Tag Archives: News

AVG

Scammers trying to steal Netflix passwords, and more

A flurry of news concerning Netflix in recent days has presumably motivated this recent phishing attempt, as scammers continue to pursue current events and breaking news stories to attract victims.

In the email is a red button “CLICK HERE TO VERIFY YOUR ACCOUNT” that leads directly to a replica Netflix login page, as well as pages that ask for personal details including Credit Card information.

 

Unsuspecting Netflix customers who are tricked into this process will not only divulge their account password (which they may have used elsewhere), but may also have their credit card details stolen and used for fraudulent purchases.

 

If you do receive a Netflix phishing email you should report it officially to Netflix by forwarding the message to [email protected]. Further information about keeping your Netflix account secure can be found here.

Until next time, stay safe out there.

 

AVG

Why I’m not worried about fingerprint hacking

The holiday season is a time of relaxation with family and friends. However, the news doesn’t stop and over while on the road with my family I read a story that seemed to take a sensationalist and quite negative angle.

The story titled “Politician’s fingerprint ‘cloned from photos’ by hacker” was posted on the BBC News website. It explains how, in October 2014, a hacker took photos of a politician’s hands at a news conference and managed to replicate their fingerprint from the photos. The ‘hacker’ quips that after this discovery, all politicians will most likely start wearing gloves.

Image courtesy of BBC

 

In the article, reference is made to the fact that both Apple and Samsung devices use biometric fingerprint technology to secure their mobile devices. It seems that this is meant to scare us into thinking the technology is not safe and that we cannot rely on our fingerprints to secure us.

We need to start the year with some perspective on this story. The process of recreating someone’s fingerprint this way is both difficult and time consuming and therefore unlikely to be an issue for the mass consumer audience.

It goes without saying that we have all seen locks being picked in movies yet continue to lock our doors with similar keys. Nobody is writing articles about how easy it would be to take a picture of your keys and accurately reproduce them.

I believe we should be celebrating that authentication mechanisms once only used by large companies and government agencies have found their way into our everyday lives.

If you look back a few years, only a few people used PIN numbers on their phones. If the introduction of swipe codes and biometric security increases the number of people with locked phones, isn’t that a good thing? It shows that more consumers than ever are protecting their devices in some way to stop people stealing their information.

I do of course understand that research into weaknesses in security such as this should be carried out and exposed so that better technologies can be developed.

But my final thought is to encourage people to use security on their phones rather than trying undermine the systems that might well protect them.

So how can you keep your mobile device safe? Here are some tips from AVG Academy on securing your Android mobile:

Video

How to keep your Android device safe

Panda Security

Security forecast for 2015

Security forecast for 2015

Our colleagues at PandaLabs have been making their predictions about what will be happening in the world of IT security in 2015. Do you want to know what we will be up against next year?

Security forecast for 2015

CryptoLocker

This type of malware has been in the spotlight in 2014, and these attacks are set to increase in 2015.

CryptoLocker operates in straightforward fashion: Once it gets into a computer, it encrypts all types of documents that could be valuable to the user (spreadsheets, documents, databases, photos, etc.) and blackmails the victim into paying a ransom to recover the files.

Payment is always demanded in bitcoins, so that it cannot be traced by the police, making this type of attack very attractive to cyber-criminals, as many users decide to pay in order to recover the hijacked information.

Targeted attacks

A small percentage of the millions of new malware strains that appear every month are specifically created to attack previously defined targets. These attacks, known as targeted attacks, are becoming more common and will be highly significant during 2015.

One of the greatest risks to tackle is that many companies are unaware that they could be the target of such attacks and therefore do not have appropriate measures for detecting or stopping them, or at least for detecting any anomaly and mitigating any damage as soon as possible.

Point-of-sale terminals

In 2014 we have seen an increase in attacks on the POS terminals used by all stores to accept and process customer payments.

Point of sale terminals

Cyber-criminals are attacking these terminals and consequently stealing the credit card details of customers. As a result, an activity that users did not think of as a risk, such as paying at a supermarket, gas station, clothes store, etc., is starting to pose a potential threat to which hundreds of millions of people around the world have already fallen victim.

APTs

APTs (Advanced Persistent Threats) are a type of targeted attack aimed at companies or strategic institutions. Behind these attacks are usually countries that invest huge sums of money in ensuring that the targeted attack goes undetected for a long time.

Although we will not see mass APT attacks in 2015, new cases will be discovered that will have probably been around for years but will only just start coming to light.

Internet of Things

The number of Internet-enabled devices is increasing dramatically, and we are not just referring to computers or cell phones but other devices.

