connection regardless of your location while continuously providing you with privacy and security. Whether you’re at the gym, a hotel, cafe, bus station or library, Avast Wi-Fi Finder has got you covered.

With Avast Wi-Fi Finder, you’re not limited by your data plan – instead, the app allows you to save on funds that would otherwise be spent on establishing a mobile Internet connection. No longer will you be stuck having to purchase a refreshment at the nearest cafe or register for a service in order to connect to fast, reliable Wi-Fi networks – the passwords of our recorded Wi-Fi networks are stored and provided to you.

Getting to know the app

Using Avast Wi-Fi Finder, the following features are at your fingertips:

  • Connect to the fastest, most secure hotspots around. Avast Wi-Fi Finder helps you automatically connect to Wi-Fi networks nearest to your location, helping you save on monthly bills and roaming fees.
  • Get speed and privacy. There’s no need to compromise on your security. Avast Wi-Fi Finder checks the security ratings of each network and keeps you protected while you browse, chat, or email away.
  • Follow your map and you’re set to go. The app’s user-friendly map allows you to navigate to a widespread collection of fast, reliable hotspots recommended and crowdsourced by people just like you from all around the world.

In just a few simple steps, you can become one of the beta testers who help us make Avast Wi-Fi Finder (and other Avast mobile apps) the best that they can be. Read through our guide to get started in the Avast Android beta program.

Since the beta version of Avast Wi-Fi Finder has only recently been launched, we’d like to ask our users to be patient, as certain locations may not yet be filled with available Wi-Fi networks. As our community of beta testers continues to grow, the size and quality of our network database will do the same. To speed up this process, we encourage our beta testers to add available Wi-Fi networks to locations as they find them. Get started by becoming a tester for Avast Wi-Fi Finder on Google Play!

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

AVG

AVG boosts Bugcrowd bounty

One of the ways we proactively improve our security is through participation in the AVG bug bounty program on Bugcrowd.  We have recently reviewed the rewards offered as part of this program and now offer up to USD$1,000 per bug.

We appreciate and reward the efforts of security researchers who, within the strict terms of the bounty program, are able to responsibly disclose vulnerabilities found in our nominated PC based client side applications.

If you have skills and experience reverse engineering binary code, or you like breaking AntiVirus engines in your spare time, then this could be the stimulating and rewarding challenge you’ve been looking for.

Bugcrowd is a great community of like-minded security geeks who get to pentest, hack and crack great companies like AVG, Fitbit, Dropbox and even Tesla Motors – all in the name of responsible disclosure for rewards and kudos!

So, if you’re a 1337 h4x0r then start finding bugs today by signing up to Bugcrowd as a researcher, and then join the AVG program.

We look forward to seeing what juicy vulnerabilities you’ll uncover, and in return get rewarded for helping us keep over 200 million friends safe and secure.

Get cracking! And until next time, stay safe out there.

Redhat

Red Hat CVE Database Revamp

Since 2009, Red Hat has provided details of vulnerabilities with CVE names as part of our mission to provide as much information around vulnerabilities that affect Red Hat products as possible.  These CVE pages distill information from a variety of sources to provide an overview of each flaw, including information like a description of the flaw, CVSSv2 scores, impact, public dates, and any corresponding errata that corrected the flaw in Red Hat products.

Over time this has grown to include more information, such as CWE identifiers, statements, and links to external resources that note the flaw (such as upstream advisories, etc.).  We’re pleased to note that the CVE pages have been improved yet again to provide even more information.

Beyond just a UI refresh, and deeper integration into the Red Hat Customer Portal, the CVE pages now also display specific “mitigation” information on flaws where such information is provided.  This is an area where we highlight certain steps that can be taken to prevent the exploitability of a flaw without requiring a package update. Obviously this is not applicable to all flaws, so it is noted only where it is relevant.

In addition, the CVE pages now display the “affectedness” of certain products in relation to these flaws.  For instance, in the past, you would know that an issue affected a certain product either by seeing that an erratum was available (as noted on the CVE page) or by visiting Bugzilla and trying to sort through comments and other metadata that is not easily consumable.  The CVE pages now display this information directly on the page so it is no longer required that a visitor spend time poking around in Bugzilla to see if something they are interested in is affected (but has not yet had an erratum released).

