Author Archives: Panda Security

Zane Lackey: “You shouldn’t invest in security just for compliance”

The concept of the cybersecurity manager is evolving, as the role shifts from the traditional “gatekeeper” to a more universal, company-wide security facilitator. Zane Lackey, our guest this month, is one of the most important white hat hackers in the world, and author of books such as Mobile Application Security and Hacking Exposed: Web 2.0. Currently, Lackey is the co-founder and CSO of Signal Sciences, a web application protection platform, and is also a member of the Advisory Board of the Internet Bug Bounty Program and the Open Technology Fund.

Although new infrastructures, services, and applications are being created, such simple things as security failures at the endpoint or a lack of two-factor authentication systems continue to be the cause of the global attacks making headlines.

We began the interview by recalling Zane’s days as a white hat hacker.

 Panda Security: What techniques do you use to detect a vulnerability and expose a threat to avoid an attack?

Going back to my pentesting days, which was quite a while ago at this point, the most common things I would look for were the assumptions made in the design of the system. Then I would look for ways those assumptions might be violated. On the defensive side, I took that mindset thinking about how to empower development teams and DevOps teams. That was one of the biggest lessons learned for me — going from a white hat, security consulting, pentesting kind of thing over to becoming a CISO and building a security organization, is really focused on how to give the engineering team as much visibility into what’s going on in production as possible.

PS: How do programs like Internet Bug Bounty help to resolve vulnerabilities that have been discovered? After a flaw is discovered, how do you act?

 I know there have been some changes in the Bug Bounty program recently, so I don’t want to say anything that would be incorrect there, but I think that from having run multiple Bug Bounties in the past, the important thing is trying to establish good communication with the researchers that come in. Because a lot of times, you’ll get a report that is partial or doesn’t contain all the info that is needed to reproduce the issue. So being able to say, “Hey, these are the five bits of information that we need so we can take this to the relevant service team or application team”, can help communication on both sides. And at the same time, trying to communicate back to the researchers so it’s not just a black box for them. Trying to be as transparent as possible on both sides — that’s what really leads to a good Bug Bounty experience, both for the researchers and for the organizations that actually work with them.

 I think anyone who’s run a Bug Bounty program gets used to seeing all kinds of things. You see everything from systems that you didn’t know about, to pretty much every type of vulnerability, even ones that you don’t think that you have. So I really strongly believe in the value of these programs, and I think they complement pentesting very well. Combining the two can really help most security programs out there. The reason I like Bug Bounty programs so much in combination with pentests is because it allows you to focus your pentests on very specific areas rather than trying to have them test everything when they don’t have time for that. So you can use your bug bounties to try and get very wide coverage, and you can use your pentests to try and get very focused and specific coverage.

PS: The NHS has recently hired white hat hackers to identify cyberthreats. Do you believe ethical hackers are indispensable in today’s organizations to avoid breaches and strengthen defense?

 For every organization, you need to be thinking about how people actually attack your systems. So white hat hackers, and pentesting, and bug bounties, those are all a piece of it. They’re not the full story, but they’re a piece of it. You don’t want to be doing security just for compliance, or just trying to check the box of different defenses to put in place. I challenge folks to have the number one thing that they’re thinking about as they’re trying to build a security program be: how would an attacker actually attack my organization? And really use that to drive the defensive programs that you put in place. And that’s where red teaming, white hat hackers, bug bounties, and all these ways to test your system can be a very powerful feedback loop. Because they can show, when your systems are being attacked, “this is where they went.” And that can focus your defenses.

So I really strongly believe in balancing offense and defense and using one to guide the other, and not just trying to do one in isolation.

PS: How can you implement DevOps to make companies safer?

I truly believe that embracing DevOps and embracing Cloud can make you safer. The reason for that is, in any development methodology, you’re still going to have vulnerabilities. So as soon as you recognize that fact, the logical conclususion is that the development technology that will allowyou to react the fastest is the one that can make you safest. In the old model of waterfall and changing applications very slowly, the problem was there was no way to react quickly. So this is why DevOps, Cloud, and the shift to Agility can actually make us safer.

PS: What can we learn from massive data breaches like Equifax, which happened via a web application vulnerability?

I’d say there are two things to learn from the breaches that we see every day. One is that, 99% of the time, they are the completely common, off-the-shelf things — its things that weren’t patched, it’s a weak password, its malware on an endpoint, etc. So going back to a previous comment, I would encourage all organizations to not think about the “insane, state-sponsored zero-day that’s crazy complex”, but rather to focus on the basics: how do you get coverage over malware on your endpoints? How do you get two-factor authentication on all your accounts? And how do you get coverage over the web application layer?

Because I think the other lesson that we’re all just starting to see in terms of the breaches but which we’ve been seeing in the trenches the last few years, is that historically the security risk was at the infrastructure layer and the network layer, so we always thought firewalls and IDSs and things like that could mitigate it. But over the last several years the risk has all moved up to the application layer and out to the endpoint. So learning where your risk actually sits is the number one lessor we should be learning as an industry right now, across the breaches that we’ve been seeing.

PS: Do you think companies will be ready for the GDPR? What will they need to do to be compliant and protect their data?

With any new compliance regime, there’s a lot of concern with it up front because no one is exactly certain what it looks like yet. So I think it will be a little fuzzy at first, then you’ll see products and services emerge to help with it and you’ll see a much clearer picture of what the auditors are cctually looking for and what steps really need to be taken as part of that.

Security and compliance are two separate things that sometimes overlap in small pieces. So defending your data, and not just being compliant with something, you have to ask: how do I defend my endpoints? How do I defend my web applications and my APIs and other things at the application layer? Because those two buckets are where so much of my risk is. So you should focus on getting visibility into those, getting effective controls into place around malware on the endpoints, two factor authentication for as many services as you can put it on, and then getting coverage and visibility and protection for your application layer.

PS: In terms of application security, do you prefer security by programming from within, or do you prefer protecting it from the outside?

The answer is both. For defending applications, how you do that effectively is you think about how to eliminate as many bugs as possible during the development cycle, but at the same time you recognize that there will always be vulnerabilities. So you couple that up with getting visibility and defense into the code that’s actually in production, and not just try to scan for bugs once it goes out and then just ignoring it once it’s out there live on the Internet. I think that’s been a major failing of the SDLC for the past 10 plus years.

The biggest piece of commonality I see amongst organizations that are doing this well is that they try to eliminate bugs before production, they recognize that there will always be vulnerabiliities, so they are really investing very heavily in getting visibility into how those services are being attacked in production and using that to bring that visibility directly to the development teams and the DevOps teams themselves, so that they can self serve with that information and not have to rely on the security teams to defend the services that they’re building.

The post Zane Lackey: “You shouldn’t invest in security just for compliance” appeared first on Panda Security Mediacenter.

Chatbots and AI -are they dangerous?

In order to better serve customers, businesses are increasingly reliant on Artificial Intelligence (AI). These computerised systems collect information about customers, and then try and apply it to solving business problems.

AI is proving to be particularly helpful in the area of customer service. By monitoring conversations with customers, AI systems begin to detect patterns of behaviour that can be used to predict questions or problems in advance. Customer service agents can use these insights to “fix” issues more quickly, and to deliver a better quality of service to clients.

AI and chatbots – a match made in customer service heaven

Online retailers are also looking for ways to improve the shopping experience by making it easier for customers to access the information they need. Many are now using “chatbots” – automated systems that can answer questions in a text chat window on the website.

Initially chatbots are pretty dumb – they can only answer specific questions, which have to be worded exactly right or the system doesn’t understand. But when backed by AI, the system becomes much cleverer.

AI can be used to “learn” how customers think, and to answer vague questions. The more the system learns, the more questions it can answer, more quickly.

Good technology can be misused

Unfortunately AI and chatbots can be used for evil too. Because AI Is specifically designed to better understand us as individuals, it is an ideal tool for identity thieves. The more they know about you, the easier it is to impersonate you.

As a result, shoppers need to be extremely careful about the websites that they visit, and the systems they interact with. Talking with a malicious chatbot could be as dangerous as entering your credit card details into a phishing website.

As AI matures and becomes cheaper to operate, we expect to see more examples of criminals misusing the technology to commit more identity fraud-based crimes. Over time, these systems may even be able to pull together data from multiple sources, like your Facebook profile, as well as using information supplied to fake chatbots.

The more information the AI can access, the more detailed a picture hackers can build of you, your preferences and interests. Which means that when they do try and exploit your data, their efforts will be much more convincing – and likely to succeed.

How to protect against fake AI and chatbots

To help stay aware of these dangers, and to prevent being tricked my malicious AI and chatbots, you should install a robust anti malware toolkit like Panda Gold Protection. Not only will this help keep your computers virus free, but it will also alert you whenever you visit a dangerous site – or even block access completely.

Take a step towards protecting yourself today by downloading a free trial of Panda Security – you won’t regret it.

The post Chatbots and AI -are they dangerous? appeared first on Panda Security Mediacenter.

Cyber Sabotage at the Winter Olympics

On Monday, while spectators were being dazzled by the opening ceremony of the 2018 Winter Olympics, held in Pyeongchang, the Olympics organizing committee was busy dealing with a cyberattack.

The decline in new malware samples and the professionalization of attacks on networks are setting new standards in cybersecurity. In this case, we’re dealing with a targeted attack and an act of sabotage, in which hackers sought to cause chaos during the opening ceremony. It affected some television and internet services before the ceremony, but was not successful in stealing data from servers.

Researchers from Cisco’s Talos division also added that the malware’s purpose was not theft, but rather destruction.

GoldDragoN, the latest Russian hack?

With the focus usually centered on maximum profit, there’s been an increase in the number of advanced infiltrations using sharp new tactics, such as malwareless attacks and the abuse of non-malicious tools.

PandaLabs explains that by not using malware, which is easily detected by advanced cybersecurity tools, attackers assume the identity of the administrator after having obtained  their network credentials. They warn that the techniques used by cybercriminals to attack without using malware can be highly varied, taking advantage of all kinds of non-malicious tools that are part of the day to day of IT managers.

In this case, the attack did in fact use malware (named GoldDragon), but to carry out certain actions it used non-malicious tools such as PsExec or the CMD itself. In this way, it was able to execute processes on other computers connected to the network without raising suspicion and without using a version modified by the attackers, but rather the official version.

To carry out its destructive actions, it launched system commands from a command window (cmd). Instructions looked like this:

C:\Windows\system32\cmd.exe /c c:\Windows\system32\vssadmin.exe delete shadows /all /quiet

Here, the vssadmin.exe is used to silently erase the backup copies created by the operating system.

Everything seems to indicate that the attack came from Russia. Ukrainian intelligence and a CIA report linked NotPetya and BadRabbit to Russian intelligence, and in the case of GoldDragon (also called Olympic Destroyer), all signs point to a more refined version of BadRabbit.

System tools as a new attack vector

Monitoring the execution of all processes on company workstations and servers is essential to avoiding close calls like the one we witnessed in this year’s winter olympics.

Traditional antiviruses are not able to detect these types of attack, nor to remediate them. However, Panda Adaptive Defense proposes a new security model based on the monitoring, control, and classification of behavior and the nature application in execution to offer robust and complete protection.

PandaLabs recommends the use of advanced cybersecurity solutions such as Panda Adaptive Defense, which also allow the client’s existing infrastructure to coexist with traditional antivirus systems and integrate with existing SIEM solutions.

The post Cyber Sabotage at the Winter Olympics appeared first on Panda Security Mediacenter.

Chaos Engineering: the Point of Adding Bugs on Purpose

Chaos engineering is a kind of contradiction: it works against the very system it is protecting in order to build an environment that is more resilient and more secure. How does it work? How is introducing errors useful and how does it help to secure the digital environment? Understanding this discipline can lead to substantial improvements.

What is it?

The concept of chaos engineering is based on four principles defined by Netflix. These principles consist of defining a “stable” state, making a hypothesis of the state that will follow, introducing variables that reflect events true to reality, and trying to break the hypothesis (in that order).

Through a series of tests, characteristics of the infrastructure, such as availability, security, and performance, are assessed. The goal is to resolve problems in these distributed systems in order to bolster recovery capabilities for the entire system. This means, in short, getting structures that withstand extreme conditions.

Resilience and “antifragility”

The concept of chaos engineering is only understood if we understand the definition of “antifragility”, a term coined by Nassim Nicholas Taleb. This is the precursor concept of chaos engineering and, in turn, is based on resilience. Resilience is defined as the ability to absorb disturbances. These disturbances are caused by stressors, or stress factors, that trigger destabilization.

It is a concept widely used in living organisms (ecology, physiology, psychology, etc.) and refers to the ability to overcome problems actively and adapt to the situation. “Antifragility” goes beyond resilience since it implies the evolution of a system, which would be able to grow from the stress to which it has been subjected to adapt to new failures.

Panda Adaptive Defense is a tool that keeps a close eye on the principles of antifragility and adds resilience to the company, while increasing visibility into the state of the corporate network.

The Simian Army

Taking all this into account, large companies such as Netflix or Amazon see in chaos engineering the possibility of testing their infrastructure to make their systems more mature and increasingly robust — and also more evolved. In short, more resilient. Since performing an analysis and correcting a problem in a repetitive and escalating way is a very difficult task, they use heuristic strategies focused on prioritizing decision-making aimed simply at resolving problems.

Thus, Netflix, for example, uses its own suite of applications called the Simian Army, which tests the stability of its network. Simian Army has more than a dozen stressors that test the system in various ways. Security Monkey, for expample, is just one “piece” of the Simian Army. It implements a security strategy into cloud-computing platforms based on chaos engineering.

How can chaos engineering help companies?

The first question is, why should a company consider using chaos engineering?

Implementing a strategy based on chaos engineering helps to work the antifragility of a platform, including meeting the control objectives and requirements of PCI-DSS in case of audits. Thus, any company could benefit greatly from implementing a tool such as Security Monkey in its security strategy.

This would require a “chaosification” of the platform in a controlled manner, which could consist of actions of the following type: disable SG (Security Groups) rules, modify files at random, randomly listen to ports, inject malicious traffic into the VPC (Virtual Private Cloud), randomly kill processes while they are taking place… and the list of havoc-wreaking could go on.

Thanks to this tool (or strategy), a deeper visibility of the consequences of attacks can be achieved with the intention of improving defenses. This, in the long run, is the basis of a more mature and reliable system, capable of recovering from attacks and reducing losses in the face of a serious security incident, something that should be mandatory for any high availability service.

The post Chaos Engineering: the Point of Adding Bugs on Purpose appeared first on Panda Security Mediacenter.

Quantum computing: What is it?

In the 1980s and 1990s, science fiction movies were obsessed with super computers and the way they would change the world. These days, super computers are relatively common, so instead we hear about “quantum computers”.

Back in 2015, IBM announced that they had managed to turn theory into reality as they unveiled their first working quantum computer. For IT geeks the news was very exciting – but what does it mean for home computer users?