From IP cameras to printers, all of these ‘new’ devices that form part of the Internet share a feature that makes them a highly vulnerable target for cyber-criminals: They are devices that users do not pay much attention to and consequently, for example, they are rarely updated. As a result, as soon as a security flaw is found in the software on any one of these, compromising the device will be child’s play for any cyber-criminal. To make matters worse, these devices are connected to internal networks, home or corporate, making them ideal entry points for carrying out all types of wider attacks.

Smartphones

Smartphone attacks, or more specifically attacks on devices running Android, are going to reach new heights. Not only will the attacks increase but so will their complexity, with a single goal: to steal passwords.

We store a growing amount of data on our smartphones and cyber-criminals are going to try to get it at any cost.

Although malware on cell phones was somewhat anecdotal a couple of years ago, more malware for Android has appeared in 2014 than all of the malware targeting any mobile device ever.

It seems that in 2015 these threats will skyrocket, and the number of victims will also increase.Therefore it will be essential to use antivirus products for these devices.

You can download the full report here. :)

The post Security forecast for 2015 appeared first on MediaCenter Panda Security.

Panda Security

Why has Twitter logged me out?

Twitter outage
You may have woken up this morning to find a Twitter notice asking you to re-enter your Twitter account details. Has your password been stolen? Was this a case of identity theft?

Relax! Just follow a few simple steps and your Twitter account will remain perfectly safe.

The popular micro-blogging network suffered a worldwide outage last night that prevented many users from accessing the service normally for a few hours.

According to Twitter’s information service, Twitter Status, the problem started early morning (CET) and although it is now resolved, some users may still have problems accessing their accounts.

Accounts that appear to have been closed, old messages appearing as recent on timelines… these are some of the effects of the bug that hit the social network.

Have you been affected by this incident?

The post Why has Twitter logged me out? appeared first on MediaCenter Panda Security.

Panda Security

The message that can crash WhatsApp

Warning! The Spanish Civil Guard is warning of a new threat on WhatsApp!

whatsapp-death-message

Known in Spanish as the “mensaje de la muerte” (the message of death), it only affects Android devices, not iPhones.

It works as follows: You receive a text message with Chinese-type characters which, having been copied and pasted to Whatsapp, will crash the application on Android devices. This is particularly dangerous for WhatsApp groups, as it blocks WhatsApp for all group members and deletes the group.

How to resolve the WhatsApp ‘message of death’

  • If received from another user: just delete the chat to resolve the problem.
  • If the message comes through a group, go to “Settings”, “Applications” “Manage Applications”, “WhatsApp”, “Clear Data”. Be aware however that all chats and messages histories for all groups will be deleted.

The post The message that can crash WhatsApp appeared first on MediaCenter Panda Security.

AVG

AVG at Kiwicon 8 in Wellington, New Zealand

But this is no ordinary conference, this is “Kiwicon” the eighth consecutive annual security conference held in Wellington, New Zealand whose theme this year is – “It’s always 1989 in computer security”.

No expense has been spared by the organisers to reinforce the 80’s theme including name badges in the form of real audio cassettes (yes, they still exist) that are labelled with your hacker name.  I’m afraid my hacker name of “Michael” was somewhat plain in hindsight!

The self-deprecating humour scattered throughout the Kiwicon website and program guide is nothing short of amazing; a must-read if you get the chance.  And the permanent stage props of a Llama and Sheep really help paint the picture of a conference that has a wonderful relaxed, if not quirky tone.

With more than 1,100 security geeks attending, including many international guests, this conference is likely the closest thing to DEFCON this side of the Pacific; and from comments I’ve heard from fellow attendees, maybe even better.

The first day has concluded with talks as diverse as real cases of journalists and human rights activists being hacked by suspicious government actors, to researchers who reverse engineered the Bluetooth powered controls of an electric skateboard.

Presentations at Kiwicon tend to be very technical, and give you an insight into the genius minds behind some of the leading edge security research that over time assists in keeping all of us safer online, as vulnerabilities are discovered and disclosed.

Day two of Kiwicon is packed with topics such as a walk through of techniques that can be used to detect hoax images that are all too familiar on the Internet these days, as well as some possible disclosures relating to Minecraft which may well turn into breaking news.

But if attending security talks aren’t your thing, the conference also offers the chance to participate in a hacking challenge, lock-picking competition and other activities to keep the minds of the brightest up and coming security professionals occupied.

Until the next conference, stay safe out there.