To further explain how this works, the pages will not show products that would not be affected by the flaw.  For instance, a flaw against the mutt email client would not note that JBoss EAP is unaffected because EAP does not ship, and has never shipped, the mutt email client.  However, if a flaw affected mutt on Red Hat Enterprise Linux 6, but not Red Hat Enterprise Linux 5 or 7, the CVE page might show an erratum for Red Hat Enterprise Linux 6 and show that mutt on Red Hat Enterprise Linux 5 and 7 is unaffected.  Previously, this may have been noted as part of a statement on the page, but that was by no means guaranteed.  You would have to look in Bugzilla to see if any comments or metadata noted this; now it is quite plainly noted on the pages directly.

This section of the page, entitled “Affected Packages State”, is a table that lists the affected platform, package, and a state.  This state can be:

  • “Affected”: this package is affected by this flaw on this platform
  • “Not affected”: this package, which ships on this platform, is not affected by this flaw
  • “Fix deferred”: this package is affected by this flaw on this platform, and may be fixed in the future
  • “Under investigation”: it is currently unknown whether or not this flaw affects this package on this platform, and it is under investigation
  • “Will not fix”: this package is affected by this flaw on this platform, but there is currently no intention to fix it (this would primarily be for flaws that are of Low or Moderate impact that pose no significant risk to customers)

For instance, the page for CVE-2015-5279 would look like this, noting the above affected states:

new-cve-pagesBy being explicit about the state of packages on the CVE pages, visitors will know exactly what is affected by this CVE, without having to jump through hoops and spend time digging into Bugzilla comments.

Other improvements that come with the recent changes include enhanced searching capabilities.  You can now search for CVEs by keyword, so searching for all vulnerabilities that mention “openssl” or “bind” or “XSS” are now possible.  In addition, you can filter by year and impact rating.

The Red Hat CVE pages are a primary source of vulnerability information for many, a gateway of sorts that collects the most important information that visitors are often interested in, with links to further sources of information that are of interest to the vulnerability researcher.

Red Hat continues to look for ways to provide extra value to our customers.  These enhancements and changes are designed to make your jobs easier, and we believe that they will become an even greater resource for our customers and visitors.  We hope you agree!

AVG

Addressing Cybersecurity for Small & Medium Businesses

Perspectives on cybersecurity continue to evolve as our level of ‘connectedness’ and awareness of potential threats increases. According to the U.S. Chamber of Commerce, many security experts believe there are two types of businesses, “…those that have been hacked and know it, and those that have been hacked and don’t know it yet.” While this overstates the situation a bit, it does highlight the urgency to address cybersecurity, even for small businesses. As the U.S. Chamber of Commerce suggests, the question isn’t if, it’s when.

Both Europe and the U.S. have designated October as cybersecurity month, highlighting the importance of this issue to business. One of the governmental organizations addressing the issue is the National Institute of Standards and Technology (NIST). NIST is currently in the revision phase of its report, Small Business Information Security: The Fundamentals, by Richard Kissel and Hyunjeong Moon. In partnership with the Small Business Administration and the FBI, NIST is one of the governmental organizations reaching out to the small business community and providing guidance on how to address cybersecurity.

Cybersecurity is not an all-or-nothing effort. NIST recognizes that the appropriate security measures may differ from company to company and that not every company will be able to implement every possible measure quickly. Nonetheless, they have classified a number of cybersecurity practices as ‘absolutely necessary’ and suggest that every small business adopts them to protect their information, systems and networks.

These practices include:

  1. Protecting information/systems/networks from damage by viruses, spyware, and other malicious code
  2. Protecting a company’s Internet connection
  3. Installing and activating software firewalls on all business systems
  4. Patching operating systems and applications
  5. Making backup copies of important business data/information
  6. Training employees in basic security principles

A great starting point for evaluating a businesses security status and potential risk is to use the “AVG Small Business Security Healthcheck” tool that AVG Business provides for free on our website. In just a few minutes a business can generate a cybersecurity profile that can be used internally, or with an IT solution provider that understands the company’s network and business practices, to ensure the right solutions are put in place.