What is a quantum computer?

Before trying to explain quantum computers, it helps to understand how a traditional computer – like your PC or Mac – handles information. Known as “classical” computers, these devices use long strings of “bits” to represent data. A bit can have one of two values: 0 or 1.

Everything on your computer – documents, pictures, emails and videos – are made up of very long strings of 1s and 0s. On a traditional computer hard drive, the bits are made by altering the polarity of tiny magnetic particles on the disk.

A quantum computer is very different. Instead of using bits, they use “qubits”. Qubits are stored by altering the behaviour of tiny particles like electrons or photons. More importantly, qubits are capable of representing more than just a 1 or a 0 – instead they can store 0, 1 or a “superposition” of many different numbers at once.

Using qubits, it becomes possible to carry out a “arbitrary reversible classical computation” on all those numbers simultaneously; a classical computer can only complete one calculation at a time. As a result, quantum computers are (in theory) much faster at completing complex calculations than even the fastest super computer.

If that sounds complicated, that’s because it is. Explaining a quantum computer is extremely difficult because they rely on advanced physics to carry out complex calculations. Even quantum physicists struggle to properly explain how quantum computers work.

Why do quantum computers matter?

The amount of data being created every day is phenomenal – and current computers will not be able to keep pace for much longer. Modern super computers are still too slow to perform some of the most important scientific tasks like testing the effects of new medicines at the molecular level.

With the ability to perform very complicated calculations more quickly, or to even model those drugs at the molecular level, quantum computers provide a much needed performance boost. Most data scientists agree that quantum computers are our best chance to deal with the challenges of the 21st Century.

Will you ever own a quantum computer?

Because of their complexity, quantum computers are extremely expensive. If the technology proves to be valuable, we should see that cost fall as more computer manufacturers get on board.

The reality is that the average home user won’t need the power provided by quantum computing. Or be able to afford the electricity bill for running a device that manipulates photons and electrons to store and manipulate data!

Download your Antivirus

The post Quantum computing: What is it? appeared first on Panda Security Mediacenter.

How to Avoid Ransomware in 5 Easy Steps

As you scroll through your social media feed, a window pops up: “Your hard drive has been encrypted. You have 48 hours to pay $200 or your data will be destroyed.” You see a link and instructions to “pay in Bitcoin.” An ominous looking timer counts down the seconds and minutes for the two-day window. Nine, eight, seven….  

Your thoughts immediately go to the contents of your hard drive — your daughter’s graduation video, your bank statements, a life insurance policy, pictures of your grandchildren — they all sit there, vulnerable, helpless bits of ones and zeros…and you don’t know what the heck bitcoin is.

Welcome to the world of ransomware — digital data hostage-taking only Hollywood could make up. Ransomware is a security threat for people and business, and cybersecurity experts predict it will only get worse in the future. One cause for its popularity is the profitability of the enterprise. Cyberthieves rake in millions every year with threats to destroy or encrypt valuable data if their ransoms aren’t paid.

You don’t need to be a millionaire or multinational corporation to be at risk. Cyberthieves also target the data of average consumers. When they target consumers, hackers may only request a few hundred dollars ransom but when the threat includes a thousand people, it makes for quite the lucrative venture. Many ransomware victims feel the risk of losing their data is too great, so they pay up. However, this only encourages the criminals.

The best way to combat ransomware is by not becoming a victim in the first place. To that end, here are five immediate steps you can take to avoid ransomware attacks.   

Step 1: Set Your Operating System to Automatically Update

The first step to avoiding ransomware is to update your operating system (OS). Anything connected to the web works better when it’s OS is updated. Tech companies like Microsoft and Apple regularly research and release fixes for “bugs” and security patches for vulnerabilities in their systems. It’s a cybersecurity game of cat and mouse. Cyberthieves search for “holes,” and companies race to find them first and “patch” them.

Users are key players in the game because they are the ultimate gatekeepers of their operating systems. If your OS isn’t up to date, you can’t take advantage of the security updates. Plus, your computer runs better with an updated OS.

Set your OS to update automatically and you won’t need to remember to do it manually. While Windows 10 automatically updates (you have no choice), older versions don’t. But setting auto updates are easy, whether you’re on a Mac or PC.  

Step 2: Screenshot Your Bank Emails

Cybercriminals use trojans or worms to infect your computer with ransomware. So avoiding these will help you avoid ransomware. Worms and trojan malware are often spread through phishing email scams, which trick users into opening email attachments containing viruses or clicking links to fake websites posed as legitimate ones.

One of the best tips for keeping phishing emails at bay is learning to identify them. Hackers send phishing emails that look like they come from banks, credit card companies, or the IRS. Phishing emails kickstart your fears and anxieties by suggesting there are “problems with your account” or insisting that “Urgent action is required.” Who wouldn’t be scared if their bank sent them an email saying, “You are overdrawn in your account.”

Cybercriminals use this fear to distract people so they will overlook the telltale signs of the phishing email like misspellings or common fear-inducing subject lines.     

Take screenshots of all of the legitimate emails from your bank, credit card companies, and others business that manage your sensitive information. Use these screenshots to compare with future emails you receive so you can spot phishing phonies and avoid ransomware.

Step 3: Bookmark Your Most Visited Websites

The next step in your ransomware avoidance journey is to bookmark all of your most visited websites. Just as with phishing emails, cybercriminals build websites that look like bank or credit card sites. Then they trick users into clicking a link and visiting them. From there, hackers steal your sign-in credentials or infect your computer with malware.

Think twice before you visit a website by clicking a link in an email, comments section, or private messaging app. Instead, bookmark your most visited or high-value websites and visit them through your browser.  

Step 4: Backup Your Data to the Cloud and a Hard Drive

This step is a no-brainer. Ransomware works if you only have one copy of your data. If it’s irretrievable, then cyberthieves have the upperhand, but if you have multiple copies, you have taken away the power behind the threat.

Back up your data to both a cloud service and a hard drive. That way, you have a copy that’s available anywhere there’s internet access and one that’s physically accessible all the time. Both types of storage are relatively inexpensive and will certainly prove worth it if you’re ever a ransomware target.

After backing up your data, set up a schedule so you can keep your data current. If you haven’t backed up your data in six months, you’re probably just as vulnerable to ransomware attacks as having no backup at all.

The post How to Avoid Ransomware in 5 Easy Steps appeared first on Panda Security Mediacenter.

Facebook Survey: More than 50% of users don’t trust news on the social network

Facebook tries to stop “fake news” by surveying its own users

Facebook is surveying its own users to try and stop the spread of “fake news” on its social media platform. The new survey asks two questions:

  1. Do you recognize the following websites?
  2. How much do you trust each of these domains?

The “fake news” phenomenon is a cybersecurity issue that we predict will be relevant in 2018 and beyond, since social media platforms are used to sway public opinion. As reported by the New York Times, social media companies provided evidence to Congress that Russian influence might have reached 126 million Americans on Facebook and other platforms during the 2016 elections.

Social media critics are questioning whether Facebook’s own users should be trusted to determine which news outlets are “fake news”. In fact, when it comes to domain trust, Facebook itself faces skepticism. A recent Panda Security survey showed that 47 percent of parents consider Facebook “unsafe” for their children to use.

Panda Security has conducted an additional survey using Google Surveys to see how much consumers trust Facebook as a gatekeeper of news and information on their newsfeeds.

We asked a weighted sample of 765 online users in the United States: “How much do you trust Facebook to choose what news you read?”

  • 8.2 percent said “A lot” or “Entirely”
  • 20.4 percent said “Somewhat”
  • 20.0 percent said “Barely”
  • 51.5 percent said “Not at all”

The data shows almost three-quarters of respondents have little confidence in Facebook’s ability as a news gatekeeper, with a minority of respondents indicating high levels of trust.

Looking at the data by gender, male survey respondents were more likely to distrust Facebook than female survey respondents. While 73.4 percent of males said they “Barely” trust Facebook or trusted it “Not at all”, 69.7 percent of females said the same.

A larger percentage of males also said they trusted Facebook “A lot” or “Entirely”: 8.9 percent of males versus 7.4 percent of females.

Trust among age groups was fairly consistent. While 49.1 percent of respondents aged 18 to 34 answered “Not at all” with respect to level of trust, 56.9 percent of respondents aged 35 to 54 answered the same. Among respondents aged 55 and older, 51.5 percent answered “Not at all”.

Methodology

The Facebook Trust Survey was written by Panda Security and conducted using Google Surveys. The survey collected responses from 1,015 online users in the United States from January 25 to 27, 2018. Responses were matched down to a weighted sample (by age, gender, and geographic distribution) of 765 to produce the final results.

The following methodology description is provided by Google Surveys: Google Surveys shows questions across a network of premium online news, reference, and entertainment sites (where surveys are embedded directly in the content), as well as through a mobile app, Google Opinion Rewards. On the web, users answer questions in exchange for access to the content, an alternative to subscribing or upgrading. The user’s gender, age, and geographic location are inferred based on anonymous browsing history and IP address. On the mobile app, users answer questions in exchange for credits for books, music, and apps, and users answer demographic questions when first downloading the app. Using this data, Google Surveys can automatically build a representative sample of thousands of respondents. For more detailed information, see the whitepaper.

Download your Antivirus

The post Facebook Survey: More than 50% of users don’t trust news on the social network appeared first on Panda Security Mediacenter.

AV-Comparatives Awards Panda Security with Gold for 2017 Performance

Today, Wednesday February 7, the independent laboratory AV-Comparatives celebrated the annual Awards Ceremony for manufacturers of IT security solutions that have undergone their rigorous tests over the course of the year. In 2017, Panda Security achieved the highest level of protection in the Real-World Protection Test, leading to the accomplishment of taking home the gold for the Security Awards of the same year.

Real-World Protection Test, the most demanding assessment 

In 2017, the independent laboratory AV-Comparatives submitted 21 computer security products for Windows to a rigorous investigation. All programs were tested for their ability to protect against real-world threats, identify thousands of recent malicious programs, provide protection without slowing down the PC, and remove malware that has already infected a device.

“AV-Comparatives’ Real-World Protection Test is one of the most challenging antivirus software tests there is. It simulates a typical user browsing the Internet. [It] is unique in the fact that it runs fully automatically, meaning no other testing lab can test against the same huge number of threats. Logging, screen video recording and sandboxing are all completely automated,” according to Andreas Clementi, founder and CEO of AV-Comparatives.

In order to distinguish products that achieve outstanding scores in the tests, the laboratory holds an annual awards ceremony. Panda has been recognized, among other things, for its ease of installation and use, a value which is further cemented by the excellent results obtained in the last 12 months.

The acknowledgments Panda Security received  in 2017 are the following :

“Real World Protection 2017 Gold Award” and “Approved Security Product” for its Panda Free Antivirus solution focused for homeusers and  for Adaptive Defense 360, the advanced cybersecurity solution for companies, respectively.

Initially focused on the creation of antivirus software, the company has expanded its line of business towards advanced cybersecurity services with technologies for the prevention of cybercrime.

With protection solutions and systems management and control tools, Panda Security will direct its actions both in the corporate market for companies and for domestic users. Its products are available in more than 23 languages for its more than 30 million users in 190 countries around the world.

AV-Comparatives: industry leaders in independent cybersecurity testing

AV-Comparatives is an independent, highly reputable organization and an established testing authority. Their analyses are focused on checking whether security software, such as PC-based antivirus products and mobile security solutions, fulfill their promises to users. Being certified by AV-Comparatives is highly valued by the industry and by customers.

The post AV-Comparatives Awards Panda Security with Gold for 2017 Performance appeared first on Panda Security Mediacenter.

Panda Security Appoints Juan Santamaría as New Chief Executive Officer

The Board of Directors have appointed Juan Santamaría, who for the past year had been serving as General Manager, as the new CEO of Panda Security. With this commitment, Santamaría will boost the company’s global business and consolidate its presence in the market as leaders in the sector of cloud-based advanced cybersecurity solutions.

“It’s an exciting project to push the company further at a time when its technology positions itself once again as a leader in the sector, a project that I’m taking on with very much enthusiasm, respect, and full dedication.” Juan Santamaría.

He holds a bachelor’s degree in Economics and Business Studies from the Complutense University of Madrid and an Executive MBA from INESE. He also holds a Master’s Degree in Financial Management and Control from IE Business School and completed a Private Equity Venture Capital program at Harvard Business School.

Juan Santamaría

Santamaría has a solid track record in running technology companies, with expertise in investment management in the field of ICT. He is a member of the board of directors of several technology companies such as Altitude Software, BKOOL and Kiuwan, where he has collaborated as an executive director before taking up his current position. Previously he was CFO of Sopra Profit, consultant at Gartner and executive Director at Logtrust.

José Sancho, president of Panda Security, said in a statement: “the addition of Juan is evidence of a commitment to the evolution of the company at a global level. Becoming the axis of management for the success of our advanced cybersecurity solutions, he will shape Panda Security’s technological and commercial program that, already, is taking on a revolutionary momentum in the international market. ”

His successful career has opened the door to his new position at Panda Security at a time of exponential growth for the company. His goal will be to maintain the quality and level of strategic relationships achieved so far, without losing the focus on the technological development applied to its cybersecurity solutions.

Fernando García Checa, former CEO of Panda, said: “Juan has a strong knowledge of Panda, is deeply involved in the project, and has made great strides as General Manager in 2017, achieving some of the highest numbers the company has seen in many years”.

The post Panda Security Appoints Juan Santamaría as New Chief Executive Officer appeared first on Panda Security Mediacenter.

6 Things We Should Have Learned in 2017

This past year we bore witness to the sophistication of cyberattacks and their vertiginous growth. If we look at what happened in security in 2017, there are quite a few lessons that we should heed to, especially for businesses. These six lessons will help us to avoid making the same mistakes this year.

  1. Our response to incidents is as important as preventing them

One of the most important events of last year was the Uber incident. It came to light that Uber had concelead the fact that data corresponding to 57 million users had been pirated at the end of 2016. As the Uber CEO acknowledged, the criminals downloaded a database from servers used by Uber containing the personal information of users (name, email, and phone number) and data relating to 600,000 drivers in the United States. To prevent the attack from coming to light, the company paid the hackers $100,000.

The data theft at Equifax was the biggest hack of sensitive personal data in history. An organized group of cybercriminals took advantage of a security breach within their web application to steal information on 143 million customers, taking their social security numbers, postal addresses and even driving license numbers.

Whereas failure to notify users of the breach led to some legal entanglement for Uber (made worse by their payout to hackers), in the case of Equifax, their inconsistent statements about the vulnerability and their post-breach lack of commitment to consumers demonstrate a highly unprofessional approach.

To avoid situations like these, it is crucial for security updates to be a part of your business strategy — and notifying authorities, though unpleasant, should always be the first step to take after a breach. What happened at Uber can also teach us another lesson: sharing credentials via code is not such a great idea. This bad practice is what gave hackers access to the servers, having obtained the credentials thanks to the code that Uber developers published on Github.

