Tag Archives: Security

Panda Security

How to Distribute Your Technology Budget

Leave a comment

The new European General Data Protection Regulations came into effect on 25 May, although countries and institutions have a period of two years to prepare for their final implementation. Given this situation, and to comply with the requirements of the standard, one would hope for companies to increase their investment in computer security. However, the scenario turns out to be quite different, according to a recent report from Gartner, a technology consultancy.

The firm’s experts warn that security spending generally makes up for between 1 and 13% of the corporate budget for technology. The important thing, analysts say, is not the size of the budget designated to secure and protect systems, but how the budgets are used.

“Clients want to know if what they are spending on information security is equivalent to others in their industry, geography and size of business in order to evaluate whether they are practicing due diligence in security and related programs,” explained Rob McMillan, research director at Gartner.

However, these comparisons between companies or sector-averaged data are not much use, according to the analyst. “You could be spending at the same level as your peer group, but you could be spending on the wrong things and be extremely vulnerable,” he warned.

According to the Gartner study, most companies continue to misuse and misinterpret IT spending figures with projections spanning over at least the next four fiscal years.

The consultancy indicates some guidelines for companies in their allocations of future budgets. The goal is to optimize the returns on their investment, which must meet the costs of hardware, software, services (such as consulting and auditing) and personnel.

To identify actual security costs, you must consider the equipment that security solutions integrates, updates, cybersecurity solutions, and other programs and applications, outsourced services, tools to ensure privacy, and training for employees.

According to the consultancy, it is not necessary to allocate large sums of money to implement measures to ensure the security of corporate systems and data. It would be enough if the expenditure involves between 4 and 7% of the technology budget, depending on how sensitive the information the company handles and the type of systems it already uses.

The post How to Distribute Your Technology Budget appeared first on Panda Security Mediacenter.

Panda Security

Your Smart TV Has Been Hijacked. To Continue, Please Pay Ransom

Leave a comment

Cybercriminals that specialize in ransomware, which affects thousands of computers and mobile devices every year, are ramping up their attacks against businesses. It is here that they can get their hands on valuable information and large sums of cash. This particular kind of malware, which hijacks devices and demands a ransom for their return, has managed to conquer another kind of technology: smart TVs.

Last December, the American developer Darren Cauthon announced on Twitter that a family member’s television had fallen victim to one of these attacks. As Cauthon explained, it all came about after the victim had installed an app to watch movies on the Internet, apparently from a third-party website.

The television in question was an LG model that came out in 2014 that is compatible with Google TV, a version of Android tailored to televisions. Once it had infiltrated the device, the malicious software demanded a ransom of $500 dollars to unlock the screen, which simulated a warning from the Department of Justice.

The appearance of the false message would lead you to believe that it’s a version of the ransomware known as Cyber.police, also known as FLocker. Ordinarily this ransomware affects smartphones with Google’s operating system. After hijacking the device, the malware collects information from the user and the system, including contact information and the location of the device, to be sent encrypted to cybercriminals.

To avoid paying the ransom, Cauthon unsuccessfully attempted to restore the television set to factory values, but eventually had to resort to the manufacturer’s own services to return it to a state prior to the installation of the malware. Although his relative managed to regain control of the machine without paying any sum to the criminals, he did end up having to pay the manufacturer $340 for the service, not much less than the ransom itself.

The Cauthon case has not caught security experts by surprise, given that last summer a team of researchers had warned of FLocker’s activity on smart TVs. In addition to the United States, ransomware attacks have been reported on smart TVs in Japan.

LG’s post-2014 model are no longer compatible with Google TV, but rather use WebOS, an open source operating system based on Linux. However, new attacks should not be ruled out, as cybercriminals continually refine their tools, which are increasingly focused on infecting Internet of Things devices at business and in the household.

The post Your Smart TV Has Been Hijacked. To Continue, Please Pay Ransom appeared first on Panda Security Mediacenter.

Panda Security

Keychain, Apple’s Cloud-Based Tool That Safeguards Your Data

Leave a comment

Safeguarding your company’s confidential information, in many cases, calls for having your employees create and properly manage a series of passwords. Not only should they choose complex credentials, but they should also vary among themselves. And they definitely should not be saved in easily accessible places, like a text document.

Password managers come in handy in this task that is so indispensable to corporate security. For their part, companies that have Apple devices for their employees have the Keychain as an ally: it is a password manager in the cloud that makes things really easy when defending corporate privacy via robust password selection.

Activating this tool is simple: just go to iCloud Settings from an iPhone or an iPad and activate the Keychain option. From a Mac you go to the “System Preferences” menu.

Once activated, all the passwords used by the employee will be stored in iCloud, with its own encryption. Once uploaded to the cloud, it will be possible to use those credentials on all devices that are synchronized and authorized to do so.

