Tag Archives: Social Media

This App Lets You Find Anyone's Social Profile Just By Taking Their Photo

Is Google or Facebook evil? Forget it!

Russian nerds have developed a new Face Recognition technology based app called FindFace, which is a nightmare for privacy lovers and human right advocates.

FindFace is a terrifyingly powerful facial recognition app that lets you photograph strangers in a crowd and find their real identity by connecting them to their social media accounts with 70%

The danger of shortened links: exposed personal information

enlacesacortados_1Microblogging gives us the freedom to turn our thoughts or our status posts into conversations.  Social networks like Twitter have opened doors for this type of instant communication.  Even shorter than Twitter’s 140 characters is bit.Ly, an insanely popular platform for shrinking long URLs.  But as always, with Bitly’s effectiveness and convenience, comes great security risks.

Most of us are aware that these shortened links have the possibility of being dangerous because… we don’t really know what is behind “the link”.  All we see is a condensed URL (unless we click it).  We need to use a special service to see the original URL before “clicking” it. Browser extensions like Mozilla Firefox’s Unshorten.it (Mozilla Firefox) or Google Chrome’s LongURL were created to make this process easier.

 

Relying on shortened links can be dangerous

 

A recent study published by a group of researchers from the School of Technology at Cornell University in New York has demonstrated that the danger doesn’t only exist in the links themselves, but also, where-in-the-internet they might take you.  There also exists a possible threat to your private information stored in files on the Cloud. The bad guys have gained access to thousands of files in OneDrive, Google Drive and Google Maps from these shortened links.

 

The problem is that these reduced URLs are not only short but also very predictable. They all follow the same structure. It is extremely easy to see hundreds or thousands of possible variants, automatically and in a matter of seconds, by checking to see if the link is directed to a file in the cloud.

 

 

When links fall into the wrong hands

 

“OneDrive URLs have predictable structure.  From the URL to a single shared document (“seed”), one can construct the root URL and automatically traverse the account”, as explained in the study. Following this procedure, researchers have gained access to nearly a million and a half files, “including hundreds of thousands of PDFs and Word documents, spreadsheets, multimedia and executables”.

 

Once the appropriate links are discovered, an attacker could not only access sensitive information contained in the files, but they could also take advantage of the Cloud so they can infect devices like mobiles and desktops. “This means that anyone who randomly scans bit.ly URLs will find thousands of unlocked OneDrive folders and can modify existing files in them or upload arbitrary content, potentially including malware.” This way of distributing malware is worrisome because it is both quick and effective.

 

The post The danger of shortened links: exposed personal information appeared first on Panda Security Mediacenter.

Cyber-criminals really “Like” Facebook

facebook-one

With 1,590 million active users per month, Facebook is the Social Network. In fact, they just posted their quarterly earnings and they are up 50%. Cyber-criminals are aware of their success.

These platforms are the ideal place to “phish” for information. 18% of companies infected by malware were infected through social networks. Attackers pass as part of a company’s customer service team in order to steal sensitive data from consumers.

A recent study was released by the RSA organization proving that cyber-crime on social networks is a “global epidemic”. The RSA organization was founded by the creators of the encryption algorithm that is used every time we make a bank operation online or digitally sign something.

Cyber-crime in social networks

is a “global epidemic”

These platforms are not only hot-spots for attacks but they have also become the perfect forum for scammers to communicate. According to the study, there are more than 500 online fraud related groups with more than 220,000 members. The majority of these groups are public and visible.

Uncovering Credit Card Data

Fraudsters share information like credit card numbers accompanied by personal information and authorization codes, cyber-crime tutorials and other malware tools.

Proving this, the investigation invites us to write our CVV or CVV2 numbers in the Facebook search bar (those verification numbers on the back of a credit card). The result will surely surprise you: it is easier to find data from a stolen credit card than find an old friend you are trying to reconnect with.

facebook-2

In total, the RSA detected some 15,000 compromised credit cards publicized on social networks in the six months that the study lasted. He also discovered that many of these criminal groups focus their attacks on shops, banks and accounts of consumers in their area.

