Avira

What can actually happen #IfMyPhoneGotHacked

Everybody will know what you did last summer

The danger of getting your data stolen might seem rather abstract to you as the word “data” usually makes you think of valuable information you would not have on your phone. With “data” we mean everything on your phone: photos, videos, documents and browsing information, regardless of their economic “value”. Remember the selfies you took with your phone this summer but never had the courage to share with your friends? How about the Justin Bieber playlist you secretly stored in a hidden music folder? Well, if your phone gets hacked, it will all become public. And do trust us when we tell you that the “I don’t know how they got there” argument doesn’t stand a chance.

PS: don’t even make us open up the Browsing History subject; once it’s compromised, no superpower can save you from what’s coming next. Moving to a different country might be the only option left.

I just called to say…who are you?

If only the thought of some strangers having your phone number scares you, imagine how it would be if those strangers could also access all of your contacts and your recent dials? Not only would they be able to store and even sell all this private information about your family, friends and colleagues but they might also bother them with all sorts of pranks. And no, texts are not protected either so make sure you don’t ruin the flirt you’ve got going on because of some disturbing replies coming from people controlling your phone. Some of them can have a pretty twisted sense of humor.

Peekaboo I see you

We all use the “Big brother is watching” expression often enough that it has become a matter of speech more than a matter of fact. What if your newest “big brother” is a hacker who can activate your phone’s camera and spy on you whenever he feels like? One thing is sure: you’ll regret not being able to separate yourself from your phone in no situation. Too many examples of exposing the smartphone to private…events come to our mind (we’ll let you think of the most uncomfortable ones yourself). Now imagine sharing those images with a bunch of strangers. In real time. Sufficiently awkward yet?

Social Networks come just as a cherry on top of any hacking scheme mentioned on the #IfMyPhoneGotHacked thread. All of your data could go public (and even viral depending on the level of compromising information you store on your devices) in a matter of hours after your phone gets hacked. Just make sure you stay protected.

The post What can actually happen #IfMyPhoneGotHacked appeared first on Avira Blog.

Microsft

MS14-028 – Important: Vulnerabilities in iSCSI Could Allow Denial of Service (2962485) – Version: 1.1

Severity Rating: Important
Revision Note: V1.1 (September 3, 2014): Updated the Known Issues entry in the Knowledge Base Article section from “None” to “Yes”.
Summary: This security update resolves two vulnerabilities in the Microsoft Windows. The vulnerabilities could allow denial of service if an attacker sends large amounts of specially crafted iSCSI packets over the target network. This vulnerability only affects servers for which the iSCSI target role has been enabled.

Avast

Think celebrities are the only ones that can get hacked? Think again…

News broke on Sunday that nude photos of female celebrities were posted on the photo sharing site 4Chan. Along with the news came many theories and discussions as to how the hacker managed to collect intimate photos and videos from a long list of celebrities. While figuring out how the hacker accessed these intimate files will hopefully patch vulnerabilities, there are general steps that everyone should take now to protect their personal data.

Don’t blame the cloud

shutterstock_208714210

One of the theories circulating on the Internet is that iCloud was hacked via a vulnerability in Apple’s “Find My iPhone” app. Kirsten Dunst, one of the celebrities whose private photos were hacked tweeted the following: “Thank you iCloud”. Should Kirsten and the other hack victims be blaming the cloud though? The iCloud hack theory is just a theory, the hackers could have gained access to celebrity accounts via phishing mails or gained passwords from celebrity insiders. The hackers could have gained access to celebrity email and password combinations through breaches like the recent eBay breach or Heartbleed, which affected nearly two-thirds of all websites, including Yahoo Mail, OKCupid and WeTransfer. If the celebrities whose photos have been exposed were affected by these breaches and used the same passwords on several accounts, including iCloud, it would have been easy for the hackers to steal their personal photos.

Even if the hacker got the data by hacking iCloud accounts, the cloud should not be blamed. The hacker, first and foremost, should be blamed. However, we all should know that there are bad guys out there and we need to protect ourselves and our personal data from them. The lack of cybersecurity awareness amongst these celebrities also deserves a portion of the blame.

Know where you are saving what

Back in 2011, when nude photos of Scarlett Johansson and Mila Kunis appeared, we learned that celebrities are not immune to hacks, in fact they were specifically targeted and will probably be targeted again. It seems that many celebrities did not learn the importance of cybersecurity from the 2011 hack. Every mobile user, celebrities included, should be learning a lesson from this awful and unfortunate event and be re-thinking where they are saving their intimate and personal data.

Many mobile users are unaware of the fact that their data is no longer only saved to their hardware. Many devices and apps come with automatic cloud back up features. Cloud based back up can be a very useful tool to prevent data loss, but if you want to delete intimate photos from your device you should also remember to delete it from the cloud. 