Panda Security

With NFC, even the most expensive smartphones are vulnerable

mobile-security

Nowadays we are defined by our phones. When you buy a smartphone, you automatically become a convert, defending the benefits of your particular brand over others. Some users become part of the Apple faithful, flocking to their exclusive stores to buy designer iPhones. Others are Google fanatics, with alerts set in their Nexus 5 to warn of the imminent arrival of Nexus 6. Compulsive Amazon shoppers click away on their Fire Phone cart, while traditionalists continue to trust in the numerous and much-lauded features of Samsung Galaxy.

Unless you are one of those who has joined the retro phone trend and have renounced WhatsApp forever, we are sorry to inform you that your smartphone -whatever the make- has a security flaw. Specifically, in the use of NFC (‘Near Field Communication’), a wireless communications system that lets you transfer data at high frequency over short distances, at a range of 10 centimeters. In fact, NFC is a subset of RFID (Radio-frequency identification) systems that have been used for years now to identify pets (microchips). So if dogs can be recognized through this system, why not phones?

In smartphones, NFC allows data to be exchanged between devices, although a more interesting use for this technology is that it allows our phones to be used as credit cards.

smartphones

You can already use your NFC to pay for things thanks to Google and its PassWallet app. Apple, not wanting to be left behind, has introduced the Apple Pay system with iPhone 6. And now banks are getting on the mobile payment technology bandwagon. In the future, we will even be able to use phones as subway tickets or door keys. NFC offers the potential for all-in-one devices with myriad uses.

If you weren’t previously aware of this technology, then you must be marveling at the thought of not having to rummage around drawers looking for your wallet or keys. Well, it’s true, but don’t get too excited. Even though the system operates over very short distances, it still has security flaws. In the recent Pw20wn Mobile 2014 competition in Tokyo, where there was a reward of US$150,000 (€120,000) for the sharpest hackers on the planet, security flaws were detected in the NFC systems of many top-of-the-range phones.

Two separate groups of experts demonstrated during the competition different ways of compromising the NFC technology on Samsung Galaxy S5. These hackers are two-nil up on one of the most prestigious smartphones on the market.

mobile

Even the all-powerful Google has been unable to keep its precious Nexus 5 free from security problems. In the Pw20wn Mobile 2014 competition, a third NFC attack forced the pairing of devices thanks to a combination of two malicious programs.

And it’s not the first time that an NFC security hole has been uncovered in Google’s device. Charlie Miller, an ‘ethical hacker’, was able to communicate with a Nexus S through a chip placed near the device, as he demonstrated at Black Hat 2012 in Las Vegas. After this he forced the phone to enter a malicious website, from where he took complete control of the phone by exploiting the NFC vulnerability. The Nokia N9 was also subject to the same attack on this occasion.

Although there can be no doubt that the detection of these flaws improves the security of our smartphones, perhaps for the moment at least we all feel a little safer keeping our money and the keys to our houses in our pockets, handbags or under a pile of papers on our desks. Even the sharpest hacker would find it difficult to exploit a security hole there.

Nevertheless, your NFC could still be useful for many things. And no doubt it will gradually become more secure. For the moment, fans of Nexus 6 are looking forward to getting their hands on it, and plans are afoot to unlock the phone automatically with the help of an NFC ring on the user’s finger. Could the phone’s PIN also be hacked? Let’s see.

The post With NFC, even the most expensive smartphones are vulnerable appeared first on MediaCenter Panda Security.

AVG

Addressing A New Generation of Mobile Threats Through Innovation

What inspires our innovation most is our customers – and finding solutions to better protect them, their personal data and their devices. In order to do this, we are constantly tracking new security threats in today’s ever-changing digital world.

As a starting point for the day, we showed a Live Global Threat Map. This dynamic map provides a snapshot of virus/malware activity we are tracking real-time on PCs and mobile devices all around the world. On our map, you can zoom in and actually see the number of infections in each country over a period of time. With 188 million active users, 90 million of which are mobile, we have a pretty good pulse on the threats around the world.

Most of our demos for the day were focused on the new generation of attacks uniquely focused on mobile functionality. While the first generation of mobile attacks were primarily using vectors and methods used in the PC world, now we are starting to see the second generation mobile attacks.

These new attacks include the use of voice, social engineering, rough access points and exploitation of various vulnerabilities in apps.

Here are a few of the mobile threats we demoed:

Voice Activation

Voice activated software is a standard feature on smartphones and is also appearing in smart TVs and other Internet-connected devices. It also, unfortunately, can be used maliciously. Did you know some applications can respond to voice, even when a phone is locked? We demonstrated how the mobile operating system will respond to a synthetic voice and allow a malicious app to bypass the limitations of a locked device or permissions, allowing it to call a phone number, send mail and other malicious actions. The flaw is very simple and it impacts a broad range of products utilizing voice activation technologies; they simply do not authenticate the source of the voice.