  1. Attacks are not just a matter of malware

Not everything is ransomware (although, if you follow cybersecurity in the media, it may sometimes feel that way). With malwareless attacks, attackers assume the identity of the administrator after having obtained their network credentials using non-malicious tools on the company’s devices. Malwareless attacks are sure to be a trend in 2018, so we would do well to learn from these cases.

PandaLabs detected a case in which the attackers used Sticky Keys to sneak through the back door, accessing the computer without entering credentials. This remote access can then be monetized by generating online traffic that can be sold to third party websites or by auctioning access to the compromised machines. Another example is the use of Powershell for cryptocurrency mining.

To combat these attacks, advanced tools combined with Threat Hunting methods based on user behavior are essential. Monitoring the corporate network in real time and giving visibility to the activities in the teams, we can discover what legitimate tools are being violated and protect our companies.

  1. Secure passwords do not have to be hard to remember

Despite the suggestions of Bill Burr, which for years governed the policy of password creation in the online environment, a secure password should not be difficult to remember. This year we learned that even those that combine alphanumeric, uppercase and lowercase, and special characters can often be guessed by a computer. Given that human behavior is predictable, computer algorithms allow cybercriminals to detect weaknesses and patterns, and with them they manage to decipher our passwords.

In 2017, we witnessed a radical change in the recommendations of the National Institute of Standards and Technology (NIST) to create a secure password. Now we are encouraged to use compound sentences with random words that are easy for us to remember; that way, a bot or a computer can not crack the password by means of countless combinations. The password, then, can still be easily remembered by the user, but it will be difficult for a cybercriminal to decipher it.

  1. The malware tries to go unnoticed

Malware is growing exponentially. PandaLabs registered 15,107,232 different malware files that had never been seen before. Only a small part of ¡ total malware is truly widespread. That is, most malware changes every time it infects, so each copy has a very limited distribution and always tries to go unnoticed.

Having a limited life, the malware attacks the smallest possible number of devices to reduce the risk of being detected. In this sense, it is essential to choose an advanced cybersecurity platform to recognize and respond to attacks in real time.

  1. Be quick to implement patches

When it comes to patches, it’s never too early. The idea is to implement a method of action according to the characteristics of the architecture of our company (its systems, services and applications) in which we evaluate the implications of patching >(or failing to patch). Once this is taken into account, acting quickly is essential. Equifax, to give just one example, was first attacked in May 2017 because they hadn’t patched a vulnerability detected in March.

  1. Neglecting Shadow IT can be very expensive

The systems, solutions and devices used in a company, but which have never been explicitly recognized by the organization, are known as Shadow IT. This enemy in the shadows represents an overwhelming number of blind spots for the security of the company, since it is very difficult to protect something whose existence we aren’t even aware of. According to an EMC study, annual losses caused by Shadow IT reach up to 1.7 trillion dollars. Therefore, it is necessary to design affordable policies that cover the needs of workers, preventing them from resorting to unauthorized solutions. Prioritizing security awareness and evaluating why users turn to applications and tools not provided by the company could even help to improve workflows.

To start the year on the right foot, we can take 2017, internalize it, and move forward. External threats continue to grow, so our attention to basic tasks and lessons learned should do so in turn.

The post 6 Things We Should Have Learned in 2017 appeared first on Panda Security Mediacenter.

WannaMine – new cryptocurrency malware exposes failings of traditional anti-virus tools

Cryptocurrencies have hit the headlines again this week, but this time it is not for good reasons. Nicknamed “WannaMine”, a new malware variant has been taking over computers around the world, hijacking them to mine a cryptocurrency called Monero.

WannaMine was first discovered by Panda Security in October last year, but the malware is only just coming to the attention of the general public, thanks to a number of high profile infections. But unlike other malware variants, WannaMine is proving particularly hard to detect and block.

What does WannaMine do?

At the most basic level, WannaMine has been designed to mine a cryptocurrency called Monero. The malware silently infects a victim’s computer, and then uses it to run complex decryption routines that create new Monero. The currency is then added to a digital wallet belonging to the hackers, ready to be spent whenever they choose.

This may sound relatively harmless, but the mining process takes priority over legitimate activities. An infected computer begins to slow down – a particularly frustrating experience for users.

What is the problem?

There are several serious problems with WannaMine. First, the way in which it tries to make maximum use of the processor and RAM places the computer under great strain. Eventually the computer will begin to fail, requiring costly repairs – or even complete replacement.

The second major problem is to do with the way in which WannaMine spreads itself. Initially there is nothing unusual about the malware – users are tricked into downloading the malware via email attachments or infected websites. Once installed however, WannaMine uses some very clever tricks to spread across the network.

By using two (important) built-in Windows tools – PowerShell and Windows Management Instrumentation – WannaMine tries to capture login details that allow it to connect to other computers remotely. If that technique fails, WannaMine then falls back on the same security exploit (EternalBlue) used by the WannaCry ransomware to spread itself.

Because it uses built-in Windows tools WannaMine is being described as “fileless”, making it incredibly hard to detect and block. In fact, some reports suggest that many traditional anti-virus applications cannot detect WannaMine, or protect users against it.

Protecting against WannaMine

The only way to spot a WannaMine infection is by carefully monitoring the applications and services running on a computer, using a technique that Panda Security call “Adaptive Defense”. Panda Security scans all incoming files and prevents infection before WannaMine can compromise a computer.

As well as having a robust, modern anti-virus application installed on all your computers, it is vital that they are all routinely updated and patched to close the loopholes used by malware. The EternalBlue exploit used by WannaMine and WannaCry was patched by Microsoft in March 2017 – but many Windows users have not applied the update, leaving themselves vulnerable.

Keeping your computer up-to-date and installing security tools like Panda Antivirus will help to block cryptocurrency malware before it can take over your computer. And as WannaMine shows – if your computer is infected, it may soon spread to other computers and devices on your network.

Download your Antivirus

The post WannaMine – new cryptocurrency malware exposes failings of traditional anti-virus tools appeared first on Panda Security Mediacenter.

The dangers of public Wi-Fi connections

Public Wi-Fi connections are everywhere – stations, shopping malls, coffee shops, hotels – any place where people spend time. Businesses have realised that providing free Wi-Fi to their customers is a great way to keep them in store for longer, spending money. As an added bonus, these free Wi-Fi networks can collect important information about your interests and preferences – data that can be used to create advertising campaigns that are tailored to you.

For many of us, public Wi-Fi networks are vital for staying connected to our family, friends, and co-workers. Unfortunately these networks also present a significant security risk.

Moving beyond man in the middle attacks

Historically, the biggest risk to users has been so-called “man in the middle” attacks. At the most basic level, hackers are able to capture the information flowing across a public Wi-Fi network, allowing them to steal sensitive data like passwords and credit card numbers (you can read more about man in the middle attacks here).

Cybercriminals are always looking for new and imaginative ways to take advantage of their victims though. Researchers have found an example in Buenos Aires, Argentina where a public Wi-Fi network had been compromised to mine a cryptocurrency called Monero.

The network in a local Starbucks coffee shop, had been configured in such a way that a Monero cryptocurrency mining application was downloaded onto every computer as it connected to the in-store Wi-Fi. Once installed, the user’s computer would begin a series of complex, processor-intensive operations in order to “mine” Monero. Any currency that was mined successfully would then be sent back to the hacker’s digital wallet.

Because the cryptocurrency app was installed silently, few users would have been aware of the problem. Eventually they would notice that their computer had slowed down however, as the cryptocurrency mining app “stole” resources to carry out the necessary calculations and data decryption.

Once they were alerted to the problem Starbucks corrected the issue, preventing any future infections.

Another reminder to use public Wi-Fi networks sensibly

No one is sure how many computers were compromised by the Starbucks hack, but any device connecting to the network would have been at risk. And because the entire process was completely invisible, most users would have had no idea that their computers were in danger.

This is an important reminder about using public Wi-Fi networks securely and safely. You can find a helpful checklist of what you need to do to avoid falling victim to cyberattackers in public here; these guidelines must be followed every single time you connect to a public network.

You can also dramatically reduce the risk of falling victim to public Wi-Fi hackers by installing anti-malware security software on your devices. The Panda Security range of anti-malware tools offers Wi-Fi Protection as standard. Whether you use the Panda Pro or Panda Gold Protection, every single version has been designed to simplify the process of connecting to public Wi-Fi safely and securely.

Because software can help make the safety process easier to manage and maintain, you stand a much better chance in the fight against cryptocurrency hackers.

To learn more about public Wi-Fi and how to stay safe, please get in touch.

Download Panda Mobile Security

The post The dangers of public Wi-Fi connections appeared first on Panda Security Mediacenter.

What will 2018 bring to the world of cryptocurrencies?

With the vast amounts of people suddenly becoming millionaires, the chances of you not hearing about Bitcoin are almost nil. The success stories are all over the internet. Even the already rich rap-star 50 Cent added his name to the ever-growing list of Bitcoin millionaires. He claims that over the last few years he has been sitting on a “forgotten” fortune of 700 virtual coins that he made selling his album back in 2014. Is he a smart investor or a lucky guy? No one knows, but the truth is that he is now worth $7 million more than last year. Cheers, 50 Cent, this is what we call a flying start to the new year!

In 2017 Bitcoin managed to become so popular that it is an absolute rarity to live in the western world and not to have at least one friend or a relative who is somehow engaged in cryptocurrency trading. User-friendly virtual money exchanges such as Coinbase started gaining speed making the purchase of cryptocurrency as easy as requesting an Uber ride. People who wanted to invest no longer had to wire money to exchange sites but use a simple app to purchase some of the crypto-gold with a credit card. Last year was also the year that saw Bitcoin increase its value 20 times and become the 6th most valuable currency in the world.

While Bitcoin’s price kept surging, there were a ton of leading economists such as Jamie Dimon, chairman and CEO of JPMorgan Chase, and billionaire investor Warren Buffett, who said the crypto-world might be doomed. Jamie called it a fraud and Warren kept warning everyone that the craze over Bitcoin and other cryptocurrencies won’t end well. Even Jordan Belfort, also known as the real Wolf of Wall Street and the man who predicted the 2008 financial crisis, called Bitcoin a “huge danger.” Things are never perfect, Bitcoin lost half of its gains but still managed to close 2017 about ten times more valuable than it started it.

Love it or hate it, there is no doubt, 2017 was the year of Bitcoin! Over the last 13 months, Bitcoin has been a subject of enormous attention and is rapidly changing the landscape of the financial world boldly paving the way for other cryptocurrencies such as Ethereum, Ripple, Bitcoin Cash, Litecoin, Monero, and Zcash. While Bitcoin was the primary currency making the news, it’s contenders had a good year too as almost all of them registered even better growth percentages than Bitcoin.

What about 2018?

High volatility and the lack of understanding have been scaring many investors away from the crypto-world. While governments are trying to regulate the market, it still feels like it is the wild west. Exchanges have been prone to hacks, investors have been afraid to jump in due to the lack of regulations and regular folks have been avoiding the crypto-world because of the lack of non-user friendly crypto exchanges. However, things are changing – governments from all over the world are starting to realize that instead of fighting the new currencies, they can tax the transactions and get their piece of the pie. New and stricter laws are making Initial Coin Offerings more and more transparent and regulated, and in 2018 exchanges in the US will most likely be forced to report every account trading more than $20k to the IRS. Exchanges are continually trying to increase security, and there are user-friendly exchanges like Coinbase who are allowing everyday people to participate. Cryptocurrencies will continue to be part of our lives in 2018.

What is the future of cryptocurrencies?

In 2018 we will see more and more governments trying to regulate cryptocurrencies, we will witness the creations of more altcoins, and we will see how Bitcoin’s main competitors Ethereum; Monero; ZCash; and Ripple, try to take a shot at Bitcoin. The new 2018 may be the year that will see Bitcoin being taken down from its throne. This wouldn’t be a first for the tech world – Nokia’s Symbian was the primary modern mobile OS, but later it got overshadowed by better mobile operating systems such as Android and iOS. This might be the case with Bitcoin too. The time will show!

On the other hand, Bitcoin has been known as the gold of the cryptocurrencies. It may stick around, but it won’t be the game-changer technology that will transform the financial world. The cashier at Stater Brothers won’t be happy if you try to pay for the groceries with gold bullions – you will most likely be asked to use a credit card or cash instead. This is what is happening with Bitcoin. Stripe, one of the first firms to help users do financial transactions with Bitcoin, recently announced that they would be stopping the support of Bitcoin payments saying the fees are too high. And people do not blame them for their decision, Bitcoin transaction fees can easily reach amounts of $20+, while transactions with currencies such as Ethereum and Ripple only cost a few bucks.

While governments are desperately racing each other to find ways to regulate the decentralized virtual currencies, they are also exploring opportunities of creating their national cryptocurrencies too. So the next groundbreaking virtual money might have not even been invented yet. The masses are more likely to support a government-backed cryptocurrency than the ones associated with the dark web that we see now.

If you are thinking of entering the world of crypto, or you are already in, you have to bear in mind that it is an extremely risky investment and there is no insurance for your assets. Hackers are lurking around so securing your digital wallet should be a high priority. Always make sure you have antivirus software on all your devices. Having another layer of security can prevent cybercriminals from gaining access to your digital coins. It only takes seconds for hackers to send your virtual money away from your wallet, and once it leaves your digital portfolio, there is no way of getting it back. Be prepared!

Download your Antivirus

The post What will 2018 bring to the world of cryptocurrencies? appeared first on Panda Security Mediacenter.

Panda Security named a Visionary in Gartner Magic Quadrant for Endpoint Protection Platforms

Panda Security was named a Visionary in the Gartner 2018 Magic Quadrant for Endpoint Protection Platforms1.

Panda Security as a Visionary

The report’s evaluation is based on their completeness of vision and their ability to execute.

According to Gartner, “Visionaries deliver in the leading-edge features — such as cloud management, managed features and services, enhanced detection or protection capabilities, and strong incident response workflows — that will be significant in the next generation of products, and will give buyers early access to improved security and management. Visionaries can affect the course of technological developments in the market, but they haven’t yet demonstrated consistent execution. Clients pick Visionaries for best-of-breed features.”

We feel that Gartner has recognized our products unique value proposition and encourage you to view a complimentary copy of the full report.

According to the report, “In the past 12 months, EPP solutions have continued on track to consume features from the EDR market, and some of the traditionally pure-play EDR vendors have continued to bolster their solutions with protection capabilities more often found in EPP. This trend of playing catch-up from two directions has resulted in a slew of vendors with similar capabilities and with little to differentiate themselves. Those that do differentiate do so with managed features backed by automation and human analysts; a focus on cloud-first management and reporting, and improving the operational side of IT with a focus on vulnerability protection and reporting; and, most importantly, pushing full-stack protection for EPP and EDR use cases to organizations of all sizes.”