In many cases, security experts will advise, as NIST has, that protecting against viruses and malware and installing firewalls are critical steps. This can be easily accomplished with software solutions including the just updated AVG AntiVirus and AVG Internet Security solutions from AVG Business. With exceptionally easy user interfaces and automated protection features, special knowledge isn’t required to provide protection across an entire business. Making sure that antivirus is in place and firewalls are working are the first and easiest steps a company can take.

Addressing cybersecurity for small and medium businesses has clearly risen to mission-critical status, but that doesn’t mean it has to impact a company’s resources, finances or operations. With a network of more than 10,000 partners, an active channel community, and software solutions that are continuously updated to address changing security needs, AVG Business is certain that every business can establish strong cybersecurity measures and worry less about potential threats. If your company hasn’t yet embarked on a cybersecurity plan, now is a good time to start.

Avast

Avast at Virus Bulletin Conference 2015

Our team had a wonderful time meeting and networking with the crème de la crème of security industry professionals at this year’s Virus Bulletin Conference in Prague, of which we were a proud platinum sponsor. Throughout the conference, a handful of Avast employees presented talks a variety of today’s most prominent security-centered topics. For those who weren’t able to make it to the conference, we’d like to provide a brief recap of the content that was covered.

Taking a close look at denial of service attacks

Avast senior malware analysts Petr Kalnai and Jaromir Horejsi discuss distributed denial-of-service (DDoS) attacks.

Avast senior malware analysts Petr Kalnai and Jaromir Horejsi discuss distributed denial-of-service (DDoS) attacks.

In their presentation, “DDoS trojan: a malicious concept that conquered the ELF format“, senior malware analysts Petr Kalnai and Jaromir Horejsi discussed the serious issues relating to distributed denial-of-service (DDoS) attacks.

Abstract: DDoS threats have been out there since the Internet took over half of global communication, posing the real problem of denial of access to online service providers. Recently, a new trend emerged in non-Windows DDoS attacks that was induced by code availability, lack of security, and an abundance of resources. The attack infrastructure has undergone significant structural, functional and complexity changes. Malicious aspects have evolved into complex and relatively sophisticated pieces of code, employing compression, advanced encryption and even rootkit capabilities. Targeted machines run systems supporting the ELF format – anything from desktops and servers to IoT devices like routers or digital video recorders (DVRs) could be at risk.

In this session, Petr and Jaromir examined the current state of DDoS trojans forming covert botnets on unsuspecting systems. They provided a technical analysis of the most important malware families with a specific focus on infection methods, dynamic behavior, C&C communication, obfuscation techniques, advanced methods of persistence and stealth, and elimination of rivals. After studying cybercriminals’ behavior, our two speakers introduced their operation tools, including vulnerability scanners, brute-forcers, bot builders and C&C panels. They explained that in many cases, it’s unnecessary to apply reverse engineering within the analysis — the original source codes are indexed in public search engines and their customization is a subject of monetization. The pair concluded their presentation by introducing tracking methods and techniques and revealed the targets of these attacks.

Taking mobile security to the next level

Avast security researcher Filip Chytry talks about privacy in the mobile sphere.

Avast security researcher Filip Chytry talks about privacy in the mobile sphere.

Next up was security researcher Filip Chytry’s talk, “Privacy: a growing commodity in the modern age and our Remotium virtual solution to protect it“. Filip’s presentation focused on a few mobile apps that have experienced privacy leaks and provided insight on what could be used as potential solutions to these types of security breaches.

Abstract: Today, we are surrounded by millions of sensors that measure and monitor our lives, cities, travels, homes and communities. There are currently more online endpoint devices and sensors in existence across the globe than there are human beings. Smartphones have become unbelievably integrated into our daily lives, and these tiny gadgets are just the tip of the iceberg that is the modern spying age. Take cameras, for example — when you get the chance, try taking a stroll around a city and see how many cameras you can spot. These could be cameras belonging to other people or surveillance cameras capturing public images. Whether they were taken accidentally or intentionally, it’s difficult to argue with the fact that each of us is featured in public images and visual data that we remain largely unaware of.