App Vulnerabilities

In the PC world, software can be distributed and installed on the PC from any source. As a result we are seeing many malicious programs impacting this platform. The mobile world has learned this lesson and is centralizing app distribution via app stores. This approach improves control and scan the apps for malicious intent. However, the fact that an app is not malicious doesn’t mean it isn’t vulnerable. We showed an app available on an app store that was downloaded over 5 million times, but is vulnerable. Our demo showed how easy it would be to exploit the vulnerability and take over the mobile device from a remote – allowing streaming video and voice from the device to the hacker.

iOS Threats

All mobile platforms share security issues and we at AVG always keep an eye on emerging threats in all mobile platforms. For example, we demoed the recent Apple iOS “Masque Attack” technique. This technique allows an attacker to substitute malware for a legitimate iOS application under a limited set of circumstances. It works by luring users to install an application from a source other than the iOS app store or their organization’s provisioning system, such as delivered through a phishing link.  This technique takes advantage of a security weakness that allows an untrusted application with the same “bundle identifier” as that of a legitimate application to replace the legitimate application on an affected device, while keeping all of the user’s data. This vulnerability exists because iOS does not enforce matching certificates for applications with the same bundle identifier.  Apple’s own iOS platform apps, such as Mobile Safari, are not vulnerable. In our demo we created a malicious iOS application named ‘FakeBook’ that steals all the user’s data that the legitimate Facebook application have access to.

Visual ID Hijacks

Malicious apps that assume visual identification of a “real” well-known brand (think about banking and social media applications) can replace a legitimate app and wreak havoc. Take Droidphish, a new attack vector we discovered, for example. If a hacker registers with a specific URL, when a link within the real app or even on a web page is clicked, the malicious app can assume the identity of the legitimate application. In our demo, the attacker gains complete control over your device, your email and data, even to the point of taking a photo of you using the device.

Texting Hijinks

We’ve all been warned to beware of URLs sent via a text (SMS) message. When clicked, they can redirect you to a malicious website. In our demo we showed media that a malicious app can even read and reply to incoming text messages without any visual appearance and without the owner of the device being aware that something is going on!

Cross-Platform Infection

Another demo scenario involved an app that creates a malicious PDF that is later automatically synced—via a cloud-based, file sharing service like DropBox – between a PC and mobile device, infecting the other device without even knowing. Imagine if the PDF had an “interesting” name that may trick the user into opening it.

Wi-Fi Hacks

We are constantly warned that public open Wi-Fi is unsafe, but there are millions of public Wi-Fi hot spots open and that means a lot of security risks ahead. Here are three scenarios we demonstrated on public Wi-Fi:

  • Sniffing – Via free Wi-Fi, anyone sitting next to you in a coffee shop could be looking at the traffic you are sending if your data is unencrypted, including your chats, messages, emails etc.
  • Spoofing – You connect to a malicious hotspot thinking it is legitimate- i.e. it could be named for a well-known coffee shop. (A colleague in Amsterdam ran an experiment and 60 people connected to his network in less than an hour!)
  • Tracking- Walk into a retail store and SSID info allows tracking of your location. In some cases, a trusted retailer may be seeking to personalize your experience when you walk into a department. But in other cases, the tracking could be for nefarious purposes.

For these very scenarios, our Innovations Labs team created AVG Wi-Fi Assistant to smartly turn your Wi-Fi on/off along with a secure Virtual Private Network (VPN) service – so that no one can track you through Wi-Fi, or look at your data being transmitted. Additionally, AVG Wi-Fi Assistant also offers substantial battery life improvements.

Finally, we also demoed some current innovative mobile security products that help people protect themselves: AVG Zen and new apps from Location Labs, a new AVG company.

This was our first Experiential Lab day and we look forward to hosting many more in the future!

Panda Security

Panda Internet Security 2015 achieves Virus Bulletin certification

Virus Bulletin

Congratulations are in order! Panda Internet Security 2015 has achieved Virus Bulletin certification!

In addition to this good news in itself, we also achieved it the first time that we presented this product. This proves its consistency and confirms what we have been saying for the last few months: the effectiveness of the XMTâ„¢ Smart Engineering engine included throughout our 2015 Consumer line.

Panda Internet Security 2015

This engine allows each technology to interact with the rest to reach higher detection and disinfection levels. With it we have achieved the best protection and resource consumption rates on the market, which reflect its excellent capabilities.

Have you tried any of our products? Choose the best antivirus for you!

The post Panda Internet Security 2015 achieves Virus Bulletin certification appeared first on MediaCenter Panda Security.