There are signs of improvement in the global cybersecurity skills gap, but serious problems still remain, a new report finds.
The post Cybersecurity skills shortage ‘still a global problem’ appeared first on WeLiveSecurity
Tag Archives: News
Pirate Party: the Future of Politics?
Could Iceland’s Hacker-founded Pirate Party be the Future of Politics?
So, Donald Trump is president of the leading world power. Yes, that really happened. While the jury is still out on the reasons behind the new president’s rise to power, many believe it’s down to a sense of apathy towards left wing politicians, in this case Hillary Clinton and the Democrats, who would otherwise be the traditional harbingers of progress and change.
One political movement however, is trying to do away with this apathy by embracing something that we’re all about here at Panda Security: online privacy and security on the web!
Introducing Iceland’s wing of the Pirate Party.
Okay, you’ve most likely heard of them already as 2016 is looking to have been a watershed year for them, having tripled their seats in Iceland’s parliament during October’s elections.
This party have really caught our attention though, and that of many others worldwide, with the way they are embracing technology and highlighting how it can play a much much larger role in the future of democracy.
The Pirate Party can be considered a worldwide movement, with branches cropping up all over, including in the UK, Australia and the US.
The first iteration of the party was founded in Sweden by Rick Falkvinge in 2006 after the Pirate Bay torrent website was raided by police. The fact that visitors to the website more than doubled due to media exposure following the raid, was enough of a signal that legislation was out of touch with public opinion when it came to online distribution and surveillance laws. And so was named, Sweden’s Pirate Party.
How did Iceland’s Pirate Party become so popular?
Iceland’s Pirate Party is based on the Swedish party’s model, however, it has its own ideas about issues like data protection as well as how Iceland should be run as a country. Their propositions seem to be appealing to an Iceland that is increasingly looking to break from the status quo.
Birgitta Jónsdóttir, a former Wikileaks volunteer, co-founded Iceland’s Pirate Party in 2012 along with other prominent activists and hackers. According to Jónsdóttir, Iceland’s Pirate Party can sense the winds of change and they see a future of technology-centered upheaval. In a recent interview she said, “we have to be innovative to fight against political apathy”.
But what does she mean by this? Well, the Pirate Party are very much working within the political system to advocate a peaceful political revolution based on greater political transparency, and a grass roots approach to politics. Think Mr.Robot gone mainstream.
The Pirate Party want to increase public participation in common-decision making by giving them direct access to the process via the Internet. Under their system, the public would be able to propose and veto legislation using the party’s online voting system.
Jónsdóttir has also gone on record saying the Pirates would implement propositions such as the United Nations’ proposed resolution, ‘The right to privacy in the digital age’. The resolution, aimed largely at addressing and curbing world governments’ illegal surveillance methods has, for all intents and purposes, been largely ignored by world governments.
The party’s success and recent popularity also comes after the backlash the traditional parties in Iceland have suffered following the 2008 financial crisis and, most recently, the stepping down of the country’s prime minister, Sigmundur Davíð Gunnlaugsson, following his implication in the Panama Papers scandal. Many Icelanders feel it’s time for change and that the Pirate Party are
But they’re hackers!
In a recent interview, Jónsdóttir said “we do not define ourselves as left or right but rather as a party that focuses on [reforming] the systems. In other words, we consider ourselves hackers.”
But what questions does this bring up? Hackers are bad right?
Well, yes and no. A hacker can be defined in various ways; it could be someone who breaks down firewalls and retrieves information, often illegally, or someone who finds simple solutions –a hack- to everyday problems. The Pirate Party propose themselves as the latter, a party that will introduce simple hacks to problems they feel the current system refuses to deal with.
Many questions still arise as to how their vision of Iceland’s future would function in the real world. Increasing democratic reach through the use of the Internet seems like a logical step in this technological age, but what are the dangers? In this future world, could a DDOS attack bring government to a halt? Could a malicious hacker bypass encryption and twist legislation by altering online poll results in their favor? Would transferring the democratic process onto the web empower hackers in new unconceivable ways?
In a recent interview, Ben de Biel, a spokesperson for Berlin’s Pirate Party claimed, “the established parties browse the Internet but we work with it.” Whilst any Pirate Party coming to power would lead to unprecedented change, Iceland’s is the closest to getting there. Their plans, if put into action, could lead to very positive change in digital privacy laws, however, they would also bring to light an increasing necessity for cyber security in an age that is becoming more and more technology reliant.
The post Pirate Party: the Future of Politics? appeared first on Panda Security Mediacenter.
