Tag Archives: News

AVG

What is the POODLE Vulnerability?

Leave a comment

The vulnerability relates to version 3 of an encryption technology known as SSL (Secure Socket Layer) that dates back to 1996. SSLv3 is still supported by most of the browsers and webservers on the Internet but has been replaced as the default encryption selection by newer encryption technology known as TLS (Transport Layer Security). Encryption is used to secure our connection on the Internet when we do, for example, online banking or purchase online.

When a browser connects to a webserver that supports this older technology there is a risk that if SSLv3 is the primary encryption or the connection security falls back from the newer TLS technology to SSLv3 then an attacker could potentially exploit this vulnerability. While it is unusual for websites to still be using SSLv3 as the default encryption technology, it is possible for an attacker to cause connection failures that force the server to default back to the older, insecure, technology.  By exploiting this vulnerability, an attacker could gain access to things like passwords and cookies, enabling him to access a user’s private account data on a website.

Companies have kept this old technology on their servers to ensure backward compatibility if needed. The two main options for companies to fix this vulnerability are to disable SSLv3 entirely, or change the security downgrade feature so that only the newer TLS encryption is used so that users remain safe.

As we have seen with these previous vulnerabilities it takes companies time to upgrade or in this case disable the software that is causing the issue (SSLv3 support) on the server and browser sides.  72 hours after the disclosure of the vulnerability, AVG researchers reveal that 37% of the top 100,000 domains are still vulnerable.

Staying safe:

Although web users can’t take any direct action to stay safe from POODLE, it is always good practice to keep all their systems and software updated.

For Windows users, run Windows Update to ensure you have installed all of the latest security patches. For Apple Mac users, ensure you run the Mac App Store and update to the latest security patches for your system.

By keeping your browser, operating system and security software up-to-date, you will ensure you have the best chance of avoiding malware and web based vulnerabilities.

Panda Security

Seven million Dropbox passwords may have been compromised

Leave a comment

dropbox

Recently, it would appear that there is no Internet service whose users’ data hasn’t been compromised.

Now it’s the turn of Dropbox, the cloud storage service, which has had hundreds of its users’ passwords leaked and it’s claimed that many more could be published. Specifically, up to seven million users’ data may have been hacked, with the consequent threat to the privacy of the users who store their data on the platform.

These claims come from a user of Pastebin, a text sharing site used by hackers and IT security specialists, who boasts to have obtained seven million Dropbox passwords and, supposedly as proof, has published some of them on the site.

On its official blog, Dropbox was quick to deny that its services have been hacked, claiming that the passwords had been stolen from other services and then used to access the file storage platform.

Dropbox urges users not to employ the same password for various services and to enable two-step authentication.

Gmail: Five million passwords stolen

What has happened to Dropbox also happened to Gmail in September, when 5 million passwords were leaked. Neither Dropbox nor Gmail were hacked. The data was taken from other websites.

With this data in their hands, cyber-criminals can try the same password for other services such as Facebook, Dropbox, Gmail or Twitter.

More | How to create strong passwords

The post Seven million Dropbox passwords may have been compromised appeared first on MediaCenter Panda Security.

Panda Security

200,000 Snapchat images leaked

Leave a comment

snapchat

After Celebgate, the leaking of private photos and videos of Hollywood actresses and models such as Jennifer Lawrence, now users of Snapchat have seen the security of their files compromised.

Snapchat is a mobile app for sending images and messages that are automatically deleted between one and ten seconds after being read.

Although Snapchat does not store users’ images, another app, Snapsave, which is available for Android and iOS, does store them. This is what has enabled 200,000 photos to be stolen, according to Snapchat.

According to The Guardian (UK), these include some 100 MB of nude images. It is as yet unknown whether these might include images of children, and it is important to point out that downloading of nude images of children under 16 is a jailable offense under child pornography legislation.

Images from ‘The Snappening’, as this leak has been dubbed, are already available on some Internet portals.

The post 200,000 Snapchat images leaked appeared first on MediaCenter Panda Security.

AVG

AVG and Sony partner to protect devices right out of the box

Leave a comment

Mobile devices have become the cornerstone of our connected lives and we use them for everything from gaming to banking and tracking our health. This makes life incredibly convenient for smartphone users but it also carries a risk to our privacy and security.

Many apps on our smartphones stores generate and store information about us as people. With the average Android users having as many as 95 apps installed on their device, it quickly becomes clear that our devices are portable databanks that carry our contact, financial, health and location data.

With so much personal information stored on our devices, it’s never been more important for smartphone users to protect their data with basic security measures such as setting up a passcode or installing a security app that will check links and scan for infections when you download software or surf the web.

That’s why AVG is delighted to announce that we’ve teamed up with Sony Mobile to make it easier than ever for Sony Xperia customers to protect their devices and their data.

From autumn 2014, all Xperia Z3 smartphones and tablets will come with a free 180 days of AVG AntiVirus PRO so that devices are protected straight out of the box.

 

 

After the trial expires, users can either renew or downgrade to AVG AntiVirus FREE for Android so that their device is protected free of charge.

AVG AntiVirus FREE for Android was the first mobile security application to exceed 100 million downloads on the Google Play Store and has powerful tools to help you protect your device, keep it running smoothly and even locate your device should it get lost or stolen.

Panda Security

The Ebola virus becomes the latest bait used by fraudsters

Leave a comment

The Spanish Civil Guard has warned via Twitter of a number of Ebola-related hoaxes that have appeared over recent days.

Once again, WhatsApp has become the main channel for such scams, which include bogus reports of new cases of Ebola or the canceling of classes at the CEU San Pablo University in Madrid due to a possible infection.