In China and Russia, platforms QQ and VKontakte are preferred by the scammers, while in the rest of the countries, Facebook remains the favorite. Unfortunately for us, cyber-criminals really “Like” Facebook.

The post Cyber-criminals really “Like” Facebook appeared first on Panda Security Mediacenter.

Tips to help shield your reading devices

PandaSecurity_World_Book_Day

Today, April 23rd, we celebrate World Book Day. Literature has evolved greatly in recent times, both in the way we enjoy it and the way we consume it. How we read, in the digital realm, has changed. In today’s on-the-go society, it is becoming less and less common for people to use paperbacks or hardcovers, and is becoming more and more common that we use many different platforms to enjoy reading. Now we read from our smartphones, tablets, eBooks … Electronic ink has been imprinted in our lives. We read everything and anything from short stories to novels, the news to blogs… we turn them into trending topics. We even share excerpts from the books we read on social media. Stories become viral thanks to transmedia storytelling and techniques.

Not only are we seduced with words, but audiovisual content plays a very important role in grabbing our attention. New technology enriches our reading, using videos or photos to interact with the reader. We live in the era of Branded Content. Struggling brands position themselves in a way that seems “organic” in the minds of consumers by offering unique and high-quality content. Now we are fluent in a new language, digital language, and the language in which today’s literature is based on. We write simpler and add hyperlinks. Digital writing is intended to be enjoyed only on-screen, 100%.

Tips to safeguard your reading device

We often forget that a computer virus in Windows can be passed to a smartphone whether it’s an iOS or Android, and a lot of these viruses can even infect our eReaders. To prevent malware from damaging our reading device, whatever it is, we must follow these guidelines:

1- Beware of USB ports: we must first analyze anything that can be inserted into a computer or electronic device. This is the simplest and most popular way cybercriminals can infect our devices.

2- Only buy or download eBooks from legitimate online stores or known editorial pages.

3- Beware of file size: if we introduce some eBook DRM we must be wary if it occupies more than 2Mb, as it could possibly be a virus that could damage the device.

4- Install an eBooks library manager: if the eBook is a virus or has one, the manager will alert us.

Like always, prevention continues to be the best option to help us enjoy our reading (or browsing) safely. Happy World Book Day!

The post Tips to help shield your reading devices appeared first on Panda Security Mediacenter.

your smartphone is no longer the “smartest” option

android2

Synching your smartphone and computer might increase your chances of being hacked

A classic piece of advice that helps keep email, social networks and other online services safe is by enabling something called two-step verification. This security mechanism makes it more difficult for a cyber-delinquent to access your account through two-step verification. When a different device from the “usual” one (different computer or smartphone) tries to access your account, they must enter a code that is sent to the mobile phone associated with the account in order to continue.

If a cyber-criminal is trying to get into your account, who in theory cannot access your smartphone, this two-step process makes it very complicated for him. Or so we thought.  A group of researchers from the Free University of Amsterdam showed us that this type of protection is becoming more and more flawed the better we communicate with each other using our different devices.  This means that the more computers, smartphones or devices that have access to your account and passwords, the higher your chances are of getting an account hijacked by a cyber-criminal.

The two-step verification is one of
the most popular security measures

In other words, because we are able to synchronize applications between two devices, like your computer and smartphone (and what you do in one can affect the other), the effectiveness of two-step verification decreases.

 

Computer android

 

Android and iOS, equally vulnerable

The study’s authors have showed us the possibility of installing apps offered through Android onto your smartphone remotely through the computer (accessing Google Play with the browser) or installing remotely through iTunes.

In both of the above cases, following slightly different strategies, they have managed to intercept the verification code that websites send to your smartphone through SMS when there is a two-step verification, so it is very possible that a hypothetical cyber-criminal could access your Facebook, Google or Amazon accounts—to cite just a few.

The verification code that websites
send you through SMS can be intercepted

 

Don’t stop doing what you’ve been doing

Just because you have found out about this vulnerability does not mean it is no longer advisable to activate this safety measure in all the services that offer it.  There will always be a few obstacles that you can put between the attackers and your personal information.

