Tag Archives: Security

New Security Measure in the US and UK: Tablets Banned on Some Flights

Laptops, handheld video games, cameras, tablets… unless it has some sort of medical use, all electronic devices bigger than a smartphone will be banned from the cabin of all flights originating in North Africa and the Middle East and bound for the US or UK.

The Trump administration announced the drastic measure, which will affect ten airports in Jordan, Egypt, Saudi Arabia, Kuwait, Morocco, Qatar, Turkey, and the United Arab Emirates.

According to the department of Homeland Security, terrorist organizations “continue to target commercial aviation and are aggressively pursuing innovative methods to undertake their attacks, to include smuggling explosive devices in various consumer items.”

The UK has adopted a similar ban against laptops and tablets. In this case, the measurements are specified and can only travel in checked luggage. The ban is effective for six countries in order to “maintain the safety of British nationals.” Recently, a bomb exploded on a Daallo Airlines flight that may have been hidden on a laptop, forcing the plane to make an emergency landing in Mogadishu.

Fear of Explosions… and Cyberattacks?

Even though the TSA (Transport Security Administration) hasn’t gone into detail about the ban, Kip Hawley, ex-director of the organization, defended the decision. According to Hawley, an explosive charge could be installed in a smartphone as well, but would be limited by size and insufficient to pose any major threat.

At the same time, a bomb in the cargo bay would be ineffective, since not only is it surrounded by suitcases that would stifle the blast, but is also itself highly reinforced.

Oddly enough, the decision arrived not long after the Federal Aviation Administration announced that lithium batteries presented the risk of catching fire while in storage under the plane. Some experts have criticized the new measures. Nicholas Weaver, researcher at the International Computer Science Institute, has taken the opposing stance that a bomb “would work just as well in the cargo hold.”

Weaver also points out that if hacking is the main concern, “a cellphone is a computer.” After the Germanwings accident, which took the lives of 150 people, some questioned whether a cybercriminal could be responsible.  As of now, however, the threat of a cyberattack is still hypothetical. Indeed, it has only been demonstrated that control can be taken of navigation systems in a simulation environment.

Recently, a Spanish researcher discovered vulnerabilities in planes’ in-flight entertainment systems. The most damage he could do, however, was to turn on and off the lights, broadcast messages over the PA, or steal card numbers from passengers making in-flight purchases.

For the time being, it seems the fears of the US and UK are not based on a potential cyberattack, but rather on the stated concern about hidden explosives. As can be expected from sensitive policy decisions, however, neither London nor Washington are offering much in the way of details.

The post New Security Measure in the US and UK: Tablets Banned on Some Flights appeared first on Panda Security Mediacenter.

How safe are VPNs?

It’s a tough economy out there. Things are looking up, alright. But for some low-life criminals like Joe Crook, ANY work will always be too much work anyway. So what do people like Joe Crook do? They scheme. They’re on the lookout for the latest scam so that they can defraud you of your hard-earnt cash.

How does a vpn work?

Take VPN technology for example. For IT knowledgeable evil-doers, it’s as good a target as anything there is. The technology has been around for decades of course. In the beginning, it was meant for big businesses – and most probably it was never intended for the many purposes that it serves today (nope, it was not created with Netflix in mind!)

The original idea behind this technology was to create a private connection between multiple people and devices across the Internet. In other words, it was the Internet within an Internet: a secure, private and encrypted network keeping hackers, ransomware, prying eyes and anybody that was after your personal data.

In a way, VPN offered a perfect solution to those sharing sensitive data or looking to evade government censorship. VPNs typically allowed only authenticated remote access via tunneling protocols and other encryption techniques to prevent disclosure of private information. In short, no one knew where you surfed, what content you saw, nor where you were even surfing from. Your connection was fully encrypted!

VPN’s risks

But, sensing an opportunity, the Joe Crooks of this world came to realize people like Average Joe might have grown complacent in their use of VPN. For instance, millions connect to public Wi-Fi hotspots without thinking twice about the potential consequences. Fraudsters came to understand the technology’s possible weaknesses. And with over 280 million Internet users in the US alone, roughly 80% of which are using the web every single day, let’s just say there is plenty of fish to go after.

It’s not just traditional VPN that can be targeted

Research conducted just last year revealed that nine in 10 SSL VPNs were using insecure or outdated encryption. The large-scale study randomly scanned over 10,000 live and publicly-accessible SSL VPN servers (SSL refers to Secure Sockets Layer – it’s a form of VPN that can be used with a standard web browser).