How to protect your accounts

 

Whether the hackers gained access to the data via an iCloud vulnerability, phishing scams, or by using brute force programs there is one common denominator: passwords.

Mobile malware specialist, Filip Chytry recommends the following to protect your accounts:

  • Use strong passwords – Strong passwords are critical when it comes to protecting online accounts. Strong passwords should be at least 8 characters long, contain a combination of letters, numbers, and symbols. Ideally, you should not be able to remember your own password the first time you try to log into your account with your new password. You should update all of your passwords every three months and after news of account breaches.
  • Use different passwords for each of your accounts – It is not easy to remember different passwords for all your online accounts, but it is vital that each online account has a different and strong password. Passwords need to be thought of as keys, you wouldn’t want your house key to open your car – passwords and online accounts should be no different. Password managers like avast! EasyPass can help you secure your passwords and accounts.
  • Enable two factor authentication – Many sites and services offer two factor authentication, meaning you are required to enter a pin number sent to your mobile device, in addition to your password, in order to gain access to your account. This helps verify that the person trying to log into the account is the actual account owner and in fact a real person (not just a program trying to hack accounts).
  • Download anti-virus protection for your mobile device – Anti-virus protection, such as avast! Mobile Security, not only protects your mobile devices from malware, but can also protects you from phishing links. Phishing sites look like legitimate sites designed to trick you into giving up your log in credentials, which may be how the hackers who published the nude photos gained access to celebrity accounts.

If it can happen to them it can happen to you

We often put celebrities on pedestals, but at the end of the day they are normal people just like you and I. No one is immune to hacks per se, but being aware of where you store your sensitive data and using the proper tools to protect your data can prevent hackers from accessing it. We should all take this situation as an opportunity to learn how to protect our very personal information.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter, Google+ andInstagram. Business owners – check out our business products.

ESET

Secure password: CyberVor hoard of 1.2 billion details ‘used in attack’

Hosting provider Namecheap has come under attack from hackers apparently using the “CyberVor” hoard of 1.2 billion usernames and passwords, and has warned that some accounts that had failed to use a secure password may have been compromised.

In a blog post entitled, “Urgent Security Warning”, the company said that some accounts had been compromised, but Computer World reports that the “vast majority” of login attempts had failed.

Namecheap said that it was now “aggressively blocking” the IP addresses that the attack appeared to have come from, and said that the logins appeared to come from the record-breaking hoard of passwords and usernames stolen by the gang known as “CyberVor”.

Secure password: Record-breaking hoard used in attack

Veteran security writer and researcher, and We Live Security contributor Graham Cluley said, “The gang, which has been dubbed “CyberVor” (“vor” means “thief” in Russian) by security researchers, is thought to be in possession of the largest known haul of stolen internet credentials – 1.2 billion usernames and passwords, together with 542 million email addresses. And the data has been stolen from some 420,000 different websites.”

Company officials did not reveal why they suspected the credentials being used in the attack were the ones from the Cybervor (“Vor” is Russian for “thief”) trove which was discovered online last month, with a mix of passwords, usernames and email addressses in one online cache, according to CIO magazine.

“Overnight, our intrusion detection systems alerted us to a much higher than normal load against our login systems. Upon investigation, we determined that the username and password data gathered from third party sites, likely the data identified by The Register (i.e. not Namecheap) is being used to try and gain access to Namecheap.com accounts,” Namecheap said, also offering advice for users on how to create a secure password for their accounts.

Fake browser used in mass attack

“The group behind this is using the stored usernames and passwords to simulate a web browser login through fake browser software. This software simulates the actual login process a user would use if they are using Firefox/Safari/Chrome to access their Namecheap account. The hackers are going through their username/password list and trying each and every one to try and get into Namecheap user accounts,” Namecheap said.

Veteran security writer and researcher, and We Live Security contributor Graham Cluley advises, “Whenever you create accounts online you are putting trust in the hands of web developers that they are properly securing your information. The very best you can do is enable additional security measures (such as multi-factor authentication when made available), and ensure that you never reuse the same password nor choose a password that is easy to guess or crack.

Because one thing is clear: The Russian CyberVor gang may or may not be sitting on one of the largest cybercriminal hauls in history, but unless we all work harder to keep our private information safe and secure, this is not going to be the last time that you’re waking up to newspaper headlines of stolen passwords.”

 

 

 

The post Secure password: CyberVor hoard of 1.2 billion details ‘used in attack’ appeared first on We Live Security.

Panda Security

Teaching cyber-security from school age

As the Internet increasingly becomes part of our everyday lives and we use new technologies in all areas of our life, there’s an ever greater need for professionals capable of guaranteeing our security in these areas.

However, in a field as new and complex as cyber-security there is still a lack of people prepared to work in it. As we saw recently, in the United States there is already a plan under way to tackle the situation: training army veterans to become cyber-warriors and consequently, helping them to adjust to civilian life again.