Spanish-Civil-Guard

Hackers often exploit such situations for financial gain, and it was never in doubt that the first confirmed case of Ebola in Spain would give rise to these types of scams.

The Spanish Civil Guard have asked users to help avoid generating panic by not distributing these messages. They also encourage people to get their information through what they refer to as “serious channels of communication.”

The post The Ebola virus becomes the latest bait used by fraudsters appeared first on MediaCenter Panda Security.

Panda Security

WhatsApp Oro, a new scam related to the world famous messaging app

Leave a comment

whatsapp oro

 

Be careful! The Spanish National Police have reported a new type of scam related to WhatsApp. That’s right, another one! We’re beginning to lose count of how many times we’ve reported these types of stories.

It appears that cyber-criminals have invented a new version of the messaging app: WhatsApp Oro (WhatsApp Gold). As you can probably imagine, there is no ‘Gold’ version of WhatsApp, and it’s really just another fraud to subscribe you to Premium SMS services.

Seemingly, criminals have been advertising this service on Twitter and more than a few users have fallen for it.

As you know, the success of WhatsApp has made it a prime target for criminals, so take care and don’t fall into the trap!

The post WhatsApp Oro, a new scam related to the world famous messaging app appeared first on MediaCenter Panda Security.

Panda Security

JP Morgan acknowledges that 76 million accounts were hacked

Leave a comment

jp morgan chase

US bank, JPMorgan Chase has acknowledged that 76 million current accounts and 7 million small business accounts were affected by a hacker attack last August.

The bank presented an official report to the Securities and Exchange Commission (SEC), specifying the type of data that had been compromised in the attack on the Web and mobile apps of JPMorgan Chase.

Data obtained by the cyber-criminals included customers’ names, addresses, phone numbers and email addresses, as well as internal company data. There is still no evidence that this data theft has compromised account numbers, passwords, ID numbers, dates of birth or social security numbers.

Cyber-attack on JP Morgan Chase

JPMorgan Chase was one of five US organizations to suffer an attack, the real purpose of which is still under investigation.

The FBI have been trying to determine the origin since August and determine whether the motive is purely financial or if it is part of an international espionage operation.

The bank has also asked customers to come forward if they are aware of any irregular transactions, though for the moment, they have no evidence of any fraud related with this data theft.

 *** Update

Luis Corrons, technical Director of PandaLabs, has drawn similarities between this attack and the one suffered by Orange some months ago. In neither case were passwords stolen, which is typically the prime target of cyber-criminals, probably because this data is stored on systems with greater security.

Nevertheless, Luis Corrons has also pointed out that companies are attacked every day around the world and a small percentage of these attacks are successful. This should serve to remind businesses that they need to improve defenses against cyber-attacks and ensure they have the best business antivirus.

More | 10 reasons why you need the best business antivirus

The post JP Morgan acknowledges that 76 million accounts were hacked appeared first on MediaCenter Panda Security.

Panda Security

Facebook set to hand over users’ information to third-party advertisers

Leave a comment

facebook advertising

Facebook will hand over users’ information to advertisers to enable them to advertise more effectively on third-party portals. This will be done through the Atlas platform that compiles data from the social network and uses it on external websites.

This way, if you click ‘like’ on a clothing website, you will begin to see adverts for similar products when you visit other pages.

So, with the data gathered from Facebook a history of likes and preferences is compiled which helps advertisers identify potential customers.

Advertising on Facebook

Until now, advertising on Facebook was done using cookies that registered your ‘likes’ as you visited other Internet pages. So when you were in Facebook you would be shown adverts in accordance with your preferences.

The aim of this latest methodology is to improve the effectiveness of advertising, and to track people’s preferences on mobile devices, which is what Atlas can do through Facebook.

What do you think? Are we losing privacy with these kinds of initiatives?

More | Android users under attack through malicious ads in Facebook

The post Facebook set to hand over users’ information to third-party advertisers appeared first on MediaCenter Panda Security.

Panda Security

Shellshock, the security hole in Bash that affects Linux and OS X

Leave a comment

Shellshock

A security hole has been discovered in Bash that jeopardizes the security of Linux and Mac users. This vulnerability, dubbed ‘Shellshock’, affects the command interpreter in these operating systems.

So what does this mean? To give you an idea, this flaw could allow a cyber-criminal to remotely access a system using Bash and insert spyware designed to steal confidential information or even take control of the system.

The hole was discovered by Stephane Schazeblas and it would appear that it is more serious than Heartbleed, the vulnerability discovered in the OpenSSL library last April. According to the CVSS rating of the security hole, Shellshock has a score of 10, while Heartbleed was rated 5.

What can you do to protect yourself from the Bash vulnerability? Update your software and keep your operating system up-to-date.

* Many thanks to our colleague from Critical Malware, Daniel Garcia, for his help.

The post Shellshock, the security hole in Bash that affects Linux and OS X appeared first on MediaCenter Panda Security.

Panda Security

Have you got an account with Viator? Change your password!

Leave a comment

tripadvisor hacked

Viator has been hacked by cyber-crooks who have managed to access users’ bank details. Of the 1.4 million customers, it is still not known how many have been affected by the attack.

The company has confirmed that it has hired IT experts to discover what happened and how the criminals were able to hack the system. Although there are still not too many details about the incident, it has been confirmed that the attack took place between September 2 and 3.

It appears that Viator became aware of the attack through complaints from users about unauthorized payments with the cards they had used on its service.

To prevent further data theft, Viator is asking users to change their account passwords and keep a close eye on their credit card transactions.

More| How to create strong passwords

The post Have you got an account with Viator? Change your password! appeared first on MediaCenter Panda Security.