UK’s ICO releases new guidelines for becoming GDPR ready
The UK’s ICO has released a new set of guidelines aimed at ensuring companies are adequately prepared for the introduction of the GDPR.
The post UK’s ICO releases new guidelines for becoming GDPR ready appeared first on WeLiveSecurity
The Cruelest Ransomware Propagates Like a Meme
A link shows up in your inbox from a colleague that you never really hit it off with, or a cousin you’re on the outs with. You open it, and the cat’s out of the bag: you’ve been infected with a ransomware that has abducted all of the files on your computer.
This new malicious software is called Popcorn Time and its purpose is to get the victim to collaborate with the cybercriminal to infect new users. It is particularly cruel because, aside from demanding a 1 bitcoin payment (about $900 as of this writing) to return access to the encrypted files, the victim is offered the chance to recover the files for free if they contribute to its propagation.
Infecting Others to Free Yourself
The victim will be able to share the Popcorn Time download link with other users. If two of the newly infected decide to pay the ransom or pass the chain along, the accomplice will receive a code to unblock their files.
Essentially, Popcorn Time works like any other ransomware — it infects computers and encrypts its files. The twist lies in the morbid way it spreads itself that enables cybercriminals to take advantage of the word-of-mouth phenomenon.
“The model for getting it off your system is sort of a pyramid scheme, multi-level marketing style approach,” explains Kevin Butler, security expert at the University of Florida. “It could certainly make for some interesting discussions amongst one’s group of friends if you’re trying to figure out who infected you with this malware.”
How can you protect yourself from Popcorn Time?
Dissemination strategies like this one may not have such a significant impact as they seem to have at first glance. Is it easier to propagate a malware by asking for the collaboration of users, or by sending mass emails that get to many recipients quickly and at the same time?
One way or another, it’s crucial to be protected in the face of such dangerous threats as Popcorn Time, whether or not they propagate as a viral phenomenon. Keeping our operating systems updated, not clicking on suspicious links — even if an acquaintance has sent it — and keeping a good cybersecurity solution installed — this is some of the advice to be followed if you want to avoid having your files abducted by a cybercriminal.
The post The Cruelest Ransomware Propagates Like a Meme appeared first on Panda Security Mediacenter.
Adaptive Defense 360 Given Stamp of Approval by AV-Comparatives
Defending your devices in our hyperconnected world is no simple task. Your protection should include a wide range of defense mechanisms, a necessary deployment that, until now, has forced IT organizations to purchase and maintain a variety of products from different providers.
In December, AV-Comparatives gave their stamp of approval to the three principles of the Adaptive Defense 360 security model: continuous monitoring of all applications on company servers and workstations, automatic classification of endpoint processes using big data and machine learning techniques in a Cloud-based platform, and the possibility, should a process not be automatically classified, of a PandaLabs expert technician analyzing the behavior in depth.
“The evaluation by AV-Comparatives is a good reflection of the value of Adaptive Defense to our customers,” said Iratxe Vázquez, Product Manager at Panda Security. “We protect from and detect all types of known and unknown malware and zero-day security attacks (ransomware, bot networks, exploits, fileless malware, APTs, etc.), all thanks to the continuous monitoring of all processes running on our customers’ devices.”
The Adaptive Defense 360 solution has been endorsed as the first and only product that combines endpoint protection (EPP) and endpoint detection and response (EDR) in a single platform.
“As this solution classifies all executed processes, it cannot fail to record any malware.”
Efficacy Test
Panda Security’s advanced cybersecurity solution detects and blocks malware that other protection systems don’t even see. “We know that Adaptive Defense is easily one of the best solutions on the market, and we needed this to be certified by a prestigious laboratory in the world of security,” said Luis Corrons, Technical Director of PandaLabs.
Adaptive Defense 360 achieved 99.4% detection in the 220 analyzed samples and 0 false positives in the independent analysis performed by the esteemed AV-Comparatives Institute, which establishes this solution as the most advanced end-user cybersecurity software.
“For us it was essential that the tests were done with the utmost rigor, as we were looking for an environment that would perfectly simulate the real world and the threats to which companies are constantly exposed,” says Corrons.
The Intelligent Control Platform, a Synthesis of Machine Learning and Big Data
Artificial intelligence and machine learning are booming trends this 2017, allowing companies to use data science to optimize resources and improve their productivity. Imagine the effectiveness of a cybersecurity software that combines both of these trends.
