The insecurity of WordPress plugins has been well documented, especially over the last year, but in the grand scheme of things, it’s not as bad as it seems, experts claim.
Tag Archives: Security
Don’t Let Yahoo Happen To You: How to Protect Your Business from Large-Scale Data Theft
In 2016, the theft of passwords from internet titans is no longer an exception. Just when it seemed like the year was winding down, having left us with the surprising news of what until yesterday was considered the highest magnitude cyberattack in history suffered by Yahoo and reported three months ago, this same company returns to headlines after announcing the theft of data from 1 billion accounts.
This comes on the tail of some revealing figures. For example, massive data breaches have, amazingly, affected 97% of the 1000 largest companies in the world.
After admitting last September that in 2014 they had suffered a large-scale theft that affected 500 million users, Yahoo revealed today that in 2013 it suffered what is now considered the worst incident of information piracy in history with the theft of 1 billion accounts.
There’s a strong resemblance between this attack and the ones we’ve been analyzing over the past months. These recent attacks showcase the way cybercriminals gain access to names, email addresses, phone numbers, dates of birth, passwords, and in some cases clients’ encrypted and unencrypted security questions. The dimensions of the incident are truly staggering.
Yahoo disclosed that “an unauthorized third party” accessed the data and that at this time the culprit remains unnamed.
Economic repercussions aside, these incidents also call into question the issue of deteriorating user confidence. For example, Verizon’s initiative to integrate Yahoo into the AOL platform will certainly come under scrutiny.
How Should You Keep Your Business Safe?
There’s a legitimate reason to fear for your business’s confidential information. An outsider capable of getting the key to your company’s data, as happened at Yahoo, is a latent risk. Prevention has become the greatest asset in combating Black Hats and avoiding some of the dire consequences of these attacks.
To that end, we encourage you to turn to the advanced cybersecurity solution best suited to your company’s needs. Our Adaptive Defense 360 can offer you:
Visibility: Traceability and visibility of every action taken by running applications.
Detection: Constant monitoring of all running processes and real-time blocking of targeted and zero-day attacks, and other advanced threats designed to slip past traditional antivirus solutions.
Response: Providing forensic information for in-depth analysis of every attempted attack as well as remediation tools.
Prevention: Preventing future attacks by blocking programs that do not behave as goodware and using advanced anti-exploit technologies.
This is the only advanced cybersecurity system that combines latest generation protection and the latest detection and remediation technology with the ability to classify 100% of running processes.
The post Don’t Let Yahoo Happen To You: How to Protect Your Business from Large-Scale Data Theft appeared first on Panda Security Mediacenter.
Microsoft and Apple unveil new computers with improved security features
In events that took place on consecutive days, the two tech giants presented last week their new ‘weapons’ in the fight for computer supremacy. Whereas Microsoft has decided to go for more pricey, sophisticated and innovative computers, Apple has decided to stay with what the company knows works well and has limited itself to introducing some improvements in its acclaimed laptop computers.
The Redmond company has taken everyone by surprise by rolling out an ‘all-in-one’ device, Microsoft Studio, aimed at knocking the iMac off its perch as the favorite tool among creative pros. The new computer is one part PC, one part graphics tablet. It can be folded, allowing artists and designers to use it in a similar way to a tablet, while offering at the same time an extremely powerful computer very reminiscent of Apple’s iMac for all kinds of professionals.
Additionally, the company founded by Bill Gates has upgraded its Surface Book tablet and presented the new update of its Windows 10 operating system: Windows Creators Update. This new version is stuffed with new features, including the first revision in a long time of its security tool Windows Defender.
The program ditches its classic look and feel in favor of a more Windows 10-style appearance, with a responsive interface adapted to touch screens. It also looks like Windows Defender will be integrated with other tools, like Windows Firewall or Family Safety, allowing for central management of all security aspects of Microsoft’s operating system.
As for Apple, the new MacBook Pro features some significant enhancements with regards to security. First, it incorporates Touch ID for the first time ever. Touch ID, already present in the company’s iPhones, is a fingerprint scanner which, despite posing certain security risks, introduces a new mechanism to verify a user’s identity on Apple’s computers beyond traditional passwords.
This biometric security system will be integrated into Apple’s laptops through the new Touch Bar, a multi-touch strip located above the keyboard and which displays contextual menus and allows for different actions depending on the program you are using. With the Touch Bar, for example, you will be able to do something as simple as paying for an online purchase just by placing your finger on the small display.
