Tag Archives: Threats

Avira

Samsung’s SW Update Says “NO” To Windows Update

Yup, I get annoyed by the Windows Update popup reminders as well. Still – updating is important and at the end of the day I am quite happy that there actually are updates to patch vulnerabilities and fix issues.  Which is why it is so shocking to find out that this time it’s not actual malware that is trying to disable it but a well know company: Samsung.

Microsoft MVP Patrick Barker discovered the issue when assisting a user with a Windows Update issue.  According to him “it was figured out eventually after using auditpol.exe and registry security auditing (shown below later) that the program that was responsible for disabling Windows Update was Disable_Windowsupdate.exe, which is part of Samsung’s SW Update software.”

Luckily the Samsung SW Update tool does not come with PCs by default: Users have to download it from Samsung’s website and install it. But let’s be honest: If you buy a new laptop you often download available tools in order to keep the system up to date as easy as possible. According to VentureBeat doing so is a common practice since there were people complaining about having an update problem before.

Now, Baker even got in touch with Samsung, whose support team had to say the following: “When you enable Windows updates, it will install the Default Drivers for all the hardware no laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates.”

Well. Disabling the Windows Update does seem a very crass solution when it comes to making sure your updates and drivers will not break with new Windows updates …

The post Samsung’s SW Update Says “NO” To Windows Update appeared first on Avira Blog.

Avira

NSA and GCHQ Have Been Spying on Antivirus Companies

While not the main target of the operation, Avira was nonetheless mentioned together with several other antivirus and security firms as being at least a target of interest (It’s noteworthy that none of the targets were US or UK companies). Since the revelation we have received various requests vis-à-vis our position and capabilities regarding this affair. We are of course more than happy to share our thoughts with you.

“Avira has frequently seen efforts by governments to write malicious software that attempts to prevent, circumvent, or disable our software from protecting our users. The goal is always the same: installing their programs on the computer users’ systems without detection. These tactics are used by malware authors of all kinds, not just governments.

We at Avira are constantly improving our defense and detection mechanisms to avoid such manipulation. We also use various other systems and utilities to detect such efforts, outside of our own products. Whether a government-funded malware writer, mafia, friend or enemy, the exploitation of applications is something that we are determined to prevent from happening,” says Travis Witteveen, Chief Executive Officer of Avira.

Let’s also not forget that Avira is a founding member of IT Security made in Germany and we pride ourselves in committing, among other things, to:

  • Exclusively provide IT security solutions no other third party can access (no backdoors!).
  • Offer products that do not cause the transmission of crypto keys, parts of keys or access recognition.
  • Eliminate vulnerabilities or avoidance methods for access control systems as fast as possible once detected.

Avira will always strive to keep those commitments, be it against your run-of-the-mill malware or attempts by governments to obtain information.

The post NSA and GCHQ Have Been Spying on Antivirus Companies appeared first on Avira Blog.

Avira

Attack at LOT leaves 1,400 passengers stranded

The hack happened in the afternoon and targeted the Polish flag carrier LOT. According to a report from Reuters “hackers attacked the airline ground computer systems used to issue flight plans”. The whole situation was resolved a few hours later. Nonetheless 10 national and international flights had to be canceled and even more were delayed. Luckily none of the planes or the airport itself were affected and no one got hurt. LOT took extra care to mention “that it has no influence on plane systems. Aircrafts, that are already airborne will continue their flights. Planes with flight plans already filed will return to Warsaw normally.”

The airline also made it clear that the airport itself was not affected. Once the ‘problem’ was fixed LOT issued the following press release. “The situation after the IT attack on our ground operation system is already under control. We are working on restoring the regularity as soon as possible. Our operating center is already preparing flight plans. We will try to ensure that the largest number of passengers are  informed and continue commenced journeys.”

Spokesman Kubicki said that LOT is using state-of-the-art computer systems, so this could potentially be a threat to others in the industry as well.

The post Attack at LOT leaves 1,400 passengers stranded appeared first on Avira Blog.

Avira

Avira Threats Landscape: Visualizing threats for you

Every day, thousands of different malicious programs are trying to infect as many devices as possible. The goal is the same for all of them: Get your data and if possible your money as well.

We have always been the firsts to learn about the threats that loom over every owner of a PC, Mac, tablet, or smartphone, but us having all the insights is not enough. While studying threats, keeping an eye on where they appear, and adapting our programs accordingly makes sure we keep our users as safe as possible, it’s still complicated to explain to the rest of the world why being protected is that important.