Adaptive Defense is the only solution available on the market that offers the full protection of a traditional antivirus, white listing, and protection against advanced threats all in one.

As stated in the Gartner research report, “Predicts 2018: Security Solutions”2: “By 2019, 45% of enterprises will manage data loss by leveraging CASBs and using encryption and EDRM techniques.”

“Panda Security is honored to be recognized as a Visionary in Gartner’s Magic Quadrant for Endpoint Protection Platforms as we strive to keep our customers protected against malware and non-malware attacks and turn endpoint activity data into insights and actionable intelligence. We believe this recognition is a proof of our success in achieving our mission and we look forward to bringing new innovative solutions and services in the space of advanced threat prevention, detection, investigation and threat response to Panda Security’s and our Channel Partners’ portfolio.”

– Juan Santamaria Uriarte, CEO, Panda Security

Read a complimentary copy of the 2018 Magic Quadrant for Endpoint Protection Platform

Panda Security’s Cloud-Based Solution for Organizations

Panda Adaptive Defense 360 is Panda Security’s cloud-based solution that provides, in a single lightweight agent, the highest level of Endpoint preventive Protection, Detection and Response, reducing drastically the exposure surface to any kind of malware and non-malware attacks.

Its EDR capabilities are achieved thanks to the complete behavior visibility of all endpoints, users, files, processes, registries, memories and networks. On top of these EDR capabilities, Panda Adaptive Defense 360 provides two unique, out-of-the-box services:

  1. The 100% Attestation Service that provides the highest level of prevention ever, simply by allowing to run only those applications validated in real time by Panda without delegating the responsibility to administrators.
  2. And the Threat Hunting and Investigation Service that detects, contains and responds to any threats that were able to bypass other security controls.

All this takes place on Panda Adaptive Defense’s Cloud Platform that allows a seamless deployment and management on all endpoints inside and outside the network from a single console while reducing the total cost of setup and running.

According to Gartner in its research report, “Redefining Endpoint Protection for 2017 and 2018”3, “Organizations should pay particular attention to solutions that include managed services (or perhaps more accurately described as “managed features”) like threat hunting or file classification — those that reduce the administrative workload by automation and orchestration, and those that focus on lowering the knowledge and skills barrier through built-in contextualized threat hunting assistants, guided response tools and easy-to-understand-and-use user interfaces.”

Panda Security has been independently tested, with other EPP vendors, by AV-Comparatives with a consistent 100% detection rate during the last 6 months in a row.


1 Gartner, Magic Quadrant for Endpoint Protection Platforms, Ian McShane Eric Ouellet Avivah Litan Prateek Bhajanka, 24 January 2018.

2 Gartner, “Predicts 2018: Security Solutions”, Dale Gardner, Deborah Kish, Avivah Litan, Lawrence Pingree and Eric Ahlm, 15 November 2017.

3 Gartner, “Redefining Endpoint Protection for 2017 and 2018,” Ian McShane, Peter Firstbrook, Eric Ouellet, 29 September 2017.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post Panda Security named a Visionary in Gartner Magic Quadrant for Endpoint Protection Platforms appeared first on Panda Security Mediacenter.

Meltdown and Spectre: the Situation as it Stands Today

It’s been more two weeks already since the vulnerabilities were announced that would affect microprocessors, mainly those of Intel and, to a lesser degree, AMD, as well as those based on ARM architecture. Here, we told you a bit about what’s been going on, but if you don’t feel like reading the whole thing, one of the best summaries we’ve seen on the differences between the two vulnerabilities and their effects can be found at Daniel Miessler’s blog.

What can be done if these vulnerabilities are exploited?

An attacker could have access to sensitive information in the system’s memory, even if the user who is on the device doesn’t have any permissions. And an attack could be launched simply by visiting a compromised webpage.

What needs to be updated to be protected?

The normal thing would be for the manufacturer to resolve your product’s vulnerability (in this case Intel, AMD, Apple, etc.) by means of an update. However, in this case it is not a simple update operation, and although manufacturers are still working on different patches that can be applied to their processors (in any case it does not seem that they can get a definitive solution, rather corrections than actual solutions to the problem), it is still something that is causing problems.

Intel, for example, has provided microinstruction updates for PC assemblers to apply to their processors, but they seem to be causing mysterious reboots on those machines, something Intel is still studying to see what causes it. The latest update we’ve had is this statement from Intel, in which they directly ask everyone to stop applying the patches they have published until they solve it:

“We recommend that OEMs, cloud service providers, system manufacturers, software vendors, and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior”.

 

Because of all this, processor manufacturers went to the developers of different operating systems (Windows, iOS, Chrome OS, etc.) to find a solution that covers the gap created by these vulnerabilities. Moreover, browser manufacturers are working on solutions to mitigate the problem, or at least the risk that the attack can be carried out from the browser through a malicious or compromised page.

Here you have the links to these manufacturers’ pages indicating the updates and measures that have been taken:

Google

Microsoft (*) Estaciones y Servidores

Apple

Amazon

(*) Microsoft discovered that its update causes blue screens on some computers with AMD processors. They have released specific updates for these issues that must be installed manually here and here.

And what about security solutions?

In the case of Windows, it turns out that when developing the solution Microsoft realized that some antivirus manufacturers showed blue screenshots if the update was applied, which is why it decided that the update would not be applied until the manufacturer added an entry in the Windows registry giving  the “green light” for the update.

While Panda’s solutions did not cause these blue screenshots, Microsoft only updates the operating system with the security patch if the registry entry is present. We proceeded to apply this registry entry to our customers. Here are the details: https://www.pandasecurity.com/uk/support/card?id=100059

If in addition to Panda you use some other security solution and you need to know their status, Kevin Beaumont has a table with the information from all the manufacturers here.

Are there real attacks that use Meltdown or Specter?

Not yet. But the keyword is “yet.” It is only a matter of time before these vulnerabilities are incorporated into attacks to gain access to sensitive information. We’ve said it before and we’ll say it again: it is very, very important to update.

The post Meltdown and Spectre: the Situation as it Stands Today appeared first on Panda Security Mediacenter.

Is the DMV going to scan your face on your next field visit?

Back in 2017, we reported that Department of Homeland Security (DHS) and Customs and Border Protection (CBP) are implementing a face recognition technology on some international US airports that scans the faces of everyone, including US citizens, boarding outbound international flights. Now, starting October 1st, 2020, every US resident wanting to hop on a flight (even the domestic ones) will have to present a passport or any other REAL ID-compliant driver license or ID card.

What is REAL ID?

After 9/11, the Congress passed the REAL ID Act of 2005, which states that each person applying for a driver license or identification card will have to go through mandatory facial image capture compliant with the REAL ID requirements. Government agencies say this is significant step forward in the battle against crime, illegal immigration, and terrorism as the new images will be compatible for facial recognition searches. Every person getting a license or government identification card will have to provide multiple documents and forms of identification, i.e., SSN card, mortgage statement, birth certificate, passport or permanent residence card, etc. Digital copies of each document will be stored in each state’s DMV database and be possibly attached to people’s new government profiles.

While the bill passed 13 years ago, privacy, operational, and cost concerns have been making multiple states oppose the decision, many saying that this is just DHS’ way to make DMV build them a national ID database. Even strong opponents of illegal immigration have been publicly opposing the bill. Mitchell Seabaugh, a former Republican member of the Georgia State Senate, publicly called REAL ID “a slap in the face of the states.” Back in 2005, Rep. Ron Paul said that “any state that opts out will automatically make nonpersons out of its citizens. They will not be able to fly or to take a train.” This statement is not far from the reality – as of October 1st, 2020, a passport or the new REAL ID equipped driver licenses and government IDs will be required for US residents who want to enter certain federal facilities and military bases or are wanting to board federally regulated aircrafts (including domestic flights).

The new law has slowly been rolling out in multiple states through the US. New York state’s DMV began issuing REAL ID compliant driver licenses last year, and California’s DMV announced that as of January 22nd, they have started issuing REAL ID drivers licenses too. While the DHS has been denying the notion that they are building a national ID system, they admit that the future use of the new credential by third parties will ultimately determine whether the REAL ID credential will become a national ID and whether further protections from Congress may have to be warranted.

While the REAL ID technology is not known to scan your face but just picture it, its introduction to the US is almost matching with the timing of the facial scanning boom that we are currently experiencing. Facial recognition is one of the leading selling features of Apple’s most expensive cell phone. Facial recognition will be used by marketers too. Also, just a few weeks ago Washington Post quoted a report from the Center on Privacy and Technology at Georgetown University’s law school suggesting DHS might be prone to legal battles because if their face scanning practices.

According to the report mentioned by Washington Post, DHS should not be scanning the faces of Americans as they depart on international flights, but DHS has been doing it anyway. Washington Post quoted Jennifer Gabris, a CPB spokesperson, saying that “the agency takes its privacy obligations seriously, and that U.S. citizens can currently opt out of the facial scanning process”.

Passport-like REAL ID technology is being implemented in the some of the largest states, and in less than three years a REAL ID-compliant form of identification will be compulsory even for domestic air travel. Do you think the next step will be a mandatory face scanning? Are we entering a new era of surveillance and is the outdated SSN credential going to be replaced by REAL ID? Is the US government preparing to create a one-for-all database by launching services such as https://login.gov/? No one knows for sure. What we see is that the government agencies are collecting all sorts of data that one day may leak; be merged into one; or shared with third parties for monetary gain.

Regulating the information will be challenging and keeping so much sensitive data under one roof would put enormous pressure on government agencies. Government databases will be a target not only for hackers but also for foreign states. Protecting your personal information has never been more critical as leaks containing sensitive data of millions of people are not uncommon these days.

Download your Antivirus

The post Is the DMV going to scan your face on your next field visit? appeared first on Panda Security Mediacenter.

The Year of Privacy

For decades, oil was considered to be the world’s most valuable commodity. Due to its relative scarcity and society’s dependence upon it, this resource has been at the center of countless conflicts. Today, the story has changed; “black gold” has been deposed, as digital gold becomes more and more sought after. They say that data is the oil of the 21st century. The ability to know, through data, who we are gives companies immense power in the creation of business opportunities. And the abuse of this information can, naturally, raise concerns among consumers and legislators. These concerns have led policy-makers to invoke increasingly strict measures for the protection of personal data, a process which this year will reach its peak. 2018 will be the Year of Privacy.

The battle for privacy

Our privacy is at stake. The Internet has made the boundary between the public and the personal more porous than ever before. However, Internet users are increasingly aware of the relevance of protecting their identity online.

With this in mind, Data Privacy Day is celebrated every January 28 in order to raise awareness and promote data protection and healthy privacy practices. This celebration aims to educate users on the importance of protecting their online identity. It also seeks to encourage companies to implement technological solutions to respect user privacy. The date is no coincidence: it corresponds to the anniversary of the signature in 1981 of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, one of the pioneering documents in the field of data protection.

More Data, More Responsibility

Although storing large amounts of customer data can offer multiple business opportunities, it also implies a high level of responsibility. The hardening of data protection regulations and the growing number of cyberattacks are making it necessary to increase investments in privacy. The combination of customer data and employee data puts enormous pressure on security.

The global production rate of new data is increasing exponentially. According to IDC estimates, in 2025 there will be 163 ZB of data, ten times the data generated in 2016. Yes, that’s… let’s see, 163,000,000,000,000,000,000,000 bytes of information flowing around the world! Moreover, as indicated by IDC, 90% of the data generated in 2025 will require some type of security, but less than half of it will be protected.

GDPR: Four Letters to Define 2018

May 25, 2018. Security experts the world over have circled this date on their calendars with big red markers. On that day, the adaptation period stipulated by the regulatory bodies of the European Union for GDPR compliance will expire. This is the primary reason that we are calling 2018 “The Year of Privacy”.

At this point it is unlikely that you have not heard this acronym, but we’re here to summarize the fundamental aspects of the regulation that will revolutionize personal data protection not only in Europe, but worldwide.

The General Data Protection Regulation (GDPR) seeks to protect the privacy of citizens of the European Union and control how companies and institutions process, store, and use their personal data. It is the result of advances that have been made in the field of personal data protection, beginning in the 80s. The rapid evolution of technology was making the previous legislation obsolete, giving rise to the GDPR, the legal framework by which the European Commission intends to eliminate the ambiguities of the previous directive (Data Protection Directive 1995) and unify the specific legislations of each member country of The EU.

The fact that it is a unique, EU-approved regulation has generated many questions among companies, with two questions above all others:  What happens with companies from European countries that are not part of the EU? And with companies from other continents? As we explained in this post, the GDPR applies to all companies that process EU citizen data, regardless of their location. This confusion has led to very few companies being adequately prepared for the GDPR.

In recent months we have also debunked some other myths that surround the GDPR. One of the most widespread is the idea that we must encrypt all data to comply with the GDPR. Another: the personal data that we already have in our database is not subject to the GDPR. (Both are false).

Knowing the ins and outs of the regulation is the only way to avoid being caught off-guard. To simplify this task, we highlighted some of the main changes stemming from this new regulation and explained a series of recommendations for your company to be prepared. The inherent risks of unpreparedness are considerable: fines that could reach up to 20 million euros, as well as potential reputational damages and loss of customers.

So now is not the time to rest on your laurels. Four months away from the GDPR’s becoming a strict requirement, the protection of privacy and personal data must become a business priority. To help you on the road to compliance, we have created this microsite. Don’t wait until May!

The post The Year of Privacy appeared first on Panda Security Mediacenter.

Do I need Antivirus for Windows 10?

Whether you’ve recently upgraded to Windows 10 or you’re thinking about it, a good question to ask is, “Do I need antivirus software?”. Well, technically, no. Microsoft has Windows Defender, a legitimate antivirus protection plan already built into Windows 10.

However, not all antivirus software are the same. Windows 10 users should examine recent comparison studies that show where Defender lacks effectiveness before settling for Microsoft’s default antivirus option. 

An AV Comparatives 2017 study shows Windows Defender falls behind other antivirus software in protection, usability, and performance. Defender also lacks consumer-friendly features that are growing in popularity — like password managers and a built-in virtual private network (VPN).

Overall Protection: Defender Falls Behind Other Software

Any antivirus software needs a good protection rating. Detecting and eliminating malware threats is the primary consideration. Be aware of future trends in malware attacks and choose antivirus software based on its ability to defend against growing threats such as zero-day attacks and ransomware.  

The AV Comparatives study tested 17 major antivirus software brands and ran from July to November 2017. Defender received an overall protection rating of 99.5%, falling behind seven other cybersecurity software.

Another 2017 study by the IT-Security Institute showed Defender falling behind other antivirus software in preventing zero-day malware attacks. Zero-day attacks happen the same day developers discover a security vulnerability, and they’re growing in popularity among cybercriminals.


The IT-Security Institute’s test results (for July and August) showed Defender as only 97.0% effective against zero-day malware attacks, 2.5% below the industry average. The difference may seem small, but the stakes are high for zero-day attacks. It only takes one ransomware or botnet attack to hijack your computer or steal your identity.  