Users’privacy

Although VPNs are meant to protect users’ privacy by setting up an encrypted tunnel between the device being used and the VPN provider’s servers, vulnerabilities are known to exist. Hackers like Joe Crook are keen to steal your data mid-transit and unfortunately are getting better at it.

So what more should you do to protect your privacy online?

When making payments online, are you unwillingly allowing hoodlums to help themselves to your credit card details? One thing for sure, our devices are getting more and more connected every day. Having access to a VPN should form part of your set of digital tools – though it isn’t a foolproof sort of firewall by any stretch of the imagination.

And for the highest level of protection look nowhere else but to Panda Security. We have developed a cyber-security platform designed to eradicate threats. Security systems are activated before threats are executed, and advanced protection for endpoints and servers helps destroy the malware before it’s too late. Now, that’s what we call protection!

We’d like to ask you about the VPNs, do you have 2 minutes ?

 

The post How safe are VPNs? appeared first on Panda Security Mediacenter.

Charger, the Most Costly Ransomware to Smartphone Users

Ransomware is evolving and becoming increasingly sophisticated, posing a greater threat to companies and private users alike. This malicious software has shown that it can propagate by using the viral mechanisms of a meme, that it can directly attack corporate servers, or even camouflage itself in false resumes. And now it has made its way to other devices, namely, our smartphones.

It is now the main threat to mobile devices, until now considered to be relatively virus-free compared with their PC counterparts. Recently, a new ransomware was discovered that goes by the name of Charger, which copies all the data from your agenda, text messages, etc., and seeks admin permissions from the devices owner. If the unwary user accepts the request, the malicious code begins its attack. A message warns the owner that their device has been blocked and their stolen personal data will be sold on the dark web unless they proceed to pay a ransom.

The Most Costly Ransom

Charger’s victims will have to pay 0.2 bitcoins (at about $1000 a bitcoin, it comes out to a round $200) to, supposedly, unblock their device. It may not be the first ransomware to affect smartphones, but never before has this figure been so high.

Also new is its means of spreading.  Until now, most cyberattacks targeting mobile phones found their gateway in applications downloaded outside official app stores. With Charger it’s different. Charger attacks Android devices through a power saver app that could be downloaded from Google Play, Android’s official app store.

It is vital for employees to be aware of the dangers of downloading apps from unverified sources. They should also know that it’s not such a great idea to store sensitive corporate data on their computers or mobile devices without taking the proper security precautions. Keeping passwords or confidential documents on an unprotected device could end up giving cybercriminals just what they need to access corporate platforms.

We’ve said it before, and we’ll say it again: new attacks like these come about every day and can take anyone by surprise, be they casual users or security experts. The unpredictable nature of attacks like Charger make an advanced cybersecurity solution indispensable. Perimeter-based security solutions are simply not enough anymore.

 

The post Charger, the Most Costly Ransomware to Smartphone Users appeared first on Panda Security Mediacenter.

WhatsApp, message encryption and national security

Is Whatsapp the perfect communication channel for terrorists?

The devastating terrorist attack that took place in London last week has brought grief to the UK and the rest of the world. The police that investigation into the incident has raised a number of questions, that could have far-reaching consequences.

WhatsApp and messaging encryption hits the headlines

The discovery that terrorist Khalid Masood had been using the messaging app WhatsApp shortly before the attack presents police with a problem. WhatsApp uses a technology called end-to-end encryption to encode text messages.

This encryption is intended to protect messages from being intercepted by hackers and cybercriminals. If a text is intercepted, it cannot be read without the decryption key – and only the authorised sender has that key. The text is completely garbage without decryption.

Unfortunately this also means that legal investigators cannot access those texts either – the data is completely inaccessible without access to Masood’s phone. Which means that the police may be missing vital evidence of other terrorist activities because the texts are encrypted.

UK government criticises encryption

Speaking in the media, UK Home Secretary Amber Rudd has criticised the use of end-to-end encryption, calling it “completely unacceptable”. She even went as far as suggesting that these encrypted messaging apps are “places for terrorists to hide”.

Ms Rudd’s main concern is that traditional surveillance techniques used to prevent terrorism and crime simply do not work in the age of complex encryption. As such, police and intelligence services are limited in what they can do to keep people safe.