Yet this is only one of the solutions put forward, and there are others that take a longer view. To ensure the future of the profession, the only viable plan for the long term involves educating children in this area and stimulating their interest in computing in general and specifically in IT security.

Along such lines, countries like the USA and the UK have projects that will hopefully provide the cyber-warriors of the future.

cyber competition

The UK’s Cyber-Centurion challenge

In the UK in fact, an initiative called Cyber Centurion has been launched to get thousands of youngsters competing in teams in a cyber-security challenge.

The key to the initiative is that young people will be in direct contact with situations that a real cyber-security expert could encounter. In fact, the challenge, which is to be held in two rounds, involves downloading a virtual computer full of vulnerabilities that could present opportunities for a cyber-criminal. What the teams (comprising 4 to 6 youngsters and one adult) have to do is identify these vulnerabilities and patch them as soon as possible.

As this is the first edition of the challenge, there will first be a practice round in October before the two competition rounds. The top six teams will then battle it out in April 2015 in the Grand Final. The winners will be awarded a scholarship at Northrop Grumman, one of the largest defense contractors in the United States and maker of the B-2 stealth bomber who is funding this initiative with a view to uncovering future talents in IT security.

This however isn’t the only cyber-security initiative in the UK. The Cyber Centurion challenge is supported by Cyber Security Challenge UK , a platform funded by the British government that has organized other educational initiatives such as workshops and other challenges in schools, colleges and universities across the UK.

CyberPatriot

In fact, this exciting British initiative is really an adaptation of the US Cyber Patriot program, the National Youth Cyber Education Program. This program is now in its seventh edition and is also funded by Northrop Grumman, which claims to have already dramatically reduced America’s cyber-security talent shortage.

This search for US Cyber Patriots involves three programs:

  1. A competition among high school students similar to the one that will begin in a few months in the UK (where the teams have to identify and fix vulnerabilities in an operating system to prevent cyber-criminals from entering),
  2. A camp organized for the first time this summer and which aims to teach the principles of cyber-security in an entertaining way and
  3. An initiative that will take basic IT security knowledge to primary schools and teach children how to protect themselves on the Internet.

Internet competition

So why in the US and the UK is there so much interest in students learning firsthand what it takes to be a cyber-security professional and not any other job?

Basically, because the future (and the present) will require IT professionals dedicated to cyber-security. Moreover, international threats and attacks can now come across the Internet, so another profession of the (short-term) future will be cyber-warriors, who even now are being recruited by companies like Northrop Grumman. This will no doubt be the army of the future.

The post Teaching cyber-security from school age appeared first on MediaCenter Panda Security.

AVG

Labor Day Reflection: The 77% Rule and Women in Tech

You don’t have to be anti-man to be pro-woman.

–Jane Galvin Lewis

 

Yesterday while I was observing Labor Day, the day set aside to celebrate the social and economic advancement of the American worker in the U.S.— it provided some time to reflect and consider the topic of women in the workforce and specifically pay parity.

What if I gave you 77 cents for every dollar you earned? Would you feel fairly compensated? Unfortunately, that’s generally the wages the average working woman makes as opposed to her male counterparts.

The 77 cents for every dollar? That’s a generalization that averages in all jobs across the board.  The good news is that the tech industry is more progressive. Pay parity, according to various surveys, is equal in our industry as long as the job titles are the same.

Of course, the catch is that women aren’t as likely to have the top titles. (For a more in-depth look at this you can go to one survey at Dice.)

Nevertheless, I believe tech is a great place for women and has a rich tradition, from Ada Lovelace to Admiral Grace Hopper. When I began in tech, role models were few.  Today, if you look around today, there are a number of role models for women starting out: Marissa Mayer, Sheryl Sandberg, and Susan Wojcicki, to name a few. But the playing field is still far from level.

 

Where and how can we level the playing field?

Maybe online? As reported in a survey by freelance job site Elance, women in technology are finding more opportunities online than on-site. According to their survey of 7,000 global independent professionals, 80% of respondents also said they’re optimistic about the future of high-tech professions for women even though a majority still sees a lag in pay equality and encouragement from parents and/or teachers.

Fabio Rosati, CEO of Elance, noted,  “Online work provides an attractive avenue to neutralize gender discrimination around the world and create flexible professional opportunities not available in traditional job markets.”

That’s one solution. I think another has got to be education. Basically, education is a great lever to pay parity.  And, backing programs such as Girls Who Code is a great way to get young women engaged in technology.

Mentoring is also another great avenue. It’s something I’m proud to say I use to measure my success as well.

I hope to share more of my thoughts and experiences at SWXS this coming year as a featured speaker on the topic “Boardroom or Baby.” You can support me and continue to raise awareness for the issue by going here to vote for my presentation.  Voting closes Friday, Sept. 5th – so go check out the SXSW PanelPicker and vote today!

Software and Security Information