Sure, one reads about the newest threats, but only other people are affected by them, right? Especially big companies or governmental institutions seem to be the targets, so why bother at all. And that is where people are wrong. While the media most often talks about high profile cases, everyone else is at risk just as well! Every day there are millions of threats which have only one goal, namely to infect your devices. Be it your smartphone, laptop, Mac or PC – each and every one of them is at risk. Just think about the latest iOS and OS X exploits or the different ways cybercriminals try to gain control over what’s on your computer.

Check out the Avira Threats Landscape to find out where danger is lurking. #cybersecurity

Tweet

In order to make our point we decided to share our insights with you in form of an interactive map. Our Avira Threats Landscape allows you to not only see which countries are the top targeted ones but also which threats are popping up the most and how many threats were detected in your country. Take a look at it, you won’t regret it. And when you see just how far reaching and widespread those threats are, make sure to warn your family and friends as well.  The most important thing though: Stay protected!

The post Avira Threats Landscape: Visualizing threats for you appeared first on Avira Blog.

Avira

Fix for 600 Million Galaxy Phones Available Soon

You might have heard of the security issue with Galaxy phones that was everywhere in the media this week. If not, let me fill you in:

Samsung phones come preinstalled with SwiftKey, a very popular alternative keyboard for Android and iOS. Security researchers from NowSecure discovered a vulnerability in the update mechanism for the customized version the company uses and which is being distributed on most of the Galaxy phone models.

According to NowSecure „a remote attacker capable of controlling a user’s network traffic can manipulate the keyboard update mechanism on Samsung phones and execute code as a privileged (system) user on the target’s phone. This can be exploited in a a manner that requires no user interaction — a user does not have to explicitly choose to download a languagePack update to be exploited.“

Samsung itself played the issue down and stated that a “very specific set of conditions” needs to be met in order for the attack to be successful. Nonetheless a patch will be made available soon – after all more than 600 million Samsung Galaxy phones are affected. The drawback is that only devices that have Samsung’s Knox security platform installed will profit from the updates. “For the devices that don’t come with KNOX by default, we are currently working on an expedited firmware update that will be available upon completion of all testing and approvals” the company says in their statement.

The post Fix for 600 Million Galaxy Phones Available Soon appeared first on Avira Blog.

Avira

XARA – With This Exploit Hackers Can Steal Your Passwords

Six university researchers discovered high-impact “zero-day” security weaknesses in iOS and Mac, which can be abused by getting a malicious app approved by the Apple app store – something they managed to do without any issues. Through this app they were able to access sensitive data from other apps – with dire consequences. The researchers state that “our sandboxed app successfully retrieved from the system’s keychain the passwords and secret tokens of iCloud, email and all kinds of social networks stored there by the system app Internet Accounts, and bank and Gmail passwords from Google Chrome […]”

It does sound unbelievable, doesn’t it? Just take a look at the below video to see a malicious sandboxes app on OS X steal all private notes in the Evernote app:

Or how about a look at how it is able to steal any websites’ passwords:

According to their research 88.6% of the apps they tested were found to be completely exposed to the XARA attacks. This includes popular apps like Evernote, WeChat, and 1Password: “In our study, we downloaded 1,612 free apps from the MAC App Store. These apps cover all 21 categories of the store, including social networking, finance, business, and others. In each category, we picked up all the free apps when less than 100 of them are there, and top 100 otherwise. Also from the iOS App Store, we collected 200 most popular apps, 40 each from “All Categories”, “Finance”, “Business”, “Social Networking” and “Productivity”, after removing duplications.”

The researcher informed Apple about the issues in October 2014, a fix seems to be still outstanding.

Take a look at the research paper to read all about the issue.

The post XARA – With This Exploit Hackers Can Steal Your Passwords appeared first on Avira Blog.

Avira

LastPass Has Been Breached: Change Your Master Password Now

Luckily no passwords were actually stolen in the attack on LastPass last Friday, according to the Company’s Blog: “In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed.” Nonetheless account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

Because of that everyone using the LastPass service will receive a mail, prompting them to reset their master password, according to the blog entry. On top of that the company will also require users who log in from a new device or IP address to verify their ID via mail if multifactor authentication is not enabled for the specific account.

Considering your stored passwords the blog says: “Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.”

So apparently there is no need to change every password you have stored with them. You can if you are really really concered for your accounts, but according to LastPass there is no need for it. Just make sure none of the other passwords you use is the same as the master password of your LastPass account.

The post LastPass Has Been Breached: Change Your Master Password Now appeared first on Avira Blog.