A difficult issue globally

The London terror attack is not the first time security services have run into problems. The FBI has run into similar problems in the US too, unable to access encrypted smartphones belonging to criminals.

Service providers like Apple, Google and Facebook have complied with requests to access data in the past, but in the case of WhatsApp, they remain powerless to act. All encryption keys are specific to the phone owner – services providers like WhatsApp do not store copies, so even they cannot read messages.

Clearly there is no easy answer

.
For the majority of people, encryption is a vital tool to protecting their sensitive personal data. However criminals will exploit that anonymity – placing lives in danger in the process.

In future we may see WhatsApp and other messaging providers being forced by governments to create a “backdoor” in their apps that allows for proper surveillance. Although useful for the intelligence services, this approach could also be exploited by hackers, immediately weakening security of law-abiding citizens too.

How this situation will be resolved remains to be seen. But it could be that your favourite messaging app will undergo major changes security-wise in the near future.

The post WhatsApp, message encryption and national security appeared first on Panda Security Mediacenter.

AVG Business at MSPWorld 2017 Conference in New Orleans

AVG Business by Avast is proud to be a Gold sponsor of MSPWorld®, the premier conference for cloud and managed services professionals.

You may have thought the New Orleans Jazz and Heritage Festival was the highlight of springtime in “The Big Easy”, but for MSPs across the country, the event of the year is MSPWorld which takes place in New Orleans, Louisiana from March 26th to 28th. MSPWorld is the perfect place for people working in the managed services industry to learn from their peers, because this world-class conference is run by MSPs, for MSPs.

Visit AVG Business by Avast MSPWorld 2017 to get a 50% discount on a full conference pass, and stop by booth #33 to meet the AVG Business by Avast team. We are there to share our expertise on how to develop pricing models to support revenue growth, provide cost effective 24/7 support, and ensure your customers’ environments are secure and performing optimally.

We want to have some fun with you too, so plan to arrive early and join us Tuesday from 11:00am – 4:00pm at the Lakewood Golf Club for the MSPWorld Golf Tournament.  Reserve your spot to chill with us afterwards for an exclusive AVG Business Partner Event cruising on the Steamboat Natchez Tuesday evening.

Steamboat Natchez

Your schedule can get busy quickly at MSPWorld, so mark your calendar in advance for the following speaking sessions:

Creating a competitive MSP Pricing Model

Date: March 27, 2017
Time: 9:45am to 10:15am
Location: Gallery 1-3

Ryan Vallee, Product Management Lead for AVG Business by Avast, will be speaking about the importance of properly pricing your service to stimulate business growth. The science to calculating labor cost, overhead, software solution, etc. to achieve a desired margin can be a bit of a mystery to many. Whether you offer reactive, proactive, or fixed-fee models, this session will guide you to develop profitable service plans that take into consideration all known costs to provide a Managed Service to your customers; AND, help you evolve your business into higher levels of profitability.

Scaling your Managed Services for NOC & Help Desk

Date: March 27, 2017
Time: 2:15pm to 3:00pm
Location: Gallery 1

Staale Swift, Chief Executive Officer at NOCDOC will address what is going on in the market today and its impact on managed service providers. He will answer questions MSPs have about growing or expanding their businesses, what you can offer your clients, considerations when you are building up your offering, and the value you bring to the table.

We look forward to seeing you at MSPWorld. Visit our website to get your MSPWorld discount and for our exclusive partner event cruising the Mississippi River. Stay a few more days for Jazz Fest 2017.

The Apps That Most Frequently Appear on Companies’ Blacklists

Apps installed on smartphones and tablets are considered to be one of the biggest risks for companies today. And for good reason. In addition to diminishing the performance of the devices themselves, they can become the gateway to mobile and corporate tablets for cybercriminals.

Because of this, IT departments should be wary of employees downloading certain apps on their devices that may pose a risk, whether because of their popularity or their vulnerabilities.

A recent study looks at the applications that have been most banned by companies around the world, and the result is not surprising: although its popularity began more than five years ago, Angry Birds is the most vetoed mobile app to today.

After surveying technology leaders from nearly 8,000 companies around the world, the report’s authors concluded that globally the game has been declared the number one public enemy of corporate security. No wonder, bearing in mind that the sequel to the game, ‘Angry Birds 2’, was infected a couple of years ago by malware that affected iOS devices.