Defender causes usability problems

All antivirus software impacts how you use your computer because it scans all of the websites, files, and other software your system interacts with. With antivirus software, consumers want the most protection with the least interference. Compared to other antivirus products, Defender struggles to stay out of your way.

False positives

When antivirus software scans files and websites for potential threats, they can mistakenly flag some as dangerous. These “false positives” can get really annoying because they block access to safe websites or stop the installation of legitimate software. These issues can slow you down and are distracting.

The AV Comparatives study (below) found Defender had a higher false positive rate compared to the majority of major antivirus software packages.

Defender struggles particularly with flagging legitimate software as malware. The IT-Security Institute’s tests showed Defender having a higher than average rate of false detections for safe software. Users who want to get around this issue by lowering Defender’s protection settings become more vulnerable to real malware attacks.

Defender’s performance

All antivirus software slows down your computer at least a little. After all, it takes computing power to scan all of the bits of information running through your computer’s processor, but a bulky or inefficient antivirus package can mean slower website loads, crawling status bars, and sluggish software launches.

The IT-Security Institute’s test results (above) showed Defender scoring below industry average for standard software application launches and frequently used applications. Its performance score was 4.5 out of 6.0.

Defender will make your favorite programs run slower when you use your computer at home. If you own a business, your employees will be slowed down too. Overly burdensome antivirus software coupled with outdated computers means a loss of worker productivity and revenue.

The Problem with Standard Antivirus Protection

Fans of Defender point out that  it comes standard with Windows 10, which means no extra software to download and install onto your computer. Pre-installed standard software is convenient from a usability perspective, but it also leaves you more vulnerable to attack.

Cyberthieves make Defender a priority one target because it works the same for every computer. Any standard way to doing anything makes it easier to predict and circumvent. Defender is no exception. Hackers make sure they’re malware designs can avoid Defender’s basic detection and take advantage of its vulnerabilities. Less standard antivirus software take unique approaches to finding and eliminating viruses—approaches difficult to predict.

To protect yourself, your family, and your devices, you need the best free antivirus protection available. While some users may still see Defender as a viable option based upon their specific needs, they’re trading convenience for effectiveness — a luxury with personal and financial costs that increase every year.

Download your Antivirus

The post Do I need Antivirus for Windows 10? appeared first on Panda Security Mediacenter.

Panda Security and everis Join Forces to Improve Clients’ Cybersecurity

Panda Security has signed a collaboration agreement with everis Aerospace, Defense and Security to offer its clients advanced cybersecurity services. The alliance between the two companies will allow Panda Security to combine its renowned intelligent workplace protection technology with everis’s broad and specialized offer in cybersecurity.

Within the framework of this agreement, the two companies are introducing the Integral Enterprise Defense solution: a new and exclusive external monitoring, management, treatment, analysis, evaluation and cybersecurity consulting service for customers using Panda Adaptive Defense. This solution will give Panda Security customers the advantages of having the support of a highly specialized cybersecurity team without having to make a major investment.

Integral Enterprise Defense offers a combination of high value added services. It allows real-time analysis of data collected directly from the computers protected by Panda Adaptive Defense and continuously monitors for potential cyber threats.

At the same time, it makes everis’s cybersecurity team available to the client. This expert team offers support and advice on aspects such as the management of security alerts, regulatory compliance and the new GDPR regulation, data analysis, and proposals for action plans.

The solution to advanced cyber threats

According to Juan Santamaría, General Manager of Panda Security, “the collaboration between Panda Security and everis will offer effective protection against known and unknown threats to customers thanks to the perfect combination of security solutions and services. This cooperation will allow the most advanced computer security services provided by everis to apply Panda Adaptive Defense’s intelligent cybersecurity technology, protecting its own digital infrastructures and business fabric from the increase in advanced cyber threats. ”

For Miguel Ángel Thomas, partner responsible for the area of ​​cybersecurity in everis, the signing of this agreement is welcome news that will contribute to reinforcing the position of the company as a provider of advanced cybersecurity services. According to him, “the collaboration between everis and Panda allows us to offer new and innovative solutions to our customers to improve their security and that of their employees”.

The post Panda Security and everis Join Forces to Improve Clients’ Cybersecurity appeared first on Panda Security Mediacenter.

Why is technology leaving older people behind?

Advances in medical health treatments and public health programs are helping people live longer than ever before. The generation born after World War II, known as “baby boomers”, now makes up a significant portion of the world population.

In some countries, like the UK, estimates suggest that the baby boomer generation is growing faster than new babies are being born. In the USA, 45% of the population is aged 50 or over. Which means that the average age of the population is steadily increasing.

This is important because there is a common misperception that older people struggle with technology. As a result, most new technology developments are targeted at younger customers.

Why older people don’t use new technology

The reality is that given the right training, older people are perfectly capable of using new technology. The surge in Facebook sign-ups by the over-50s is clear evidence of older people adopting a product that many assume they could not use.

The difference between technology use by the young and old has a relatively simple explanation; almost all new technology is designed for use by younger people. Designers and manufacturers are deliberately ignoring the over-50s when creating new products and services. Quite logically, older people choose not to use products that have nothing to offer them.

Manufacturers are missing a big opportunity

By targeting products at younger people, businesses are actually reducing their potential customer base by almost half. Where products have been designed for older users first, manufacturers have seen sales increase across all age groups.

Take the motion detection system designed by engineers at the Massachusetts Institute of Technology which is specifically designed to “see” when older people have had a fall in their homes. Using wireless signals, the system can monitor a person’s movement in their home, and alert friends and family if they fall over.

This technology is aimed at the elderly, but it has applications in other areas that benefit everyone, like burglar alarms or nanny cams. Again, the issue is not that old people won’t use technology, but that technology explicitly ignores them.

Helping older relatives online

Going back to the example of Facebook, older people have discovered it is a great tool for staying connected to their friends and family. Social networks give them a glimpse of people they don’t see as often as they would like.

As the baby boomer generation “catches up” (and manufacturers begin to create services better suited to their needs), we should expect to see them using more technology every day. But just as they need help to get started, most older people will also need advice about how to use technology and websites safely.

To make the process of training older people in cybersecurity easier, Panda Security has put together a handy guide here – How to protect the elderly online. And you can start protecting them now by installing a free trial of Panda Antivirus Protection on their computer today.

The post Why is technology leaving older people behind? appeared first on Panda Security Mediacenter.

How Did Cyberattacks Evolve in 2017?

Cyber​​attacks have never seen such a degree of sophistication in the hands of criminals. Unfortunately, 2017 was a terribly prolific year for ill-intentioned hackers, and though cybersecurity may be evolving, attack techniques are evolving even faster. How will we rise to the challenge going into the new year?

Ransomware, the star of the show

As we analyzed in the PandaLabs Annual Report for 2017, what has become clear is that extortion and cyber hijacking were the main avenues of attack for the year. This past year marked a milestone with the expansion of two major attacks whose names will remain engraved in history: WannaCry and Petya/Goldeneye.

The first was especially impactful. With hundreds of thousands of computers infected and unusable, WannaCry was a global crisis for companies who found themselves blackmailed by cybercriminals. Other important attacks of 2017 related to ransomware were Reyptson, Leakerlocker, Osiris , and WYSIWYE. And the list goes on.

NotPetya, a variant of Goldeneye, had clear political motives aiming to disable critical systems in Ukariane, according to the Ukrainian authorities. It spread exponentially via a security gap in the MeDoc update service, taking advantage of the EternalBlue exploit.

But we shouldn’t lose sight of “traditional” DDoS attacks that continue to be widely used, as well as the proliferation of all types of malware, whose activities can be linked to half of the security breaches suffered this past year.

More attacks and better techniques

Due to the proliferation of “tools” on the black market, attacks have become increasingly sophisticated. The democratization of technology and the rise of open source solutions have provided an incredible opportunity for cybercriminals.

Now, practically anyone can buy specialized malware to perform a ransomware attack for a few hundred dollars on the black market. This was the case of WYSIWYE, an interface for setting up an RDP (Remote Desktop Protocol) attack using brute force to gain access to user credentials. Once inside the network, the tool’s user can encrypt the content and subsequently extort the company for a ransom.

Penetration through the Remote Desktop Protocol (or RDP) has become a very common method of infiltrating systems. In 2017, the Trj/RDPPatcher Trojan was discovered, capable of modifying the Windows registry with the intention of changing the type of validation order of the RDP. It collects system information and connects to the command and control (C&C) server to decide how best to evade control of the system’s antivirus.

The backdoor discovered in the CCleaner software, known as HackCCleaner, which compromised more than two million users before analysts became aware that their application had been infected, is another example of a technically sophisticated and well-organized attack.

A new era in cyberwarfare

As the efficiency of attacks and number of techniques increase, so does the interest of companies, government entities, and home users in maintaining effective cybersecurity practices. New groups of cybercriminals were discovered that take advantage of the increased availability of hacking tools. (See, for example, the case of “Eye Pyramid”, an espionage ring that had broad influence in Italy).

Other criminal organizations choose to obtain consumer information to pirate content. Especially important are the leaks related to large companies and producers such as Netflix or Marvel.

This means that millions of gigabytes of personal data are endangered day after day despite efforts to prevent it. This is the consequence of an increasingly complex and rapidly evolving struggle, where many countries are making important bets on cybersecurity while at the same time the technological fabric stretches to include the Internet of Things (IoT), where connected cars, refrigerators, and an endless cornucopia of other devices will become part of the ever-growing battlefield.

The post How Did Cyberattacks Evolve in 2017? appeared first on Panda Security Mediacenter.

Are VPN services only for hackers and tech junkies?

What Is a VPN, and Why Would I Need One?

You may have heard about VPN services that allow you to have an extra layer of security; access geographically restricted content; hide your traffic from your internet service provider and hide your location and browsing habits from the rest of the world. Your employer might be the one requesting you to use one when you are away from your office, but you still need safe access to your company servers.

Channeling your traffic through a VPN encrypts the outgoing traffic of your device making sure your online presence is anonymous to your ISP, employer, marketers, government, and anyone interested in your online behavior. All they see is that your traffic is going to a specific VPN hub and nothing else.

The flexibility and the anonymity that such VPN services provide make them an excellent tool for hackers who do not want to leave any traits that could potentially reveal their identity. Being a skilled hacker is not about cracking a system, but making sure that once you do, you do not leave traits that can lead back to you.

While hackers and tech junkies are known to use VPNs for the many reasons, there are a whole lot of regular folks from all over the world who enjoy the benefits of VPN.

So who are they and why they do it?

Security conscious people

Security-conscious travelers never connect to public WiFi networks unprotected. Hackers, or the admins of such networks, could be monitoring them. Instead, they connect to VPN that encrypts all incoming and outgoing traffic from their connected device. This is one of the ways that guarantees you that the admin, nor skilled hackers, will be spying, and possibly even recording, the data that goes through the router.

Bargain hunters

Grabbing an airline ticket at a lower price has never been easier. Sometimes there are significant price differences for flights that are offered to the US buyers when compared to British for example. While the currency exchange may add up, when you are looking for affordable plane tickets, it is always a good idea to check the fares from multiple locations so you can make sure you are getting the biggest bang for your buck.

Travelers

There is nothing more frustrating than being in a hotel on the other side of the world and not being able to watch your favorite TV show due to geographical restrictions. And if paying $30 for a pay per view movie does not sound appealing, you can use VPN to access your Netflix account and play your desired content on your laptop from the comfort of your hotel bed.

Dissidents and people who want to communicate with people living in the free world

While here in the US, freedom of speech is a human right, this is not always the case in some foreign states such as Russia, China, Iran and North Korea. Using VPN allows people from such countries to access content that is usually prohibited. Staying in touch with relatives living abroad could also be a challenge from time to time. If Facebook is your preferred way of communication, VPN may be your only solution for accessing it while in China.

Bored employees

The last thing you want is letting your employer know that over the last few days you’ve been spending all your mornings looking for new shoes on Amazon. Access to social media websites at work is also a distant dream for many employees. Using VPN service could let you bypass the restrictions and let you safely check out your Facebook feed from the comfort of your office PC or Mac. While it is understandable that employers want you to work all the time, sometimes people want their freedom, and having access to VPN might be the solution.

VPN is not only for hackers and technology-savvy people.

There are all sorts of people who use it, and the global usage is not showing any signs of slowing down. However, using VPN comes with some risks and not all VPNs are equal. While you might be anonymous when using VPN, you might want to make sure that you are aware of the risks, especially if you need to visit sketchy websites. Check out our suggestions for safe use of VPN.

The post Are VPN services only for hackers and tech junkies? appeared first on Panda Security Mediacenter.

Key Points to Understanding the Changeover to WPA3

On October 16 of last year, the Wi-Fi Protected Access 2 protocol, known more commonly as the WPA2, fell out of favor after a long tenure as the standard wireless network security protocol. A serious vulnerability was revealed, effectively putting an end to the WPA2 era.

Now, with the new year freshly begun, the Wi-Fi Alliance® has announced a substitute for WPA2. It bears the name of WPA3. The announcement was made at the CES in Las Vegas. What changes will this new protocol bring about? And how will this problem (and its solution) affect businesses and end users?

WPA2 is no longer secure

As Mathy Vanhoef of the Key Reinstallation Attacks (KRACK) group said at the time, a series of errors in the core of the WPA2 protocol can expose Wi-Fi connections to attacks. This means that an attacker could access the network, as well as all traffic between every access point, through a newly discovered exploit.

The group designed a conceptual test demonstrating that breaking the security of WPA2 to access the network is not expensive or complex. This endangers virtually any modern Wi-Fi network, including the vast majority of corporate networks. Since the security breach was made public, several entities, including the Wi-Fi Alliance®, have worked to patch the problem as soon as possible.

What changes will the WPA3 bring?

According to its developers, four new features based on the principles of WPA2 (configuration, authentication, and encryption) will be added to WPA3. One of them will offer more robust protection even when users choose their own passwords and fail to comply with complexity recommendations.

Another feature is that it will simplify the security configuration process for devices that have a limited or no display interface.

A third will help strengthen user privacy in open networks through individualized data encryption. This could be done, according to some experts in the sector, through Opportunistic Wireless Encryption (OWE), a type of encryption without authentication.

Finally, a 192-bit security suite, aligned with the Commercial National Security Algorithm Suite (or CNSA) of the National Security Systems Committee, will further protect Wi-Fi networks with higher security requirements, such as those associated with Government, Defense, or industry.

Why is it more secure than WPA2?

WPA2 uses what is known as a four-way handshake, which guarantees that both users and access points use the same password when they join a Wi-Fi network. This same process is used by the exploit to access network traffic. However, WPA3 will use a new type of handshake, which will not be vulnerable to bruteforcing.

That, added to the new 192-bit security suite, in addition to using individualized encryption to secure the connection between each device on the network and the router, makes WPA3 the long-awaited solution. Even before the public appearance of vulnerability.