Filip pointed out that when examining this issue through a mobile lens, it’s interesting to take a look at apps which benefit us in some way. Although these apps can lend us a helping hand or aid us in socializing with our peers, they often sharing certain data with developers that the average person is likely unaware of and would be uncomfortable with sharing. Filip went on to explain that in the worst case scenario, these apps’ developers can implement poor security standards which could permit leakages of data shared by the user. Concluding the presentation, Filip explained that Avast Remotium is a virtual space that allows users to mask their data, delivering unidentified data in its place in order to protect against data leaks and privacy breaches.

Home Network Security in the spotlight

Pavel Sramek and Martin Smarda discuss home network security issues.

Pavel Sramek and Martin Smarda discuss home network security issues.

Another two stellar Avast malware analysts, Pavel Sramek and Martin Smarda, presented “Solving the (in)security of home networked devices“. This talk outlined real-life issues of home network devices and examined potential risks related to the devices, a topic which is extremely relevant at this time.

Abstract: In the past few years, there has not been a VB conference without a talk about someone hacking the devices they have at home. Be they routers, NAS-es or ‘smart’ TVs, there is always one thing in common — the vendors ignore the problems and refuse to patch their products. We are developing an automated vulnerability scanner intended to test devices without our code running on them. The intention is to educate users about the misconfigurations and vulnerabilities that are detectable from another device in the network. Integrating such a scanner into consumer AV brings home network security to a new level and increases user awareness of those issues. We will present the technology and the challenges we faced on the way towards accomplishing this goal via maximizing the impact of even the simplest vulnerability scans.

Pavel and Martin acknowledged that while a couple researchers reporting an issue is simply not enough pressure to affect manufacturers’ decisions, the possibilities could be huge if millions of users reported this problem to their vendors or made the decision to replace their devices with more secure ones.

Fun at the Avast booth

A bottle of our own Avastweiser beer!

A bottle of our own Avastweiser beer!

In addition to the presentations given by our talented speakers, Avast had a handful of fun activities to offer to Virus Bulletin attendees. At the Avast booth, our team served three types of Czech beer in addition to our own Avastweiser brew, which we handed out to visitors free of charge.

Attendees had the opportunity to join Avast in a tournament of old-school Arcade Games, which we rented from Prague’s Arcade Museum. Among the prizes were a smartphone-controlled paper airplane and a Cheerson CX-20 drone!

We’d like to thank everyone who attended Virus Bulletin 2015 for their interest and support in the security and antivirus industry. We look forward to what next year’s conference has in store!

 

 

 

 

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

AVG

AVG kicks off National Cyber Security Awareness Month with updated product suite

I am delighted that that we have released our updated Protection and Performance products and suites – consciously timed with the inauguration of National Cyber Security Awareness Month.

Introduced in the US by President Obama, National Cyber Security Awareness Month was conceived to raise awareness and education about cybersecurity, and help citizens protect the nation in the event of a cyber-incident. Throughout October, companies and organizations will be holding conversations, hosting events and taking part in Summits as they look to educate us to “Stop. Think. Connect”.

AVG fully supports this initiative, and is involved in a number of similar, designated days and months throughout the year, such as European Cyber Security Month, which aim to further security education. As we increasingly live our lives online, and the everyday devices in our homes become connected, cybersecurity has rapidly become a personal issue as well as a one of global importance. Most of us now own multiple devices and use apps for everything we do; but our growing dependency on technology, while simple to use, they bring high levels of complexity; and all too often, security and privacy become an afterthought. One of AVG’s goals is to take the complexity of your everyday, online environment and simplify it, making it as easy as possible for you to secure and manage you and your families’ digital lives and keep them protected.

The digital landscape is always evolving, and so too, must the products you use to protect yourself. The latest release of AVG’s protection products and suites are now auto-updated on a continual basis, so users will always have the latest features and capabilities without any required action on their part, removing the need for you to accept or search for an upgrades.