However, the Apple Keychain is much more than just a place to store passwords in the cloud. In fact, it allows users to completely forget about the clutter of having several passwords since, when they sign up for the service, the keychain suggests complex and distinct options to those already used and automatically saves it. No need to commit anything to memory.

It is also possible to store credit card data and certificates to sign documents digitally. Thus, Apple encryption and its cloud service are one hundred percent responsible for security on the platforms used by employees.

By combining this tool with the right protection to avoid threats, your company’s confidential information will be safer. It makes sure that your passwords are secure and that they will not be stored remotely in any place. And those who want to spice up their passwords can still edit them (or delete old ones) to make them even more complex. When corporate security is at stake, it can never hurt to add extra layers of protection.

The post Keychain, Apple’s Cloud-Based Tool That Safeguards Your Data appeared first on Panda Security Mediacenter.

Panda Security

Android and Linux, the Technologies with the Most Security Holes in 2016

Leave a comment

The latest version of Google’s mobile operating system, Android Nougat, has quite a few security improvements over older versions and, in fact, its arrival on the market is more than necessary. Not for nothing,  Android has managed to win the dubious honor of being the product with the most security vulnerabilities discovered in 2016.

According to the ranking carried out by the CVE Details digital platform, more than five hundred holes in Google’s mobile operating system over the past year have been found. To be exact, there were 523 security errors that put its more than 1.5 billion users at risk.

So Android has overtaken Apple. In 2015, the operating system of Apple computers, Mac OS X, had the greatest amount of vulnerabilities to their credit. However, this year Cupertino seems to have done their homework. They’ve gone from leading last year’s ranking with more than 400 vulnerabilities to closing out 2016 at number eleven on the list, with little more than 200 holes identified throughout the year.

So it turns out having a mobile fleet in your company comprised of Android phones can pose a real risk if you don’t have the right protection. In addition, it is important to update the terminal with the latest version possible, which ultimately will depend on the manufacturer (some are quicker than others, and all are abandoning their older models completely). It’s no wonder there are more than 300 million Android devices that no longer even receive security patches.

Two Linux distributers, Debian and Ubuntu, are the technological products that join Android on the podium of the most error-riddled software. Throughout 2016 over 300 vulnerabilities were found in Debian, while the other distributer came in third place with almost 280 errors.

Choosing your company’s technological tools can be key to preserving both your safety and that of your customers. However, not many are able to escape vulnerabilities: operating systems like Windows 10, browsers such as Google Chrome, or software giants like Adobe are also among the twenty products with the most vulnerabilities discovered in 2016.

The post Android and Linux, the Technologies with the Most Security Holes in 2016 appeared first on Panda Security Mediacenter.

Panda Security

When Ransomware Comes Knocking at Your Door… or Locks it

Leave a comment

A lot of things can go wrong on your holidays, like losing luggage or missing a flight, forgetting your travel documents or getting sick at the worst possible time. But have you ever been locked out of your hotel room because of a cyberattack?

That’s just what happened to guests at a luxury hotel in Austria when they were left stranded outside of their rooms after a ransomware attack that overrode electronic key systems.

This concept, which can be summed up as “if you don’t pay, your guests won’t be able to get into their rooms”, underscores a strategy shift in ransomware. Instead of directly attacking the hotel chain directly, cybercriminals are looking to increase profitability by compromising the well-being of paying customers.

The Evolution of Cyberattacks against Hotels

Infected computers and POS systems, credit card theft, access to confidential information… in the age of the Internet of Things and smart homes, these attacks are becoming commonplace or even antiquated.

Clearly the attacks that this industry has been experiencing are not something casual or fleeting. Behind them lies a real economic interest and a preoccupation with stealthy operations. The hotel sector has become a major target for organized cybercriminals in possession of malware specifically designed to harm its running smoothly, not only in payment systems, but also by sealing off access to your room, turning lights on and off, or locking your blinds.

This is, undoubtedly, a worrisome situation that could cause significant harm not only on an economic level, but also a PR level, sowing fear among clientele.

Taking appropriate measures is a matter of necessity. Hotels are being forced to reinforce the security of their networks, devices, and systems to avoid becoming victims to this kind of attack. But not all protection systems offer the same level of security, nor are they all valid for any kind of business environment.

Traditional antiviruses are not effective against these attacks, since they are specifically tailored to the victim and are cleaned of all recognizable malware signatures before being launched. Current anti-malware solutions use proactive technology that rely on these signatures to catch malware, rendering them useless against attacks that actively avoid incorporating traits recognizable to these solutions.  That’s why it is vital to have advanced cybersecurity protection like Adaptive Defense 360, one that can activate protection systems before the malware is even able to run.