The post your smartphone is no longer the “smartest” option appeared first on Panda Security Mediacenter.

Linked Out: how job-search platforms are being used for ransomware

job-search-ransomware

Infecting computers with a new type of Ransomware 

Sending out your resume into the net’s black hole can make the job application process feel hopeless.  Where do our resumes end up?  Do recruiters even read them?   The recipe for landing a job is already a difficult task in itself, but now we have to squeeze a little more fear into it.  Every time we apply for jobs, we could be falling prey to one of these new cyber-attacks that use ransomware to hold your computer hostage. 

 

Warn those fresh-grads that they could be fresh-meat

Digital-age criminals are posing as hiring companies on various job-posting websites.  The cyber-criminals are tricking both candidates and recruiters, asking them for too much information, like, credentials and economic information.  Know anyone on the job hunt? Are you familiar with LinkedIn?  Like we’ve stated before, these are becoming some of the best resources for cyber-criminals.

We’ve also seen these wrong-doers capture innocent job-searchers by “pretending” to be hiring managers from important companies, where they post false job advertisements so they can phish for credentials and other sensitive information.  In addition to phishing, we have been advised of another type of attack: a variant of malware that black-hats are using to infect company computer systems when their recruiters download, what they think to be, a candidate’s CV.

They wanna get ya with PETYA

This type of malware, called Petya, spreads via email. Here’s the process of infection:

  1. HR managers of the organization receive an email from a potential candidate for a job, which includes a link to their resume and a photograph, both stored in Dropbox.
  2. When you click on the link, the user begins to download a self-extracting file that contains a Trojan.
  3. The malware gets into the antivirus program to help pave the way for its partner-in-crime, the ransomware, which later blocks the entire operating system.
  4. Windows’ “blue screen of death” stamps the screen.  Dun Dun Dun.  If you try to restart the computer, you will see a skull on a red background with a message from the hacker. (Safe mode is pointless at this point because the malware disables it.)

Ransomware_imagen 2

Ransomware_image

 

The only way to regain control of your device and sensitive information is to pay a ransom.  Currently, the approximate cost to release a system and files is around 0.99 bitcoins which exchanges to approximately €431,379 (bitcoins: the first digital currency.  Although it has been said that this form of payment could be used for “legitimate” reasons, it’s more commonly used on the deep web as a form of payment for theft and the black market.)

It’s easy to be a victim in this scenario when there’s always someone looking to prey upon the desperate.  In the summer of 2015, a group of security experts identified a number of emails sent to companies with resumes, and in this case, in a ZIP compressed file containing a malicious code.

Despite the uncertainty and fear that comes with an attack of this type, don’t give into the pressure!  Paying the ransom does not guarantee that they are to unlock the infected computer (it might even motivate the perp to ask for an even larger sum instead.)

Infected, now what?

  • The solution for someone affected would be to consult a computer or security expert (like those that are part of our technical team) to guide you in the process of eliminating the ransomware from your system and browser, and reconfiguring your computer.
  • The absolute best way to prevent this kind of malware hijacking your system is by taking precautions, because generally, the users themselves are the ones opening (unknowingly) the doors to infection. 
  • Be sure to install all security patches and system updates, in order to keep the browser and antivirus updated.  Regularly back-up your files.
  • Try not to download documents or access links from unknown sources, and if you do, check their format. 
  • Lastly, keep updated with the new attacks and threats detected by security experts; this way you’ll know exactly what you should pay attention to.

As they say, prevention is always better than the cure.

The post Linked Out: how job-search platforms are being used for ransomware appeared first on Panda Security Mediacenter.

Facebook alerts you if someone tries to steal your identity

Facebook-identity-theft-photo-1

Connections are made and maintained online via social media

You can get insight into the life of a stranger through their Instagram photos, Snapchats, or profile pages, but when does it become too much? Our names alone can connect the dots for a perpetrator, making it easy to know our whereabouts. Information about where we work, where we went to University, or where our favorite coffee shop is…it’s all online.  Everything you “share” can have serious backlash: identity theft.