The new release adds significant protection capabilities, including Real-Time Cloud Detection, AI Detection and Improved Malware Detection, are also focused on real-time protection – ensuring customers are always secured against the latest threats.

These product releases continue to underscore our leadership in online security and commitment to protecting devices, data and people, at home and at work – in the August test results from AV-Test, AVG Internet Security scored 100% for both real-time and wide spread malware detection. Make sure to check back here on our blog, AVG Now, throughout the month, to hear more product and service news, and to read some of our top cybersecurity tips.

You can find out more about the latest AVG Performance and Protection products here: http://now.avg.com/avg-new-protection-performance-press-kit/

AVG

AVG Business kicks off Cybersecurity Month with free upgrade to 2016 Business Software Suite

AMSTERDAM – September 30, 2015 – AVG® Technologies N.V. (NYSE: AVG), the online security company™ for more than 200 million monthly active users, today announced the release of its 2016 Business Edition software suite with new versions of its AVG AntiVirus Business Edition and AVG Internet Security Business Edition products. The 2016 suite, central to the company’s expanded security strategy for business, provides enterprise scale security to channel partners and small to medium-sized businesses (SMBs) in the frontline defense against malware and online threats.

Available worldwide, the products include a free remote management console to provide businesses easy and efficient remote access to all systems on a network. Technical support is also included at no cost.

“Today’s release of our core AntiVirus and Internet Security products for business delivers new and advanced cybersecurity protections and we are excited to get these into the hands of our channel and small to medium businesses across the globe,” said Joanna Brace, VP of Marketing and Product Marketing, AVG Business. “Online security is our core expertise and it is a fundamental requirement for business growth and success in today’s connected world. With the release of these critical security solutions, we are once again demonstrating our online security leadership and commitment to our customers.”

Today’s news is timed with two industry initiatives European Cyber Security Month and National Cyber Security Awareness Month, underscoring AVG’s leadership in online security and its strong commitment to protecting devices, data and people at work and at home. In support of these initiatives, channel partners will receive free upgrades to the 2016 Business Edition with renewals of existing licenses. AVG Business is also hosting security webinars for SMBs and providing comprehensive reseller kits for partners.

Features of the new 2016 Business Edition upgrade include:

  • New Scanning Engine: Scans faster and smarter with cloud-based detection technology
    The 2016 scanning engine implements AVG’s most advanced algorithms, providing better protection and shorter scanning times. It is also driven by new cloud-based detection technologies that leverage the majority of AVG’s 200 million endpoints to rapidly recognize new and emerging threats and deliver virus updates in as close to real-time as possible.
  • New Real-Time Outbreak Detection: Uses crowd intelligence technology for better protection
    Crowd intelligence technology has been added to AVG’s cloud-based outbreak detection to identify even the newest malware variants and outbreaks in software, all in real-time.
  • New Artificial Intelligence Detection: Uses advanced intelligence to identify threats
    Advanced artificial intelligence has been added to proactively identify new threats in real-time before our AVG VirusLab team has catalogued the threats.
  • Online Shield: Uses the Cloud to guard against today’s threats
    The 2016 Online Shield delivers today’s best cloud-based detection to more quickly identify dangerous downloads.
  • Data Safe: Protects your company’s most valuable data
    Data Safe lets businesses create password-protected virtual disks on their system, ensuring they can confidently encrypt and protect folders, files and data securely.
  • File Shredder: Deletes data securely
    Industry-compliant File Shredder securely deletes data to help prevent unintended recovery.

The AVG AntiVirus Business Edition and AVG Internet Security Business Edition are available now.

Channel partners can work directly with their account managers and also download our comprehensive reseller kits at our Reseller Center: https://secure.avg.com/rc-login. SMBs can purchase from the AVG.com web site: http://www.avg.com/business-security.


The AVG Business Portfolio

The AVG Business portfolio includes AVG Business CloudCare™, a free cloud-based administration platform offering channel partners a simple way to implement and manage services such as antivirus, content filtering, online backup and email security services for their customers, using centralized and highly customizable policies; the 2016 AVG Business Edition, a suite of software solutions that includes AVG AntiVirus Business Edition and AVG Internet Security Business Edition and offers comprehensive security protection for channel partners and SMBs;  AVG Business Managed Workplace, a comprehensive remote monitoring and management (RMM) platform with integrated premium remote control for channel partners and their clients; and AVG Business Secure Sign-On, a next-generation mobile device management service.