The post When Ransomware Comes Knocking at Your Door… or Locks it appeared first on Panda Security Mediacenter.

Panda Security

Only 3% of the Apps on Your Company iPhones are Secure

Leave a comment

Since the 1st of January, the iPhones in your mobile device fleet are even more secure. Or, at least, they should be based on Apple’s most recent requirements for developers. With the beginning of the new year, all apps that haven’t incorporated the App Transport Security (ATS) function will be unable to offer updates through the official store.

With the ATS system, Apple is attempting to force developers to offer apps that manage data more securely. This new characteristic requires, among other things, all web connections from the app to use an HTTPS protocol.

That way, the information will travel exclusively on an encrypted network, avoiding the most common risks. Paired up with the right protection, this measure taken by Apple could turn iPhones into one of the best options for company mobile devices.

Starting January 1, the iPhone that make up your company’s mobile fleet are even safer devices. Or, at least, they should be based on Apple’s latest demand for application developers. With the start of the new year, all those who have not incorporated their App Transport Security (ATS) tools will not be able to offer updates

But it’s not as simple as it may seem on the surface. For now, developers are not quite dancing Apple’s tune. In fact, a recent study has revealed that only 3% of the 200 most downloaded apps for iOS have already implemented ATS.

This figure is disconcerting. Some other conclusions of the study are also worrisome: about 83% of these 200 popular applications have completely disabled ATS and 55% still allow the use of unencrypted HTTP connections.

Moreover, among the popular apps that have not yet embraced the Apple system are some corporate tools that are common in company mobile phones, such as Microsoft Office products, Facebook and even WhatsApp.

The truth is that Apple is not cracking down too hard on developers in the application of these new rules. In fact, before January 1, developers were able to request justified exceptions that exempt them from adhering to ATS.

Since the beginning of the year, users have been able to continue to use these applications that are frankly not as safe as they should be. The only penalty imposed is to be banned from updating your app until you comply with ATS.

Accordingly, your employees should look for alternative applications that have adopted Apple’s latest security feature. Otherwise, they will not only be using unencrypted connections to deal with corporate data, but will also have their mobile devices plagued with un-updateable programs unable to incorporate changes against future vulnerabilities.

The post Only 3% of the Apps on Your Company iPhones are Secure appeared first on Panda Security Mediacenter.

Panda Security

Chatbots Take Businesses By Storm

Leave a comment

They’re not human, but they sure seem like they are when we chat with them. Chatbots will become virtual butlers of many companies thanks to their ability to process natural language. Companies like Facebook are promoting their use. For the last few months, Facebook has allowed third parties to create bots for its Messenger app. Slack, Telegram, and Line have also opened their API (the window that allows other applications to communicate with each other) to make room for bots.

Companies can also use these intermediaries to increase the productivity of their workers. For example, Howdy allows you to organize meetings and manage the team without leaving the famous Slack corporate communication platform.

They can also be a new customer service channel, either by integrating them in one of these platforms or including them in their own corporate website. In the United States, Uber already allows you to request a car through Facebook Messenger

But let’s take a step back for a moment. Although the bot trend is going to become a multi-million dollar business, the truth is that they can also be a new way for cybercriminals to commit their misdeeds. In fact, they can become a weapon in the service of phishing, one that is more dangerous than traditional emails.

After all, we are already well aware that when we receive an email we have to verify the source. But if a chatbot starts talking to one of our employees or one of our clients, usurping your company’s name, it will be a lot easier for users to fall into their traps.

A New Tool for Phishing

If the person on the other end of a conversation with a chatbot has no way of knowing whether or not they’re speaking to a human, it’s easier to get a victim to click a link after several minutes of casual conversation. By doing so, the user can be redirected to a fraudulent website that uses social engineering techniques to requests confidential data.

In fact, cyberattackers may not even have to come up with that fraudulent website. If they just want to get some private information from a user, they may simply ask for it.

Another option is that the link, instead of serving as a con in itself, directs employees to a webpage that automatically downloads malware — a particularly serious situation if the victim is using the company’s computer. It is advisable to be well protected with an advanced cybersecurity solution.

The security of the channel itself is another factor to take into account when using a chatbot. Facebook announced a few months ago the implementation of end-to-end encryption in Facebook Messenger to prevent third parties from having access to a conversation.

However, other platforms to integrate these virtual butlers may not use that method. Care must be taken with the kind of information we provide to these intermediaries. The fact that they sound human can cause us to end up giving them too much information.

Undoubtedly, chatbots will improve the way we work and the way we communicate with our customers. But its popularization also brings with it new threats in the area of cybersecurity.

The post Chatbots Take Businesses By Storm appeared first on Panda Security Mediacenter.