The ban of Angry Birds on corporate devices shows that, today, mobile phones and business tablets are used interchangeably for professional and personal matters. On the other hand, BYOD (‘Bring Your Own Device’) has become a trend that, either because of the vulnerability of certain applications or of employees’ own personal devices, can jeopardize the security of any company.

To carry out the study, its authors took into account both Android devices and those with iOS or Windows Phone as operating systems. In this sort of blacklist, other applications that veer more toward the personal than the professional follow on the heels of Angry Birds, Dropbox and Facebook: platforms like WhatsApp, Twitter or Netflix are also among the ten most banned applications in the business world.

Another notable conclusion of the study is that among the prohibited applications there are also some that would seem right at home in a corporate environment. However, even these are considered by many companies to be a danger to their security. Such is the case of Skype, Outlook or Dropbox itself, which, after a leak that compromised millions of passwords, seems to have fallen out of favor of late.

The post The Apps That Most Frequently Appear on Companies’ Blacklists appeared first on Panda Security Mediacenter.

Should You Share Your Netflix Password?

What you need to know before sharing your Netflix account details

Is it illegal to share your Netflix password? As of July last year, a court ruling in the US asserted that it is, in fact, a federal crime to share passwords for online streaming services.

If you share your Netflix password with people you trust though, the truth is that there’s no real need to stress out. It is very unlikely that Netflix are actively coming after password sharers.

Reed Hastings, Netflix CEO, spoke on the subject at CES last year:

We love people sharing Netflix whether they’re two people on a couch or 10 people on a couch. That’s a positive thing, not a negative thing.

The new court ruling was part of the 30 year old Computer Fraud and Abuse Act (CFAA). For obvious reasons, it’s difficult to legislate for online activity, and the CFAA is known for its uncertain, ambiguous and sometimes murky rulings.

Whilst password sharing may be a contentious subject, drawing widely differing opinions from legislators and the CEOs of streaming services, it’s important to look at the impact that account sharing could have on a user.

Reed Hastings recently told Business Insider that, “as long as they aren’t selling them, members can use their passwords however they please.”

Is this advisable though? Probably not.

The first question on your mind when someone asks if they can use your Netflix account, is do you trust that person? Even if they pinky promise they’ll stop using it after that House of Cards binge. This may seem obvious, but bad things can happen if your Netflix password is passed on enough times that it falls into the wrong hands.

Without you knowing, it’s possible, for example, that your account details could be sold on the black market. It could become part of a Netflix scam that sees your account being used a lure to infect people’s systems with ransomware. If you’re “recently watched” section is coming up with shows you’ve never seen, it may be that your account is being used by strangers.

Or the friend who promised to stop after House of Cards simply couldn’t resist.

It’s Safe To Share, If You Trust The Other Person

The truth is that Netflix also have their own way of dealing with over sharing of passwords. Their basic account setting allows for one stream at a time. The standard account allows for two. It’s a simple way of stopping one password being shared with hundreds of people.

Netflix is famous for having encouraged binge watching of shows, and it simply wouldn’t be possible if users had to co-ordinate and share out the use of one account. Hastings relies on the concurrent streaming limit, as well as their relatively inexpensive service being enough of a draw to stop people sharing passwords. It is very unlikely that they would ever try to prosecute users.

“Password sharing is something you have to learn to live with”

Hastings has emphasized as well that there’s no plan to add any other type of restriction to account sharing. “Password sharing is something you have to learn to live with, because there’s so much legitimate password sharing, like you sharing with your spouse, with your kids… so there’s no bright line, and we’re doing fine as is,” he said.

Anyone remember, the early days of online sharing when Metallica received a mighty backlash for having called out thousands of their own fans -who had shared their music online- as criminals? Maybe Hastings knows this type of stance would be bad press, especially for a company whose modus operandi, after all, is online sharing.

There is talk of what’s appropriate ethically though. Something that seems completely fair, considering Hasting’s and Netflix’s relaxed stance towards their service’s members.

We usually like to think that a husband and wife can share an account and that’s perfectly appropriate and acceptable,” said Hastings during a 2013 earnings call. “If you mean, ‘Hey, I got my password from my boyfriend’s uncle,’ then that’s not what we would consider appropriate.

The post Should You Share Your Netflix Password? appeared first on Panda Security Mediacenter.

Protect Your Instagram Account From Spambots

Comments that have nothing to do with the photo you’ve posted, followers that don’t seem completely human despite their profile picture, messages from unknown accounts containing suspicious links or offering to help you get followers… It’s likely that you or some of your friends and maybe even the social media manager at your company have run up against this kind of thing on Instagram.