How does it affect companies?

The fact that WPA and WPA2 are present in virtually all Wi-Fi connections means that the vast majority of companies are affected by a serious vulnerability. Why? Because all existing Wi-Fi connections are susceptible to being accessed and spied on. This can be a critical problem for the company.

This also implies that 41% of Android devices, as reported last October, are vulnerable to a particularly “devastating” variant of the attack that exploits the vulnerability of WPA2. This makes them possible vectors to inject malicious code and perform all types of attacks, including ransomware, so the combination of Android devices plus WPA2 can be potentially harmful to the company’s network.

For the moment, the announcement of WPA3 is already out in the open, and we will soon see a massive adoption of this new protocol. Meanwhile, you can stay vigilant by controlling network traffic and avoiding wireless connections where possible — certainly a tall order in this hyper-connected digital age, but not impossible.

The post Key Points to Understanding the Changeover to WPA3 appeared first on Panda Security Mediacenter.

New wave of phishing emails aimed at stealing Netflix accounts

PandaLabs, Panda Security’s anti-malware laboratory, has detected a massive attack on hundreds of users in the United States and other countries in which hackers are using emails purporting to be from Netflix in order to steal user account passwords.

The phishing attack uses a fraudulent email with the subject “Notice – Document”, followed by a sequence of numbers such as “941-4259”. The email, which does a good job of impersonating an actual email sent by Netflix, asks victims to validate the login credentials they use to access the platform.

However, the link displayed does not takes users to the Netflix website, but to a fraudulent page.  The worst thing about this attack is not the fact that it may allow the attackers to use the stolen data to watch movies and TV shows for free, or sell the accounts to others so they can enjoy free audiovisual contents at your expense.

 

“The real threat lies in the fact that these criminals are selling the stolen passwords indiscriminately on the black market, which may lead to further, large-scale attacks, as many users use the same access credentials for different services and other hackers could use them to break into their email or social media accounts. There is no doubt that these attacks are masterminded by cyber-crime gangs going after people’s money,” explains Luis Corrons, Technical Director of PandaLabs.

Three easy ways to detect the Netflix phishing attack

First, take a look at the email subject. Since the email has been supposedly sent by the Marketing or Sales Department of a reputable company such as Netflix, you would expect its subject line to be a meaningful text related to its content.

That’s not the case here. If you receive an email from Netflix or any other service, free or paid, with a vague or unintelligible subject line, be wary and run an antivirus scan.

Second, the message is written in English. If you live in a non-English speaking country, this is highly suspicious unless you have set your Netflix Communication settings to receive all communications in English. Also, we recommend that you check the URL displayed on your Web browser’s address bar to make sure it doesn’t show a dubious domain name.

Finally, the second paragraph in the email reads as follows: “Failure to complete the validation process will result in a suspension of your Netflix membership.” This type of text aims at triggering a quick reaction from the victim, rushing them to update their access credentials.

However, that message is too aggressive to appear in a commercial communication, and it is highly unlikely that a reputable company such as Netflix cancels a user subscription because of a problem with their platform.

The post New wave of phishing emails aimed at stealing Netflix accounts appeared first on Panda Security Mediacenter.

Parents’ Ultimate Guide to Cybersecurity

You may think that the world of cybersecurity is only populated with shadowy criminal organizations hacking elections and stealing corporate data, but cyberattacks afflict the big and small alike.

Every day millions of cyberattacks hit the U.S. alone, and they’re growing in number and intensity every year. While governments and businesses beef up cybersecurity, cybercriminals modify their malicious software to keep up with the demand. And the demand is growing.

More and more internet-connected devices pop up in family homes every year. Computers, laptops, tablets, smart TVs, watches, and refrigerators are contributing to the inevitable “internet of things” — a time when all of our daily devices, our data, our identities, and our lives are linked together and saved in the cloud.

The more we’re connected, the more fragile our infrastructure and online connections. The more links we form, the easier it will be for hackers to bring things to a stand still, to turn off our lights, to empty our bank accounts, to disrupt our monetary system, to peer into our secrets. It’s a dystopian world view but one we can avoid if we adopt the right attitudes and invest in cybersecurity.

Cybercrime is becoming a more lucrative “occupation,” drawing more and more people to it. As the supply of criminals increases, so too will the demand for victims. Governments and corporations aren’t the only ones with something to steal. Millions of individuals and families represent enormous amounts of opportunity for cyberthieves who are starting to take more notice.

Families are tantalizing targets to cybercriminals since they tend to have less cybersecurity protection installed on their devices. They also house millions of children operating those devices. But protecting yourself is possible if you get to know the cybersecurity basics, educate your kids, and learn the best ways to avoid malware.

Get to know cybersecurity basics

You often hear about cyberthreats on the news. Reporters give obscure warnings about malware attacks, worms, and phishing scams, but what does all of this mean? Getting to know the basic terms and concepts around cybersecurity will help you better understand news alerts around virus outbreaks. You’ll know what types of threats are issued and what actions to take to protect your data and devices.

Malware and viruses

Although the terms are often used interchangeably, computer viruses aren’t the same thing as malware. Malicious software or “malware” is a broad term referring to any type of software installed on a device or network that’s unwanted or destructive. Viruses are just one type of malicious software.

Cybersecurity experts classify different malware by their behavior. Viruses are unique because they can replicate (make copies) and propagate (spread). Like the common cold or flu virus, computer viruses are transmitted from one device to another through some kind of “contact,” usually in the form of email attachments or links.

Raising healthy kids means providing nutritious meals, getting them flu shots, and teaching them to wash their hands regularly. Protecting your devices from viruses and malware requires adopting good attitudes, installing antivirus software, and teaching online safety.

Viruses and worms

Worms are considered computer viruses because they can replicate. While viruses need humans to help them replicate, worms can self-replicate. Once on your computer, worms make copies of themselves and email those copies to other computers. They’re much more autonomous than your average virus, which makes them especially destructive.

Unlike viruses, worms don’t need executable programs to function. An executable program is one that executes or runs code, typically ends with the file extension .EXE, and needs your permission to operate. If you’ve ever downloaded a program from a website and installed it on your computer, you’ve opened an executable program.

Executable programs and files work differently from read-only files. For example, if you play an .mp3 music file of your favorite song, your computer is only reading the data from the file. So, you can’t get a virus from simply playing a song, but you can get one from downloading one.
Scanning executable files downloaded from the internet is a good way to catch viruses and worms before they infect your computer.

Social engineering

Social engineering is how cyber thieves manipulate people into unknowingly spreading malware, revealing their personal information, or sharing their data. Children and teenagers are especially susceptible to social engineering tricks. That’s why educating them on good online habits and identifying warning signs keeps them and your devices safe.

Consider the following scenario: You receive an email from Facebook with the subject line reading “Issues with your account: Please Respond”. You open the email, and it says the Facebook team has found “copyright issues” with your account.

The email goes on to say if you don’t resolve the issues, your account will be “permanently blocked”. Concerned, you look for a solution. The email explains you must follow the provided link, fill out a form, and provide your credentials. You click the link and visit the Facebook website where you’re prompted to sign in with your username and password. After signing in, you suddenly notice the URL in the address bar doesn’t look right.

The fact is, you’re not on Facebook’s website at all, and you’ve just handed over access to your account to hackers.

Notice how many times in the scenario you followed along with the instructions. You opened the email, clicked the link, visited the site, and entered your credentials. The hackers did little work aside from creating a convincing email forgery. You were being socially engineered.

The above example is a phishing email, a common source of identity theft and virus propagation. Phishing emails are just one way cyberthieves use our emotions and confirmation bias against us to profit. Here are some tips for avoiding phishing emails:

  • Scan the email for the correct logos, fonts, and colors.
  • Check for grammatical and spelling mistakes.
  • Hover over any links and make sure the URL is correct.
  • If you weren’t expecting an email or are confused, you should email the organization’s website or call them directly.
  • Report such scams to the Federal Trade Commission’s website.

Trojans

Unlike viruses and worms, trojans target specific devices for attack rather than propagate. They don’t exist to replicate or propagate but to destroy data, record passwords, and capture confidential information like banking account numbers.

Trojans are malware in disguise. They make their way into your computers and mobile devices by posing as legitimate files and programs. That’s why they have the name “trojans” after the wooden horse the Greeks tricked the Trojans into bringing into their city.

Banking trojans are a popular form of malware used to steal your banking and credit card numbers. They begin life disguised as apps downloaded from sites like Google Play and the Apple Store. After the trojan app is on your device, it activates and begins scanning and monitoring your information, looking for and recording credit card and banking account numbers. It then remotely relays the information back to the thief.

Trojans are a specific danger to children who have access to mobile devices like Android phones and tablets. Cyberthieves use social engineering and legitimate-looking apps to trick kids into downloading what they think is a harmless game.

Botnets

Hackers deploy botnets to take over and control internet-connected devices. The term botnet is formed by the words “robot” and “network,” which is exactly what they are: a network of robotic devices used together. Cyberthieves build botnets made of millions of devices creating fake social network accounts, mining cryptocurrencies, defrauding advertisers, deploying denial-of-service attacks (DDoS), and propagating other malware.

Botnets are about gaining control, and many devices in the home can now be hacked. The internet of things is now a reality for many families. Along with laptops and personal computers, other common devices like coffee makers, TVs, smart watches, and refrigerators are now connected to the internet. Botnets target these devices to build a larger network of computing power.

Signs your device has a botnet include slowed performance or frequent crashes, but these are also common symptoms of other problems. The fact is, most users aren’t aware a botnet is controlling their device. The result is increased wear and tear on your devices.

Understand the real dangers of cybersecurity

Panda Security surveyed parents to identity their biggest concerns about online activities, apps, and websites. The survey results revealed a disconnect between what online threats parents fear and what is statistically more likely to happen. For example, 54 percent of parents surveyed said they worry the most about “sexual predation”, but only 13 percent of children reported experiencing such acts. On the other hand, only 12 percent of parents reported “online bullying” as their number one concern even though 34 percent of children between the ages of 12 and 17 are said to experience cyberbullying.

There were similar conflicting results for cybersecurity. Only 16 percent of parents report “computer viruses” and “malware” as “somewhat unsafe” or “very unsafe”. The fact is, viruses and other malware threats are getting more frequent every year.
To keep your children and devices safe, you must know what threats are more likely to happen and focus more attention on preparing for them. Focus the majority of your time, energy, and attention on more likely threats.

Identity fraud

A 2017 study found a huge increase in internet fraud as credit card companies have begun moving consumers to anti-counterfeit, chip-based cards. The chips make it harder to commit fraud at stores, so cyberthieves have moved to online transactions using stolen credit card numbers. The study showed a 40 percent increase from 2015 to 2016 in online credit card fraud.

The study also found that new account fraud rates had doubled over the same time period. Cyberthieves steal or buy your personal credentials and open new accounts in your name.

Newly opened, fraudulent accounts generally take longer for victims to discover since thieves have credit card and bank statements sent to them.

Of particular interest to parents is the recent rise in identity thefts targeting infants and toddlers. Cyberthieves can steal your child’s SSN and open new accounts in their name, ruining their credit scores before they even reach adulthood. Identity theft of this kind can stain your child’s financial future, making it harder for them to find funding to buy a car, get student loans, or rent an apartment. Running credit reports is one way to check for identity fraud. If you suspect someone has stolen your identity, you should freeze your credit report.

Ransomware

Ransomware is one of the fastest growing cybersecurity threats today. There has been a 50 percent increase in ransomware attacks from 2016 to 2017, according to a study by Verizon. The malicious software works just like a real-life ransom situation, only the hostage is your data.

Ransomware allows hackers to lock your computer and encrypt your data. They don’t necessarily steal your data; they just make it impossible for your computer to read it and for you to access it. Thieves ask for money to decode your data. If you don’t pay, they threaten to delete everything.

Hackers gain access to devices through common sources like spam email campaigns, security holes in software, and even botnets.

As more of our photos, videos, and documents become digitized and stored on hard drives, the prevalence of ransomware will increase. It’s a highly lucrative “business” that affects corporations and families alike. Cyberthieves know your data are valuable and that many parents are likely to pay, even though you shouldn’t.
Paying the ransom only enriches the thieves and incentivizes further theft.
Protect your data against ransomware by backing it up to another hard drive or to the cloud. The threat of deleting your data only works if you have a single copy of it.

Educate your kids about cybersecurity

Every generation of families confronts a new technology and the new threats that offset its benefits. Automobiles launched the car wreck, TV birthed concerns around “screen time,” and the personal computer helped spawn the hacker. With the internet and social media, parents are once again confronting the consequences of connectedness, social sharing, and digital identities.

Navigating the dangers of cybersecurity and the internet means being honest with your kids about what is at stake. Identities can be stolen, credit ratings can be destroyed, and bullies can do serious harm. Educating your kids about cybersecurity is one of the most effective things you can do to keep them safe while online.

Be honest

Cybersecurity is serious business. Talking to your kids about it requires honesty. Don’t avoid issues because they’re uncomfortable or complicated to explain. Tell your children some online activities are safer than others.

The online world is just like the real world. Not talking to strangers at the park is just as important as not talking to strangers in chat rooms. Leaving your toys out for thieves to steal is just like telling someone too much information online. Avoid dividing the real world from the online one. Instead, bring them together by making these types of connections. Children need consistency, and keeping the rules consistent for on and offline activities will help them understand the dangers of both.

Being honest about cybersecurity also means pointing out the good things about online activities. Keep a balanced outlook. Emphasize they need to be cautious but enjoy the internet. It contains wonderful things to help them grow, socialize, and learn. As they learn better online habits, they will feel safer, confident, and in control. Honesty is the best policy.

Use your creativity

Cybersecurity concepts like online identities and malware are abstract concepts. Use examples and analogies that children can relate to. For example, use the analogy that computer viruses work like biological viruses. Explain how one “sick” computer infects another. Personal identities are unique like our fingerprints. Stealing someone’s identity is like dressing up like that person for Halloween so you can steal all of their candy. Find creative ways to relate cybersecurity concepts to their everyday life.

Build trust

Your child may assume your concerns are more about spying on their online activities rather than looking out for them. Reassure them you won’t get upset if they accidentally click on something they shouldn’t or if their device gets a virus. Overreacting will likely cause resentment, anxiety, and rebellion. These are all counterproductive to building good habits and trust.

For teenagers, be consistent about your concerns. Make it just as much about protecting devices and information as it is about who they’re talking to online. For small children, reinforce the notion that cyberthieves are tricky, but you can beat them by following the rules.

Go online together

The best way to teach a child something is to show them firsthand. Go online and search for a term that interests them. Then explore the results looking for good and bad websites. Take a tour of the browser’s interface. Point out the address bar, bookmarks, extensions, and the search results. Show them how to close an internet pop-up ad and what to do when they can’t find a close button.

