Tag Archives: News

Panda Security

Hijacking and Theft: The Dangers of Virtual Reality for Businesses

virtual reality panda

Tech giants such as Google, Facebook, or Samsung are betting heavily on virtual reality. As such, this technology has all the hallmarks of something that may soon revolutionize our lives. It may also revolutionize a multitude of business sectors. Tourism (traveling without getting up from the couch), education (seeing history instead of learning the bare facts or visiting the inside of the human body for your anatomy lesson), entertainment (movies starring you), and much more.

However, it is still very much in the early stages of its development. We’re not hearing much about the cybersecurity risks that come along with it. We should be aware that virtual reality, as with any innovation, carries with it some new threats, as well as some old ones that can reinvent themselves in light of new technology.

Virtual Theft

Imagine you’re participating in a virtual reality contest that promises to give you the house of your dreams if you succeed in building it in 100 hours using Lego blocks. You toil away on your house to meet the requirements and in the end you succeed, at which point the organizers grant you the property of the living space that fascinates you so. However, there’s a cybercriminal on the prowl. He sneaks into the application’s servers and modifies the ownership of the property. Of course you’ve lost nothing physical, but you have lost valuable time. And the company behind the app has lost even more than that. At the very least, they’ve lost your trust, as well as that of the rest of their users.

Identity Theft

As worried as we are about the massive credential data breaches that companies increasingly suffer during cyberattacks, in the virtual world things may get worse. Intruders will be able to get their hands not only on usernames and passwords, but also on the user’s physical identity (the hyperrealist avatar generated after scanning their own body).

With all of their biometrics data in your possession, it may end up being easy to steal an actual person. Companies that safeguard such information may therefore face greater risks than those found in the age of credential theft.

Reality Modification

Attackers can figure out how to modify a given application’s code to manipulate (virtual) reality as they please. The number of scenarios is infinite. Accessing the virtual offices of a company that works remotely, modifying information to harm a business’s reputation, altering user experience… There’s a whole world of potential risks waiting to be discovered that will bring about new challenges for cybersecurity experts.

Headset Security

In much the same way that malware can affect computers and mobile devices, it can affect virtual reality headsets. Cybercriminals can attack these headsets with a diversity (and perversity) of intentions. Everything from a keylogger able to track user activity to a ransomware that blocks access to a specific virtual world until the user shells out a ransom may be implanted.

The post Hijacking and Theft: The Dangers of Virtual Reality for Businesses appeared first on Panda Security Mediacenter.

Panda Security

One billion and one reasons to change your password

After another Yahoo’s data breach find out why you need to strengthen your security

Dear 2016, we want you to please be over already! PLEASE!

In a statement released by Yahoo yesterday they confirmed that there’s been another data breach. According to the press release the leaked information is associated with more than one billion Yahoo user accounts. The incident is different than the one reported few months ago. However, initial examinations suggest both attacks have been performed by the same hackers. There are a few things we recommend you to do right away to avoid becoming a victim of cybercrime. Don’t delay it!

When did this happen?

Yahoo confirmed the incident happened August 2013. Not to be mistaken with the data breach reported on September 22nd earlier this year.

What information was stolen?

No one really knows for sure, however the stolen information may have included personal information such as names, email addresses, telephone numbers, dates of birth, passwords and, in some cases, encrypted or unencrypted security questions and answers.

How is this affecting Yahoo?

In terms of branding and resonance, it’s the latest security blow against the former number one Internet giant. This kind of news won’t help user confidence in the company that has been heavily criticized by leading senators for taking two years to disclose the September 2014 breach. To make matters worse, this new one is from 2013. Yahoo was down more than 2.5 percent in after-hours trading on the Nasdaq in New York.

The company once valued at $125bn will not be sold for more than $5bn to Verizon. The price may go even lower. What make things really bad for Yahoo is that according to BBC, Yahoo knew about the hack but decided to keep quiet… not a smart move.

The good news

Even though your personal information has been circling the dark web for more than 2 years, you may not be affected at all. We are talking about 1 billion accounts – this is a lot of data to process. However, if you don’t change your passwords regularly or if you tend to keep using the same answers on security questions, you may be in danger.

Troublemakers might be able to use the information to get your bank details or commit identity fraud. It’s vital to be self-conscious and protect yourself. And if you do, you don’t have anything to worry about.
Even though Yahoo are working closely with law enforcement and they are doing their best to protect your data, changing your password regularly and installing an antivirus software is a must.

The post One billion and one reasons to change your password appeared first on Panda Security Mediacenter.