Celebrities are commonly impersonated online, on fake Instagram and Facebook accounts, but they are not the only ones who need to keep track of their digital reputations. A stranger can copy your photos and concoct their own version of your life.  It could be very possible that someone has already impersonated you.

Fight the fakes

The social network created by Mark Zuckerberg is fighting these fake accounts. A tool has been created that automatically notifies users who may be victims of phishing. This feature is already available in 75% of the world’s countries.

When Facebook detects that another person may be posing as you, they automatically notify you about the potentially “fake” profile. After that, the user can confirm or deny whether the profile is a fake. If it’s confirmed, Facebook gets to work; more specifically, the team manually carries out this part of the notification system.

Although they say impersonation is not a widespread problem, Zuckberberg has added this to the list of harassment he doesn’t want associated with his company. To fight it, they will continue their strict and controversial naming policy (requiring users to identify themselves with their real names), but will also actively pursue phishers.

Facebook-identity-theft-clones

Using our photos without our consent

Facebook has also launched two other security features that are next in line. One is a new system that reports the existence of intimate photos shared without the user’s consent and the other is a tool that lets them check the security status of images uploaded to their accounts. They have also introduced a feature that gives users the ability to manage the privacy settings of their photos (Who can see them? Do you really want them to be public?).

Though security is always advancing, the bad guys of the Internet are closely following behind. Next time you decide to upload personal photos, “check-in” to a geographical location, or update your work history on LinkedIn, remember that someone, somewhere might use your identity for their own personal gain.

The post Facebook alerts you if someone tries to steal your identity appeared first on Panda Security Mediacenter.

One out of five businesses are infected by Malware through Social Media

Imagen 2

“Log-out” is the hardest button to click. Can anyone deny that we are hooked on social media? Many of us do not even manage to hold back at work: taking our breaks to message friends on our open Facebook pages or reading what is happening on Twitter.

What at first seems an unimportant habit, can have serious repercussions.  Yes, an employee risks the chance of being caught in the act, but what about the company?

Osterman Research consultants have confirmed in their latest report that 18% of companies have suffered malware infections because of social networks.  Employees aren’t the only ones using these platforms, though.  Companies often have business profiles which makes it more difficult to detect the source of the problem. Imagen 1

According to this document, 73% use Facebook for work purposes, 64% use LinkedIn and 56% use Twitter.  Companies are also showing interest in collaborative platforms designed for them such as Microsoft SharePoint, different Cisco products, the Salesforce Chatter software solution and Connections, a platform developed by IBM.

All of these tools are useful to make a business more efficient, improve teamwork and speed decision-making within the corporation. Shared data, documents and activities are jointly managed using some of the options on the corporate platforms, while the social networks allow them to interact with customers, improve their public image and search for new employees.  This can also increase the possibility of a cyber-attack that can affect the company’s equipment where important information or passwords are saved to access services in the corporate cloud.

imagen principal

Experts warn that the attacks may be caused by careless workers publishing content that includes a geographic location, or even by an employee who is actually working with cyber-criminals. The report, prepared as a guide for best practices within the company, also provides precautions and measures that these businesses can take to avoid the possibility of unpleasant consequences by:

  • Conducting an internal audit.  This will determine what social networks are being used for within the company and their benefits. We don’t want to ban the use of social media (which would affect the performance of workers and their relationships with customers).  The audit will help assess what is necessary.
  • Setting company rules.  Setting clear standards will determine a safe and acceptable way to use these platforms. First, experts should identify the people or positions who are entitled to use these platforms.
  • Establishing rights regarding surveillance or monitoring of employees while using social networks.

Technology and Training

Of course it is important to educate workers and inform them of the standards, rules and the consequences of breaking them but at the same time businesses need to control their systems and equipment. To do this, those responsible for the company must hire qualified personnel and maintain the technology and software needed to prevent attacks and minimize future risks. If you do not take these measures, the repercussions could cost your company a lot of money.

The post One out of five businesses are infected by Malware through Social Media appeared first on Panda Security Mediacenter.