Spambots continue to be a major headache for the Facebook-owned social network that has over 600 million users. According to a study carried out by Italian researchers, 8% of Instagram accounts are false.

This is a blight on the company’s image, and has led to some embarrassing occurrences, like the time when spammers inundated feeds with a multitude of pornography. Apart from that, there are plenty of brands that use bots to swell the numbers of their followers, a practice that Instagram prohibits. So what can you do about this?

Instagram offers its users a few tools to report spam. The user can delete a comment that she considers offensive and report it, block a user or inform the social network that a profile or a publication is potentially suspicious. For example, if you see that a user does not share photos, follows hundreds of people and only posts comments with links, it could well be a ‘spammer’, although generally try to hide it using an attractive profile photo.

Recently, the social network has included new options to protect privacy. If you’ve decided to make your account private (which is advisable if you don’t want strangers browsing through your photos), then you can now remove followers without having to block them.

Also, all Instagram users can now use an automatic filter that eliminates comments which include a word considered offensive by the community or by the user. Just go to Options, Comments, and Hide inappropriate comments. In fact, you can disable comments on photos and videos altogether.

On the other hand, if an unknown follower sends you a direct message, it is best not to click on the link. It could be a bot sending a malicious ‘link’. It is also possible that its intention is to start a phishing attack.

Improving Instagram account privacy by adding two-step verification, using a strong password, and being careful about sharing content are other tips to avoid running into security problems with your personal or company accounts. And of course, if your using any social network from work computers, Panda Security’s advanced cybersecurity solutions for companies could be a great help in preventing spam from leading to the downloading of malware.

The post Protect Your Instagram Account From Spambots appeared first on Panda Security Mediacenter.

Your Android lock pattern can be cracked in just five attempts

 

If you use a lock pattern to secure your Android smartphone, you probably think that’s the perfect way to avoid unwanted intrusions. However, that line you draw with your finger may be a bit too simple. After all, if even Mark Zuckerberg himself used ‘dadada’ for all of his passwords, it is not surprising that your lock pattern may be a simple letter of the alphabet.

Android lock patterns can be easily cracked using a computer vision algorithm.

Relax, you are not the only one. Around 40 percent of Android users prefer lock patterns to PIN codes or text passwords to protect their devices. And they usually go for simple patterns. Most people only use four of the nine available nodes, according to a recent study conducted by the Norwegian University of Science and Technology. Additionally, 44 percent of people start their lock screen pattern from the top left corner of the grid.

Even though creating more complicated patterns may seem like the best solution to make your password harder to guess, a team of researchers has demonstrated that complex patterns are surprisingly easier to crack than simple ones by using an algorithm.

Hackers can steal your lock pattern from a distance

Picture this: You sit at a table in your favorite café, take your smartphone out of your pocket and trace your lock pattern across the phone screen. Meanwhile, an attacker at a nearby table films the movements of your fingers. Within seconds, the software installed on their device will suggest a small number of possible patterns that could be used to unlock your smartphone or tablet.

Researchers from the Lancaster University and the University of Bath in the UK, along with the Northwest University in China, have shown that this type of attack can be carried out successfully by using footage filmed with a video camera and a computer vision algorithm. The researchers evaluated the attack using 120 unique patterns collected from users, and were able to crack 95 percent of patterns within five attempts.

The attack works even without the video footage being able to see any of the on-screen content, and regardless of the size of the screen. The attackers would not even need to be close to the victim, as the team was able to steal information from up to two and a half meters away by filming on a standard smartphone camera, and from nine meters using a more advanced digital SLR camera.

Surprising as it may seem, the team also found that longer patterns are easier to hack, as they help the algorithm to narrow down the possible options. During tests, researchers were able to crack all but one of the patterns categorized as complex, 87.5 percent of median complex patterns, and 60 percent of simple patterns with the first attempt.

Now, if tracing a complex pattern is not a safe alternative, what can you do to protect yourself, especially if you store sensitive data on your smartphone? Using your hand to cover the screen when drawing your lock pattern (just as you do when using an ATM), or reducing your device’s screen color and brightness to confuse the recording camera are some of the recommendations offered by researchers.

The post Your Android lock pattern can be cracked in just five attempts appeared first on Panda Security Mediacenter.