If this were not enough, the new MacBook Pro comes equipped with a secondary processor that will perform all security-related tasks, including managing Touch ID and the new Touch Bar. This secondary processor includes what is called ‘Secure Enclave’ technology, specifically designed to manage personal and confidential data most securely.
The post Microsoft and Apple unveil new computers with improved security features appeared first on Panda Security Mediacenter.
Avira at it-sa 2016: New product portfolio for customers
We will present our latest security technology for small- and mid-size businesses, including management and OEM solutions, at this year’s it-sa in Nuremberg. From October 18 – 20, 2016, you can learn all about our latest product portfolio and get advice from Avira experts in Hall 12, Booth 662.
The post Avira at it-sa 2016: New product portfolio for customers appeared first on Avira Blog.
Oktoberfest: Updates in a Mass or through a straw?
You’d rather not heft a one-liter mug to get your favorite beverage. What about security updates for your device?
The post Oktoberfest: Updates in a Mass or through a straw? appeared first on Avira Blog.
Germany’s Federal Paramedics Competition – we were on-site
Staring allowed – that was this years slogan for the 56th federal Red Cross paramedics competition in Wangen. The competition was organized by a local association which was a first timer.
The post Germany’s Federal Paramedics Competition – we were on-site appeared first on Avira Blog.
Nougat, the new, more secure version of Android
The most recent update to Google’s operating system, the most widely used around the world, is now available for Nexus devices and will soon be out there for users of all other devices, as manufacturers begin to include it.
As is often the case, it will be some time before it is universally adopted, though there appear to be good reasons to take the leap as soon as possible, many of them related to security.
Firstly, the new version of Android includes a feature dubbed DirectBoot, designed so that the device begins to operate immediately after a restart. This means that if it is switched off and on again without the user noticing, the services and programs configured to do so will start to operate right away, without having to wait for the device to be unlocked. This includes critical apps such as antivirus solutions, which will be able to protect the device from the moment it is active.
When the device restarts, apps will start to operate without having to wait for the phone to be unlocked.
Nougat also includes a new file encryption system allowing files to be secured individually, without having to encrypt the entire device. For business users, Android for Work also delivers improvements to VPN usage. Company security managers will now be able to force all company devices to be connected at all times, and exclusively through secure VPNs.
The Android update also places restrictions on permissions shared across applications, and prevents apps with administrator privileges from accessing particularly sensitive features, such as changing device PINs or passwords.
Nougat will prevent ‘apps’ from changing the PIN or password of a device.
Another welcome new feature that will simplify the essential task of installing new updates is that Nougat users won’t have to wait for apps to configure one by one after an update (but only for new phones optimized for Nougat). This was something that could take up to half an hour, depending on the apps on a device, and in the future will take place in the background, without interfering with the ability to use the phone.
All these improvements, along with some minor changes, mean that making the switch to Nougat should be a priority for all companies that work with Android. It’s just a question of waiting for device manufacturers to have the update ready.
The post Nougat, the new, more secure version of Android appeared first on Panda Security Mediacenter.
Chrome to Label Some HTTP Sites ‘Not Secure’ in 2017
Google Chrome will begin marking some HTTP sites as non-secure in 2017.
WordPress 4.6.1 Security and Maintenance Release
WordPress 4.6.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team.
Thank you to the reporters for practicing responsible disclosure.
In addition to the security issues above, WordPress 4.6.1 fixes 15 bugs from 4.6. For more information, see the release notes or consult the list of changes.
Download WordPress 4.6.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.6.1.
Thanks to everyone who contributed to 4.6.1:
Andrew Ozz, bonger, Boone Gorges, Chaos Engine, Daniel Kanchev, Dion Hulse, Drew Jaynes, Felix Arntz, Fredrik Forsmo, Gary Pendergast, geminorum, Ian Dunn, Ionut Stanciu, Jeremy Felt, Joe McGill, Marius L. J. (Clorith), Pascal Birchler, Robert D Payne, Sergey Biryukov, and Triet Minh.
Meet online threats in advance – online security
It’s possible to meet and avoid many online threats already in advance. Here you’ll find a handy list to arm yourself against the daily “online” and online threats.
The post Meet online threats in advance – online security appeared first on Avira Blog.