Panda Security

Google to punish repeat offenders by marking their websites insecure

security warning google

 

Mountain View appears to be fully committed to web user security. In 2016, Google has already launched various initiatives to penalize poor website security practices (or, on the other hand, to reward users who follow their recommendations). Now they’ve proposed to clearly mark websites that not only pose a threat to web users, but are also repeat offenders.

In fact, both in Chrome (the company’s own browser) and in other browsers such as Firefox and Safari, the search engine will show a warning in front of websites that intentionally spread malware, as well as those that are, in reality, used as instruments of phishing.

This is actually something that Google does already. What’s new is that the company will begin to take decisive action against those who repeatedly attempt to skip over safety rules. Once a website is marked as dangerous, the admin can update the page to eliminate the infractions in question, at which point Google takes down the warning. If the search engine finds itself routinely notifying the admin to inspect the warning, in some cases their chance to have the warning removed will be rescinded for 30 days.

Specifically, the option to resolve these issues will be eliminated for websites that, after requesting a reappraisal, make a few changes to get up to code and then subsequently go back to carrying out practices that put users in danger. To combat these repeat offenders that modify their websites just for show, Google will crack down on them by keeping the warning message up for an entire month, with no possibility of turning over the ruling during this time.

This news is actually somewhat of a double-edged sword for companies. On the one hand, it’s undoubtedly beneficial that employees can know at a glance whether they are about to enter a website that could jeopardize the company’s security. But as the saying goes, all that glitters is not gold.

Google’s new measure cranks up the pressure on companies to make sure their corporate website does not pose a risk to users. Otherwise, the penalization issued by the good people at Mountain View could prove a real disaster for the business — beyond putting users at risk, it may end up scaring away future clients.

The post Google to punish repeat offenders by marking their websites insecure appeared first on Panda Security Mediacenter.

Panda Security

In 2017, less malware and more advanced attacks

pandalabs-predictions

The decline in new malware and the increased professionalization of attacks will set the tone in cybersecurity for next year, according to PandaLabs’ Cybersecurity  Predictions for 2017. Ransomware will encompass the majority of attacks, and companies will amass a larger number of increasingly advanced intrusions.

As far as cybersecurity goes, we bid farewell to a year replete with high-profile attacks that have jeopardized large corporations and private users. Ransomware attacks from Petya, Trojans such as Gugi for Android, the spyware Pegasus, PunkeyPOS, or large-scale attacks targeting point of sale terminals as well as the recent DDoS (Distributed Denial of Service) attacks have affected large organizations and international communication networks.

We rank the most popular attacks of the year, analyzing their evolution and taking a look at the cybernetic threats that 2017 has in store:

Cybercrime

Cybercriminals focus their efforts on those attacks which can rake in the most profit, using more effective tactics and professionalizing their operations in a way that allows them to make quick and easy money in an efficient manner.

Ransomware

This Trojan Horse will take center stage with regard to cybersecurity and will cannibalize other more traditional attacks that are based on data theft. The pursuit of profit is the primary motivation of cybercriminals, and ransomware is the simplest and most effective way to achieve this. Some things never change: victims of this hijacking malware will have to decide whether to pay, or not, to recover their data. Panda Security encourages victims to keep in mind that paying the ransom does not guarantee the total recovery of stolen data.

Companies

The number of attacks directed at corporations will increase, as these attacks become more and more advanced. Companies are already the prime target of cybercriminals, as their information is more valuable than that of private users.

Internet of Things (IoT)

The next cybersecurity nightmare. The technological revolution has ushered in the complete integration of smaller devices into the grid, which can be converted into entryways into corporate networks.

DDoS Attacks

The final months of 2016 witnessed the most powerful DDoS (Distributed Denial of Service) attacks in history. These attacks were carried out by bot networks that relied on thousands of affected IoT devices (IP cameras, routers, etc.). 2017 will see an increase in this kind of attack, which is typically used to blackmail companies or to harm their business (by blocking web access, online shopping, etc.).

Mobile Phones

Focusing on one single OS makes it easier for cybercriminals to fix a target with maximal dissemination and profitability. Android users will get the worst of it in the next 12 months.

Cyberwar

The precarious situation with regard to international relations can have huge — and serious — consequences in the field of cybersecurity. Governments will want access to still more information (at a time when encryption is becoming more popular), and intelligence agencies will become still more interested in obtaining information that could benefit industry in their countries. A global situation of this kind could hamper data sharing initiatives in the next year.

Download the Pandalab’s Predictions here:

Download

 

 

The post In 2017, less malware and more advanced attacks appeared first on Panda Security Mediacenter.