“The protection that Adaptive Defense 360 offers is much more than a marketing strategy,” said Iratxe Vázquez. “This solution is a protection strategy, a new security model that our customers will need in order to deal with cyber threats. The attacker continually adapts his behavior, easily avoiding traditional antiviruses. He infiltrates and acts quietly, making all kinds of lateral movements that we monitor, analyze and block before he reaches his targets.”
Adaptive Defense 360 is part of an intelligent cyber security platform, capable of merging contextual intelligence with defense operations.
“We continuously monitor and evaluate the behavior of everything running on our clients’ machines, using Machine Learning’s adaptive techniques in Big Data environments, which gives way to exponentially increasing knowledge of malware, tactics, techniques, and malicious processes, along with reliable application information, “explains Iratxe Vázquez.
Adaptive 360 is also integrated with SIEM solutions (Security Information and Event Management), which add detailed information on the activity of running applications at workstations. For those customers who do not have a SIEM, Adaptive Defense 360 incorporates its own security event management and storage system for real-time analysis of information collected with the Advanced Reporting Tool.
AV-Comparatives has seen what we can do, and they liked what they saw. How about you? Have you witnessed intelligent cybersecurity in action yet?
Follow the links to download the first infographic on the most notable examples of ransomware in 2016.
The post Adaptive Defense 360 Given Stamp of Approval by AV-Comparatives appeared first on Panda Security Mediacenter.
Health Care Legislation Raises Ransomware to Level of Cybersecurity Breach
Data theft and ransomware attacks with a direct financial impact on their victims are some of the primary threats that the health care industry is facing. Healthcare was the most affected sector in terms of cyberattacks in 2015, accumulating a total of 253 security holes and 112 million stolen records.
Despite its long history of lucrative attacks and the thousands of people affected by its intrusions, ransomware was given the same treatment as other infractions in the eyes of the The Health Insurance Portability and Accountability Act of 1996 (HIPAA). This US legislation grants privacy to data and the provision of security to safeguard medical information. Until now, ransomware was part and parcel with the rest of the legislation.
The current scenario calls for greater protection of the multitudes of devices that compose a hospital’s IT infrastructure. The US Department of Health and Human Services (HHS) and the Office for Civil Rights (OCR) has declared that ransomware infections constitute a serious violation of the standard. It has been raised to the level of a serious infraction and a breach of cybersecurity.
With the recognition of the activity of encryption (typical of a majority of ransomware incidents) as a form of unauthorized acquisition and diffusion of medical data, ransomware has become subject to HIPPA security rules. This has established the national standards to protect patient information that is stored or transmitted electronically.
Let Us Protect You
If it seems like cybersecurity breaches are a major hassle in themselves, we must now think of the other fiscal penalties that come into play if security protocols are not met. Non-compliance with these protocols could come to light in the event of a cyberattack such as ransomware.
Adaptive Defense 360 is the only advanced cybersecurity system that combines latest generation protection, detection, and remediation technology with the ability to classify 100% of running processes.
This solution classifies all active processes in every endpoint, guaranteeing protection against known malware and against threats such as zero-day attacks, Advanced Persistent Threats, and targeted attacks.
Better to prevent infection now than to cure it later.
The post Health Care Legislation Raises Ransomware to Level of Cybersecurity Breach appeared first on Panda Security Mediacenter.
WhatsApp bug: Messages ‘can be intercepted and read’
A WhatsApp ‘security issue’ has been identified, meaning third parties may be able to both intercept and read encrypted messages, according to new research.
The post WhatsApp bug: Messages ‘can be intercepted and read’ appeared first on WeLiveSecurity
UK launches major cybersecurity inquiry
The UK parliament has launched an inquiry into its cybersecurity defense measures, describing cyberthreats as a “major security challenge”.
The post UK launches major cybersecurity inquiry appeared first on WeLiveSecurity
Now Hackers Can Spy On Us Using Our Headphones
Hackers can access your data through your headphones
Mark Zuckerberg has a revealing routine he carries out on a regular basis which says as much about him as it does our current era of cyber-uncertainty. Every day when he’s finished talking to friends and business associates, he covers up his laptop’s webcam and microphone jack with a small piece of tape.
Is this simply the paranoia of a man who over the last two decades has had to deal with increasingly sensitive information as well as diminishing privacy in his personal life?
All we know is that many people are utilizing the simple hardware hack, in much the same way, as a cyber security precaution. Whilst those who promote the use of tape no doubt favor the method for its brilliant simplicity, we have worrying news for anyone that thinks this method has all bases covered.