Supported by a worldwide network of more than 10,000 partners, AVG’s strong IT security heritage complements its proven strength as an RMM provider and partner to help smaller IT companies and MSPs transition and flourish as fully-fledged managed services businesses.

To view our Press Kit, which includes product screenshots, video and other elements of this news, please visit http://now.avg.com/avg-2016-business-edition-press-kit.


About AVG Technologies (NYSE: AVG)

AVG is the online security company providing leading software and services to secure devices, data and people. AVG’s award-winning technology is delivered to over 200 million monthly active users worldwide. AVG’s Consumer portfolio includes internet security, performance optimization, and personal privacy and identity protection for mobile devices and desktops. The AVG Business portfolio – delivered by managed service providers, VARs and resellers – offers IT administration, control and reporting, integrated security, and mobile device management that simplify and protect businesses.

All trademarks are the property of their respective owners.

www.avg.com


Contacts:

Zoe Kine
Tel: +1 415-694-3654
Email: [email protected]

Zena Martin
Tel: +44 7496 638 342
Email: [email protected]

 

Press information: http://now.avg.com

AVG

Cybersecurity matters

It’s unusual now to watch a newscast or read a paper and not come across a report or story of some computer security breach, theft or data or malicious program that’s wreaked havoc with a company’s, or the government’s, systems. On September 20th, the New York Times reported that Apple too is the target of malicious software in its App Store.

Tomorrow marks the start of National Cyber Security Awareness Month in the U.S. and the European Cyber Security Month. While there’s no way to insure that your business computers, devices and networks are 100% free from attack, there are a number of simple steps that businesses – even those without dedicated IT resources – can and should take to protect their business, customers and employees.

Perhaps the most important first step is to recognize that every business – even small and medium businesses – are potential targets. Hackers and distributors of malware are simply looking for any opportunity to steal information, accounts, passwords and identities. The less security they encounter, the easier their task. According to Chairman Steve Chabot (R-OH) of the Congressional Small Business Committee, “…71 percent of cyber-attacks occur at businesses with fewer than 100 employees.”

So how best can a business protect itself, particularly when it has no dedicated IT department or specific technical expertise? By deciding to implement a few easy precautions, to at least make it more difficult for hackers and others. And while our focus is business, these same suggestions work at home too and can help protect families.

  • Awareness and training – Employees should be made aware that there could be attacks and trained to recognize some of the signs of an attack or harmful email or phishing scam. Make sure that processes are in place to address requests for credit card numbers, payment information or personal data and that employees know what to do if those requests are received.
  • Password protection – Passwords are the keys to the kingdom and too often, good password policies aren’t in place or aren’t followed. Passwords should be unique, complex not obvious, and should be changed regularly. There are tools that can help manage passwords to reduce the burden.
  • Backup your data – It’s not difficult and it’s not expensive. A little discipline across all your systems will help a business recover from an attack or a catastrophic event.
  • Implement malware, spyware and firewall software solutions – This is like locking the door of a business at night. So many potential attacks can be stopped before they ever have an opportunity to steal or damage a business. Firewall, antivirus and malware software watches for possible attacks and threats and is exceptionally easy to install and manage.

Though cybersecurity month starts tomorrow, today marks the introduction of the 2016 update of the AVG Business AntiVirus and Internet Security software suite. Faster and less intrusive than ever before, these programs are that starting point for good business security.

Now is the right time to evaluate or review businesses security policies and to implement protection practices and tools if they aren’t already in place. It’s not hard to get started. The 2016 AntiVirus or Internet Security Business Editions are available at http://www.avg.com/business-security. In addition, AVG Business Partners have access to a range of resources to help establish better security and protection for clients.

Good business security doesn’t have to be overwhelming or intimidating, with the right software and by following some simple steps, all businesses can enjoy a little peace of mind.