Panda Security

Panda Security and Altitude Partner to Secure Information in the Contact Center

partnership-panda

Panda Security, a leading advanced cybersecurity company, and Altitude, a global provider of omnichannel solutions that deliver great customer experiences, today announced a new strategic partnership. This partnership will combine Panda and Altitude expertise, solutions and services to maximize and optimize the prevention of data leakage in the contact center.

Recent research  shows a 29% increase in data breaches since 2013, with an average cost of $4 million per incident and an average cost of $158 per lost or stolen record. Other reports  point out that, for the first time, in 2015 security events traced to insiders have outranked security incidents by outsiders.

Innovative integrated monitoring and security platform for the contact center

The Panda Security and Altitude partnership will provide an integrated monitoring and security platform that relies on big data and analytics to detect and block outsider and insider threats in the contact center. Both companies will work together to deliver endpoint protection, detection and response, data leak prevention and user/entity behavior analytics.

“Contact Centers need to be more effective in preventing breaches and they need to be able to react if the prevention fails” said Raúl Pérez García, Global Presales Manager at Panda Security. “Our solution, integrated with Altitude, analyzes and correlates all the information generated about cyber-threats in order to initiate prevention, detection, response and remediation routines, configuring a whole security intelligence system able to uncover malicious behavior patterns and generate advanced cyber-security action to pre-empt malware”.

“The deliberate or accidental release of sensitive data in contact centers is a problem with far reaching consequences as companies are required to comply with more regulation to take reasonable technical, physical and organizational measures to protect the security of sensitive information”, states Jesus Cuadrado, Business Solutions Manager at Altitude Software. “Together with Panda, we are bringing to the market a solution specifically designed to stop the loss of sensitive information in a contact center environment, focused on automating the protection and detection of mishandled data”.

Panda Adaptive Defense 360 is the first cyber-security service that combines next-generation protection and detection and response technologies, with the ability to classify 100% of running processes. The platform delivers a complete cyber-security infrastructure, comprising a suite of services that connect contextual intelligence with the solutions that implement remedial actions on endpoints. Adaptive protection against malware, integrating prevention, detection, forensic analysis, categorization of all running processes and automated remediation.

The Altitude uCI (Unified Customer Interaction) suite is a complete, modular contact center software solution that provides all the functionality required to provide customers with the best experience. The modularity of the contact center software solution allows contact centers to grow according to business needs, avoiding significant upfront investments. Whether organizations use all the modules, just part of the solution, or employ 10 or 100 agents, Altitude uCI provides the ability to engage with customers and provide them with outstanding service.

 

The post Panda Security and Altitude Partner to Secure Information in the Contact Center appeared first on Panda Security Mediacenter.

Panda Security

Panda Endpoint Protection Is Given The VB100 Certificate By Virus Bulletin For Windows 10

virus-bulletin-panda-awards

Panda Security’s cybersecurity solutions have been recognized by the independent consultancy Virus Bulletin, which specializes in the prevention, detection, and elimination of malicious software and spam.

The publication, which regularly features analyses of the latest virus threats and evaluations of the leading anti-malware products on the market, has awarded Panda Endpoint Protection the VB100 certificate in the most recent comparative examination of 2016 with Windows 10 Pro.

The publication, which regularly features analyses of the latest virus threats and evaluations of the leading anti-malware products on the market, has awarded Panda Endpoint Protection the VB100 certificate in the most recent comparative examination of 2016 with Windows 10 Pro.

Panda Security consistently maintains excellent results in the latest tests, placing the Spanish company in a privileged position.

See the complete report with study results here.

Quality Assurance Certification

Windows 10 has become the predetermined OS for Windows launched by Microsoft. There have been various issues which have set off alarm bells for some of the most cautious users.

The first characteristic of Microsoft’s new operating system that we should be aware of is that it has been designed like a cloud service. This means that now, whether you like it or not, you will share more information than ever with Microsoft. Fortunately, there are some things that you can configure to minimize the damage if you consider this to be a threat to your security.

Another of the characteristics of Windows 10 that has caused much debate is the “Advertisement ID”. It is basically a code, a unique identification number, which works like the cookies of a webpage.

For some, the new location options that Microsoft has included may feel invasive. Also potentially invasive is the fact that, as happens with Apple’s Siri or with Google Now, this tool requires access to large quantities of personal information in order to respond to whatever questions a user may ask it.

If this new operating system still hasn’t convinced you, and you’d prefer to keep your information private after installing Windows 10, the most advisable course of action would be to turn to a good cybersecurity solution such as the one offered by Panda Security, compatible with Windows 10 and vouched for by Virus Bulletin.

The post Panda Endpoint Protection Is Given The VB100 Certificate By Virus Bulletin For Windows 10 appeared first on Panda Security Mediacenter.