Now even your headphones can spy on you
Your headphones, it has now emerged, can be repurposed from afar, turning them into a microphone capable of recording audio, all of this unbeknownst to the device’s user. A group of Israeli researchers has recently created a piece of malware in order to show how determined hackers could hijack your device and reconfigure it into sending them audio links.
The headphone technology
The researchers, based at Ben Gurion University, created a code aimed at testing their fears about headphone technology. The proof-of-concept code, titled “Speake(a)r,” proved that the very commonly used RealTek audio codec chips contain a vulnerability that allows them to be used to silently repurpose a computers output channel as an input channel.
As Wired magazine have noted, turning a pair of headphones into microphones is a fairly simple task. A quick search on Youtube reveals an abundance of simple hack videos demonstrating how to switch your music listening device into an audio recorder. So it’s the RealTek vulnerability that is the real worry. As the Israeli research team have found, the issue would allow a hacker to record audio if you’re using a mic-less pair of headphones, and even if your laptop or device’s microphone setting is disabled.
Privacy vulnerability
Mordechai Guri, part of Ben Gurion’s cyber security research team, spoke to Wired about the vulnerability they had discovered. “People don’t think about this privacy vulnerability. Even if you remove your computer’s microphone, if you use headphones you can be recorded.” He added that, “almost every computer today [is] vulnerable to this type of attack.”
The researchers tested their malware hack using Sennheiser headphones. “It’s very effective,” Guri said. “Your headphones do make a good quality microphone.” The team also detailed the extent of the malware’s capability, saying that a hacked pair of headphones could record audio as far as 20 feet away. The recorded file can even be compressed so it can easily be sent over the Internet.
As Guri says, the problem is not one that can receive a simple patch and the vulnerable audio chip may need to be redesigned and replaced in future computers. The full extent of the problem is also not known, as the Ben Gurion research team has so far focused only on RealTek audio chips. They are set to expand their research to determine which other codec chips and smart phones may be vulnerable.
So, if like an increasing amount of people in this era of cyber security, you feel vulnerable to eavesdropping, don’t only reach for the tape. Make sure those headphones are unplugged so as not to be the victim of a stealthy new form of malware.
The post Now Hackers Can Spy On Us Using Our Headphones appeared first on Panda Security Mediacenter.
“Eye Pyramidâ€, the Cyber-Espionage Malware that has Italy Reeling
This Tuesday, the Italian state police dismantled a cyber-espionage ring spearheaded by a brother and sister that sought to exert control over public institutions and administrations, professional studios, employers, and politicians. The network was able to access confidential information by installing a virus on victims’ computers, stealing information sensitive to financial institutions and state security.
Among those affected are former Prime Ministers Matteo Renzi and Mario Monti, as well as the president of the Central European Bank, Mario Draghi, as well as other individuals in possession of confidential information. Mayors, cardinals, regional presidents, economists, employers, and law enforcement officials are also on the list.
How Eye Pyramid Works
The investigation has been dubbed “Eye Pyramid”, after the particularly invasive malware that the suspects used to infiltrate the systems of the people they spied on.
These intrusions appear to have first surfaced in 2012, reaching 18,327 users with the theft of 1,793 passwords using a keylogger. This comes out to be around 87GB data. The method of infiltration was simple given the serious nature of the attack: the cybercriminal sent an email, the recipient opened it, and upon opening the email a software was installed on the device, giving access to its secret files.
Older versions of the malware with unknown origins (although possibly linked to Sauron) were probably used in 2008, 2010, 2011, and 2014 in various spear phishing campaigns.
In a hyperconnected world, with mounting tension between cybersecurity and cyber-espionage — we’ve recently seen a crossfire of accusations exchanged between major powers like the US, China, and Russia — these attacks appear to have special relevance to state security and the dangers it faces in the cyber world.
Advanced Persistent Threat, or How to Avoid a Cybernetic Nightmare
This attack, unprecedented in Italy, will continue to be under investigation and, according to authorities, may end up revealing connections to other cyberattacks carried out in other countries.
Protecting your confidential and sensitive data from cybercriminal networks and attacks such as ATPs is crucial in combatting the growing professionalization of cybercrime.
Advanced threats are no longer an issue when you’ve got an advanced cybersecurity solution like Adaptive Defense 360, the platform that connects contextual intelligence with defense operations to stay ahead of malicious behaviors and data theft. Protection systems are triggered and jump into action before the malware even has a chance to run.
Thwarting potential threats before they become a real problem is the only way to rest easy knowing that your information has not ended up falling into the wrong hands.
The post “Eye Pyramid”, the Cyber-Espionage Malware that has Italy Reeling appeared first on Panda Security Mediacenter.