Websites come in different flavors when it comes to data safety. Some talk with your browser using encryption and some don’t. Encryption keeps your data safe. Encrypted sites begin their URLs with “https:”. Unencrypted ones have “http”. Browser extensions like HTTPS Everywhere identify unsecure websites from secure ones automatically.


Together with your child, open their favorite app and explore its social and/or messaging features. Explain what to do if they receive a message. Show them how to respond to in-app purchase and pop-up ads. If you feel your child isn’t mature enough for messaging, check to see if the app allows disabling the feature.

Identify appropriate vs inappropriate information to share

Parents know small children are open books — freely sharing information you’d rather they just keep to themselves. So use cybersecurity education as a way to establish good and bad sharing practices.

Provide your children with examples of information that are safe to share online and some that aren’t. Even if they don’t have their social security number memorized, they can still reveal their address, their birthday, or their mother’s maiden name to a cyberthief posing as an online friend. Tell them sharing online is like sharing in person. Ask them what’s safe to share with a stranger and what’s not. The same rules apply.

Even small pieces of information like the dates of an upcoming family vacation could lead to a home invasion and physical theft of your devices. Cybercriminals now use botnets to read smart electric meters and determine when the home is empty, so giving them a heads up on when you’ll be away from home only makes their jobs easier.

Reinforce the need to be skeptical of anyone your child communicates with online. Cybercriminals befriend people on social media to gain their trust and get information. With that information, they can take over the victim’s account or steal their identity. Good information sharing habits help kids avoid these threats.

When discussing shareable information, practice what you preach. Often parents can be just as open with personal information as children. It’s tempting to spread the knowledge of your newly arrived baby, but exact details like time of birth, hospital, and your child’s full names can give cyber thieves a head start on discovering their SSN. Using your maiden name as a security question answer makes a hacker’s job easier.

What you share online about yourself and your children also teaches them what’s appropriate and inappropriate, so practice what you preach when it comes to sharing online. Your children are watching.

Use online resources

Another effective way to teach children about online safety is using online resources. Internet safety websites like the Federal Trade Commission’s OnGuardOnline has security tips, games, and other online learning resources for parents and guardians. Other sites use videos, quizzes, and other activities to teach cybersecurity basics to children.

Know the cyberthreats for children and teens

Knowing cybersecurity basics gives you the foundation for building a protection plan for you and your family. Now it’s time to get familiar with online activities, apps, and websites specific to children and teens.

Anonymous sharing

Over 75 percent of surveyed parents viewed anonymous sharing as “somewhat unsafe” or “very unsafe”. It’s a legitimate fear. Although anonymous sharing can promote healthy and open expression for users, it can also make it easier to overshare information

Apps like Snapchat allow users to post images and messages that only show up temporarily and then are removed. But nothing on the internet is ever temporary. Cyberthieves and bullies can easily take screenshots and photos of information and images before they disappear.


Popular apps like Whisper keep a user’s identity unknown, while others like Anomo start you off as anonymous but let your change your settings over time. If you tween or teen wants to share anonymously, you might steer them toward apps like After School, which is developed specifically for teenagers and includes resources for counseling, scholarships, and social campaigns.

Before letting your child use anonymous sharing apps, go over what information is safe to share. They should be wary of any messages containing links or attachments, which could contain malware or lead to phishing websites.

Social networks

Social media is changing the way kids socialize and get information. Tech giants like Facebook and Google have developed apps like Messenger Kids and You Kids to give kids safe online spaces to interact socially. The apps filter age-appropriate content and provide parental controls for account creation and monitoring. But they’re not foolproof, and older kids are good at getting around parental controls when they want.

Parental Controls

Many of the same strategies that work to keep inappropriate content from children also work to keep them safe from cybersecurity threats. Keep your kids safe by executing a multi-layered approach to parental controls starting with the devices themselves.

  • Set up parental controls for your devices: Windows and/or Mac
  • Set up parental controls for web browsers. For Chrome, you can create a supervised profile to monitor and block any content they visit. Firefox has many different add-on extensions for similar purposes.
  • Set up parental controls for all of the apps your kids can access. You can set their Facebook privacy setting to “Friends Only” and block specific content for their YouTube channels.

Setting up a multi-layered approach will create redundancies of protection — if one layer of protection fails, the others will still work.

Passwords

You child’s password to their social account is like gold to a cyberthief. With their password, cybercriminals can take over the account and use it to post fake news, spam others with messages, or create fraudulent ads. Help your kids create passwords for their social accounts. Record the passwords in case you need access yourself. Here are some strategies for creating secure passwords:

  • Find a balance between complexity and memorability. Creating longer passwords makes them more secure, but make sure they’re short enough so your child can remember them.
  • Include numbers and symbols.
  • Use random number and letter substitutions rather than commonly used ones.
  • Initialize two-step verification for apps that allow it.
  • Use a password manager that will do the remembering for you.

Your child’s password is the key to their social media privacy and their account. Keep them safe from cyberthieves by creating a secure password.

Direct Messaging

The majority of social media sites have direct message features for connecting with friends, family, and strangers. Direct messages are popular places for cyberthieves who place links to phishing sites and harmful downloads for kids. Here are the warning signs and how to avoid these schemes:

  • Avoid clicking on messages with an unusual amount of typos and misspellings, wrong subject-verb agreements, or unusual punctuation marks.
  • Messages asking for personal information like passwords, SSN, credit card, or PIN numbers. No legitimate social media site will correspond with its users about these topics through direct message.
  • Be extremely skeptical of messages claiming your account will be locked or deleted unless a specific action is taken.
  • Don’t click links that are mismatched from their descriptions. Hover over a link with your cursor and check the status bar at the bottom of your browser window. Make sure the status bar address matches the intended destination. Both addresses should match for any type of link, whether in direct messages, emails, or browsers.

Practice these cybersecurity habits with your children. Visit sites like scam-detector.com and show your kids common ways cyberthieves spread viruses via direct messages on Twitter, Facebook, and other social media networks.

Email attachments and links

Social engineering is a powerful way for cyberthieves to trick children into infecting their own devices or revealing personal information. Sit down with your kids and show them how you check your emails. Even have them send you one themselves with a message and an attachment like a picture.

Explain and demonstrate how a phishing email works and their telltale signs. Send your child an email with a “bad” mismatched link you made up. Show them how to hover the cursor over a link to reveal its true destination on the web. Most importantly, explain why you never open an email attachment from an unknown source. If you can’t confirm the source, delete the attachment.

Video streaming sites

The world of television programs and cable networks, familiar to many parents, has given way to online celebrities and YouTube videos for their children. Everyday, YouTube users watch over 1 billion hours of videos. All of this traffic draws the attention of scammers and cyberthieves looking to hack the system for profit.

For video sites like YouTube, cyberthreats don’t come from streaming videos but from other parts of the platform. While your child can’t get a virus while watching a YouTube video, they can click on a link in the comments section, in an ad, or in a video description and infect your device with malware.

It works like this: Your child searches for a movie on YouTube with their tablet. One of the videos in the search results has the correct title and images for the movie they’re looking for, so they click on it. However, it’s not the movie at all but a short video telling them to click the link in the video’s description if they really want to watch the full-length movie.

They click on the link, which takes them to a website. But now there’s a problem. You need an update to Flash Player before you can watch the movie. “Would you like to download the update?” the site asks. Of course they do, so they click the download link. Now, the iPad has a virus, and your child is upset. They stomp into your bedroom holding the iPad defiantly out in front of them exclaiming, “This doesn’t work!”. They’re absolutely right
Take these preventative measures to protect your devices from infection:

  • Get them familiar with how YouTube works. Show them the problem areas: where the comments section lives, what video ads look like, where links in video descriptions are inserted.
  • Enable YouTube Restricted mode, which will filter out inappropriate content and hacking schemes like the one above.
  • Download the YouTube Kids App and control their content through it. Some features like the comments section can be turned off completely.

Videos will only get more and more popular for both children and cyberthieves. Get ahead of cyberattack trends by educating your children on current threats within video platforms.

Online Video Games

Kids love video games, especially those that let them share their experiences and creations with others. Almost every video game today has some type of social component built in, whether it’s direct messaging or chat. Minecraft and Roblox are just two examples of popular user-generated online games that let kids build worlds and share them with others.


While such games are good for building imaginations and relationships, they’re also the playground for cyberthieves and hackers. Like YouTube, cyberthreats on the websites aren’t the problem. That is, you can’t get a virus just from playing Minecraft, League of Legends, or Roblox. You get it when you leave the game’s website and land on another, and hackers use social engineering tricks like the following to lure kids away:

  • Pop-up ads or chat links offering free coins, avatars, skins, and upgrades. Once clicked the ad or link takes them to a website that requires them to download an executable file. When opened, the program infects the computer with malware designed to steal data, which can include your banking formation and account passwords.
  • Fake login schemes use pop-ups within the game to tell the player they must provide their username and password to continue. Sometimes the pop-up claims the site is “under maintenance” as a social engineering ploy to steal a player’s account and lock them out.
  • Hackers use botnets to send spam and fake ads to millions of players, asking them to visit websites for free stuff. The botnet is designed to run a fraudulent ad scheme, which relies on more views and clicks to make the hackers money.

Here are some tips to help your child avoid phishing scams on video games:

    • If the game allows, set your child’s chat options to “friends only”.
    • Teach your child the “no free lunches” lesson. Drill the point home that if it sounds too good to be true, it probably is. The old adage should be the mantra for any parent warning their child about online “free” offers.

Cyberattacks can rob you of your personal data and your child of their hard-earned accounts. Keep the fun going by teaching your child the common tricks hackers use on video game websites.

Monitor your child’s identity

Identity theft doesn’t just affect adults. Infants and children are at risk of cyberthieves stealing their SSNs and ruining their credit. The Federal Trade Commission suggest parents watch out for these warning signs that your child’s identity may have been stolen:

      • Your child is denied government benefits because they’re being paid to another account.
      • You receive a notice from the IRS saying the child didn’t pay income taxes, or that the child’s SSN was used on another tax return.
      • You get collection calls or bills for products or services you didn’t receive.
      • Your child is denied a bank account or driver’s license

Here are some preventative actions to protect your child’s identity:

      • Run a check for a credit report in your child’s name with the three major credit reporting companies: Equifax, Experian, and TransUnion.
      • If your child has an existing credit report, someone has applied for credit in their name, which may be a sign their identity has already been stolen.
        If your child’s school ever has a data breach, watch their credit scores more closely. Consider freezing their credit reports if you suspect their identity has been compromised.
      • Check your child’s credit report when they turn 16. If there has been fraud or misuse, you will have time to correct issues before they apply for a job or car loan.

Keeping your child’s identity safe is a long-term plan. It may cost a little upfront time and money to prevent your child’s identity from being stolen, but they’ll thank you for it when they’re older … along with all of the other things you do for them.

Protect your devices

Your internet-connected devices are the touch points for your child’s online experience. Tablets, laptops, and desktops allow them to explore, create, and benefit from all the internet has to offer. They’re also the gateways into your personal data and identity, and they’re expensive to replace. Keep your devices malware and cyberattack-free with the following steps:

Avoid non-secure web pages

Non-secure websites don’t encrypt how they talk to your browser like secure ones do. It’s easy to identify websites that are non-secure. They start with HTTP in their URL address. Visit only secure sites that start with HTTPS. The ‘s’ stands for ‘secure’. If your favorite site’s address starts with HTTP, download antivirus protection, create a bookmark for navigating to it, and don’t enter your credentials.

Update your operating systems

One of the best ways to protect your devices is simply keeping your operating system (OS) up-to-date. Hackers love to exploit security holes in operating systems like Windows and Mac, so keeping your OS updated applies any patches these developers have released. You can manually update your Windows or Mac OS or set your system to auto-update for you. Remember, it’s the time between when the update is released and when you install it that your devices are at their biggest risk of infection.

Keep programs and apps to a minimum

Like operating systems, individual apps on your devices also need updating – and for the same reason. Aside from updating them, you should also decide whether you even need them at all. Take inventory of your apps and programs and decide whether you actually need them and how often you use each one. Remember, viruses need executable files to work, so the fewer apps and programs you need to download and update, the fewer your chances of infection.

A couple of programs you will want to give special attention to are Adobe Flash and Acrobat Reader. Both are popular targets for cybercriminals. If you don’t use them, uninstall them.

Get antivirus protection

Downloading and installing a comprehensive antivirus protection software will actually solve many of the problems outlined in this guide. From helping avoid malicious links to managing your passwords, antivirus software will keep your data confidential, your identity safe, your devices virus-free, and your children safe from harmful content.
Many major antivirus protection plans offer free downloads that provide some basic protections.

Cybersecurity is an investment

Like insurance, cybersecurity is something you avoid thinking about until you need it. But when disaster happens, you’re always glad it’s there. Stay ahead of the growing threat of cybercriminals and evolving malware by taking the time to invest in the things that work: educating yourself and your children, practicing good online habits, keeping your devices up-to-date, and getting a comprehensive antivirus software system.

The post Parents’ Ultimate Guide to Cybersecurity appeared first on Panda Security Mediacenter.

Your Company Suffered 130 Security Breaches in 2017

The number of cyberattacks worldwide is growing at a dizzying pace. The latest to come to mind is Bad Rabbit, but there have been many others. This number goes hand in hand with the growing economic impact of cybercrime, as underlined by the recent report of Accenture and Ponemon Institute “2017 Cost of Cybercrime”.

The number of security breaches increased by 27%

Since the beginning of this study, in 2009, the number of cyberattacks has grown year by year. But the pace from 2016 to 2017 has been dramatic: on average, companies were successfully attacked 130 times on average. One of the main reasons for this high number was undoubtedly WannaCry and NotPetya.

The economic consequences of these and other security breaches, and the investment required to combat them, have meant an average cost for companies in excess of 11.7 million dollars.

Time is money

The study notes something that may seem quite obvious: the longer it takes to find a solution, the greater the economic impact of cybercrime. And the bad news is that, in general terms, that time interval is increasing. Although security officers have been able to respond more aggressively to DDoS and web-based attacks (twenty-two and sixteen days respectively), they increasingly need more time to implement mitigating measures for cyberattacks that use malware (fifty-five days vs. forty-nine as of 2016). Malicious software attacks, in particular, were the most costly for companies, reaching 2.4 million dollars.

Five keys to increasing the level of security in your company

The negative effects of a cyberattack can vary widely: data theft, reputation crises, economic losses, irreparable damage to equipment and technical infrastructure, etc. So it is important to take into account a series of measures to increase your company’s level of protection and minimize the impact of cybercrime.

  • Prioritize critical assets: It is unrealistic to think that the company can be one-hundred percent protected. An effective security plan is able to identify which assets are fundamental to the operation of the company and strengthen their defenses.
  • Build awareness with your employees: The protection of the company depends, to a certain extent, on their decisions. Properly your company’s workforce reduces, for example, the risk of suffering a social engineering attack.
  • Implement advanced cybersecurity solutions: These tools allow you to anticipate the malicious behavior of threats and to activate protection systems even before the malware is executed. For example, thanks to the continuous monitoring of all processes and the advanced prevention, detection and remediation capabilities of Panda Adaptive Defense, none of the clients equipped with our solution was affected by Bad Rabbit.
  • Make backups: Your company doesn’t only need backup copies; the data contained in these backups is critical and, therefore, must be protected correctly. Among other measures, these backup copies should only be accessed by those who expressly need it and access passwords should be sufficiently robust.
  • Have a coordinated security strategy: On numerous occasions, cybercrime is a form of organized crime. The defense must also be coordinated and highly organized.

The number of security incidents and the economic impact of cybercrime will continue their upward trend. It’s time to start thinking of cybersecurity as an investment, and not an expense.

The post Your Company Suffered 130 Security Breaches in 2017 appeared first on Panda Security Mediacenter.

From 1980 to 2018: How We Got to the GDPR

In 1980, the Organization for Economic Cooperation and Development, or OECD, established frameworks to protect privacy and personal data. From then until now, we have experienced several profound changes in legislation, notably the EU Data Protection Directive. Now in 2018, the General Data Protection Regulation, or GDPR, will begin to take on its true value, as May of this year will be when the adaptation period will be over.

The first moves toward a data protection law

The development of the OECD Guidelines, stemming from the need to adapt the already obsolete OEEC, was the first step to committing the thirty-five participating countries to mutual respect and clarity in the transfer of information.

As the importance of the Internet and data grew and became global, the OECD guidelines established the first comprehensive personal data protection system in all its member states.

These guidelines were based on eight principles to ensure that the interested party was notified when their data were collected; that this data was used for the stated purpose and for nothing else; that, in addition, these purposes were defined at the time of collection; that your data would not be disclosed without your consent; that the data record be kept secure; that the interested party be informed of everything; that they could access their data and make corrections; and, finally, that the interested party had at their disposal a method to hold the data recorder accountable for not following said principles.

And then came the data protection framework

In 1995, it was time to update the regulation of personal data and its management. Directive 95/46/EC of the European Union, also known as DPD, or Data Protection Directive, was a step forward that included the eight OECD guidelines and extended the application in a context where privacy was much more important.

But the fundamental change was in the legal section. Specifically, the OECD guidelines consisted of the Council’s recommendations regarding the guidelines that govern the protection of privacy and the cross-border flow of personal data and, therefore, non-binding.

Directive 95/46/EC changed this aspect, providing more concise definitions and specific areas of application. Although the directive itself is not binding for citizens, the member states had to transpose the local directives before 1998. This modification was also intended to create an administrative homogeneity and an equal legal framework for all member states.

Adopting the GDPR

Despite the considerable efforts involved in the implementation of the Data Protection Directive, in just a decade the progress proved to be insufficient. One of the main criticisms of the previous directive was the limited control of the interested parties over their data, which includes their transfer outside the European area.

This directly involves multinationals and large companies that were able to take advantage of the deficient framework of the previous directive for their own interests. To resolve this, in 2016 the adoption of the General Data Protection Regulation, or GDPR, was approved.

Since then, and until May 2018, everyone has had time to adapt to the regulations. The most remarkable thing about the GDPR is that, unlike the previous directives, it does not require local legislation, homogenizing, once and for all, legislation regarding protection within the member states and companies that work with EU citizens’ information, inside and outside of this region.

Is your company ready?

The European Union foresees that the application of the GDPR will suppose sanctions of up to twenty million euros or 4% of turnover of the previous period for non-compliance. Now that we are in the final stretch, it is convenient to determine whether our company is prepared to meet the challenges.

All companies that collect and store the personal data of their employees, customers and suppliers residing in the EU are affected. This is important if we take into account that 80% of the data handled by the organizations is unstructured.

The increase of confidential data stored in an array of databases puts protection in the spotlight. Cyberattacks could lead to a serious sanction. Good practices in Data Security Governance are the key to mitigating these risks and ensuring compliance.

Luckily we have tools such as Panda Adaptive Defense and Panda Adaptive Defense 360, which have a Data Control module to help with such tasks. This tool is specialized in simplifying the management of this personal data since it discovers, audits and monitors in real time the complete life cycle of these files. And do not forget that keeping up with the GDPR is an active and meticulous process, but one which can be simplified and automated if with the right help. Don’t wait until May!

The post From 1980 to 2018: How We Got to the GDPR appeared first on Panda Security Mediacenter.

Ransomware: Screen Lockers vs. Encryptors

It’s December 1989, and Joseph L. Popp, an American evolutionary biologist from Harvard, walks into his local post office carrying a large stack of envelopes stamped “PC Cyborg Corporation”. He carefully slides each one into the “Outgoing” slot. Finished, Popp exits the post office, unaware he’s just kickstarted one of the most lucrative cybercrime activities of the 21st century: ransomware.

A continent away, a female researcher at the World Health Organizations opens one of Popp’s envelopes. Inside is a 5 ¼-inch floppy disk with instructions to carry out a research survey to test the risks of contracting AIDS. Excited, she inserts the disk expecting to see cutting-edge research into a virus currently plaguing the world.
Instead, she’s receives to a computer virus.

The computer display reads, “Restart your computer now.” She shuts her PC down and reboots. Nothing. “Turn on your printer,” the computer suddenly demands. The printed paper exits inch by inch, finally revealing a ransom note demanding $189 for a “licensing fee” in exchange for a decryption key. The money is to be mailed to a P.O. box in Panama. If the money is not sent, then decades of research data will be deleted.

Joseph Popp mailed 20,000 of these envelopes to 90 countries around the globe before the FBI captured him at his parents’ home in Ohio. Fearful of the breach, some researchers preemptively deleted decades worth of data, even though Popp’s crude ransomware was later easily defeated by computer techs. One Italian AIDS organization reportedly lost 10 years of work.

Popp’s story is the first ransomware attack, and it illustrates how cybercriminals pray on our hopes and fears. The Harvard biologist’s malware bares little resemblance to today’s strains. In just three decades, ransomware has gone from post office packages to self-replicating, viral monsters capable of infecting hundreds of thousands of computers around the world.

Today, ransomware attacks are on the rise. A recent Verizon study shows a 50 percent increase in 2017 alone. Ransomware is popular among crybercriminals because it’s the most profitable malware in existence today.

Ransomware works just like a real-life hostage situation. Someone kidnaps your data and demands money. There are two basic types of ransomware: encryptors and screen lockers.

Encryptors infect your devices and turn your data into unreadable $&@%#* gibberish. Screen lockers shut off access to your computer by taking over the operating system. They deny access to the data but don’t encrypt it.
If you know which type of ransomware you’re dealing with, you have a better chance of getting your money back.

Screen Lockers

Ransomware works for one simple reason — it attacks our emotions. The fear of losing your family photos or that novel you’ve been working on is palpable. Fear is what gives cyberthieves the power to manipulate. Here are some common ransomware scams and screen lockers.

Metropolitan Police scam

As you’re scrolling through your Facebook feed, a pop-up window appears out of nowhere. It has an official looking coat of arms next to the words “METROPOLITAN POLICE” in all caps, so you know it’s serious business. The message below reads: “You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc.)”.

After a slight pause to consider what the “etc.” might be, your backbone drops 50 degrees and a knot forms in your gut. You make a hasty mental run through the last websites you’ve visited.

Disgusted at the accusation, you maneuver your cursor to the close the window but nothing happens. Your computer is locked, and the only way to unlock it is to pay a “$300 fine” for your alleged digital indiscretions. Now, a live video feed suddenly pops up. On your laptop screen, you now see your own face staring back at you. You’re horrified. Someone has hacked your webcam and is spying on you. Welcome to the Metropolitan Police ransomware attack.

How did this happen? Many types of ransomware infect systems through phishing emails. Hackers use false accusations, threats of incarceration, and voyerism to motivate victims into paying ransoms. Many infections come from phishing emails that trick users into visiting malicious websites or downloading infected attachments.

Should you start packing for a trip to prison? No. The Metropolitan Police attack is a scam and doesn’t directly threaten your data through encryption. The only malware you have on your computer is the script running the pop-up window and accessing your computer. Nevertheless, the ransomware is effective at intimidating people enough to pay the “fine”. Never pay the ransom. Instead, download antivirus removal software.

FBI MoneyPak scam

The FBI MoneyPak scam is a variation on the Metropolitan Police attack and uses the same types of intimidations. The pop-up looks like an official FBI notice, warning users they’ve infringed copyright laws by illegally downloading files like MP3s, movies, and software. Although the FBI MoneyPak doesn’t hijack your webcam, it does deploy a similar scare tactic, claiming authorities can identity you through your IP address.

Cyberthieves demand payment of the ransom through the online wallet service MoneyPak, a competitor to other sites like PayPal or Serve. Hackers may also require a prepaid debit card. Again, the MoneyPak attack is a scam, not a legitimate ransomware attack that threatens your data.

Protect yourself from these types of scams by enabling automatic updates for your operating systems.

Encryptors

Recent cybersecurity studies show encryptors as the most effective forms of ransomware today. Hackers are developing more sophisticated forms of encryptors, which are not only harder to detect but are capable of replicating themselves. Unlike basic screen lockers, encryptors do threaten your data.

CryptoLocker

Inspired by viruses like the Metropolitan Police scam, hackers have developed data-threatening ransomware like CryptoLocker, which hijacks users’ documents and gives the victim 72 hours to pay the ransom. To kick up the drama, an ominous clock is included with CryptoLocker that begins a countdown to data doomsday.

CrytoLocker infections come from an email containing ZIP files and passwords for activation. When you open the email and enter the password, a trojan virus is deployed on your system and begins encrypting your hard drive. The hacker then makes a private key that becomes the only access to decrypting the data. If you don’t pay the ransom, the key is destroyed and the data stays encrypted.

Keep your data out of hackers’ hands by taking away their power to destroy it. Keep your data backed up in a separate drive or in the cloud.

WannaCry Attacks

On Friday, May 12th, 2017, North Korea launched an enormous ransomware attack that spread around the globe. The WannaCry attacks of 2017 were the world’s most widespread and destructive ransomware attack to date — infecting more than 230,000 computers in 150 countries. The hackers required a $300 ransom payment, a clear signal they were targeting small businesses, organizations, and individuals.

WannaCry ransomware is feared in cybersecurity circles for its ability to self-replicate. WannaCry doesn’t need you to open an email or download an attachment from a website. It replicates through a worm virus, sending copies of itself throughout the internet.

WannaCry gains entry through vulnerabilities in your operating system and takes over your computer, encrypting your data and demanding a ransom. Like most data-destructive ransomware, by the time users discover they’re infected, it’s too late.

Ransomware has become exponentially more sophisticated and destructive since Joseph Popp snail mailed his infected floppy disks. Analog delivery methods have given way to more autonomous forms as cyberthieves mix and match malware characteristics to create new strains. In June of 2017, cybersecurity experts discovered a new form of ransomware called Petya, which includes features of both screen lockers and encryptors. If you’re worried about ransomware, protecting yourself is fairly simple. Follow tips for avoiding ransomware and invest in comprehensive antivirus software.

Download your Antivirus

The post Ransomware: Screen Lockers vs. Encryptors appeared first on Panda Security Mediacenter.

Top 8 cyber-security mistakes in Star Wars

The Death Star is the easiest-to-hack infrastructure in the entire universe

If the Galactic Empire from Star Wars had had just a basic knowledge of cyber-security, the popular saga would have had the same duration as a 10 or 15 minute short film instead of three trilogies.

This is because the security measures implemented by the Death Star, and the action protocols used by the stormtroopers, are so poor that instead of sending out a group of Jedi Knights with lightsabres, a single hacker with basic computing knowledge would have been enough to defeat Darth Vader’s army and the Emperor.

What’s more, if a CISO had been on board of the Death Star, they wouldn’t have needed lightsabres or laser blasters to defend themselves from such intruders as Luke Skywalker, Obi-Wan Kenobi, Han Solo or Chewbacca. The elderly character portrayed by Alec Guinness would never have been able to deactivate the tractor beam that captured the Millennium Falcon, nor would R2-D2 have been able to find the cell where Princess Leia was imprisoned.

Since the Stars Wars saga is too long to be analyzed in a single post, we’ll focus our attention on the first installment of the original trilogy: Stars Wars: A New Hope.

Anti-spoofing protection failures

The cyber-security flaws affecting the Galactic Empire are not just in the Death Star. The Imperial stormtroopers can be considered the weakest link in the entire Empire cyber-security chain. Unfortunately, this is not science fiction, as the same happens in the real world. In any organization, people are the most productive attack vector used by hackers.

The scene in Mos Eisley in which Obi-Wan uses a mind trick on a group of stormtroopers to allow him and Luke Skywalker access to the village is a clear example of this. Had the Galactic Empire had an ‘anti-spoofing system for neural networks’, the elderly Jedi and his apprentice would have never gone beyond that point.

Remember that the term ‘spoofing’ refers to a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver.

Wrong network segmentation

As soon as our heroes arrive at the Death Star and get passed the stormtroopers that watch the landing bay where the Millennium Falcon is located, they sneak into a control center where there is an access point to the battle station’s main computer.

Without hesitating for a moment, Obi-Wan orders the droids to connect to the computer, because from there they will be able to “access the entire Imperial network.” This would have never happened if the bad guys had segmented their network correctly.

Access by ‘malicious dongles’ allowed

Although the term ‘dongle’ is little known among the general public, we all are familiar with those small pieces of hardware that we connect to our smartphone or PC to provide it with additional functionality. A dongle, for example, is that small antenna you plug into your computer’s USB port to receive the signal of your wireless mouse. They are also very common with Apple devices, for example, in order to connect a Mac to a TV via an HDMI cable.

On the Death Star, R2-D2 uses his small gyroscopic arm as a dongle to connect to the Imperial network. This way, the good guys get all the information they need to attack the system and find Princess Leia. A security system that prevented unauthorized devices from connecting to the network would have been enough for Darth Vader to stop his daughter from being rescued.

Lack of document security and encryption

While Luke Skywalker and his friends are still hiding in the Death Star control center, we see another major cyber-security mistake. Once R2-D2 manages to access the Galactic Empire’s computer network, he gets the space station’s blueprints without difficulty.

Given that this information is so critical for the security of all the inhabitants of this gigantic artificial planet, you would expect that, at least, access to those files would be password-protected.

Also, it would have been advisable to encrypt all of those documents to protect them from prying eyes.

Lack of physical barriers

Nor does it make much sense to see the tractor beam control unit on board the Death Star with such poor security. Obi-Wan Kenobi manages to access the console and turn off the device without problems, in order to allow Han Solo’s and Chewbacca’s ship to escape. If only the architects who designed the battle station had put a door in front of the controls, it would have been much more difficult for the Jedis to escape.

Need for better action protocols in the event of a security incident

Luckily for Luke, Han and Chewie, the stormtroopers don’t have an adequate action protocol to follow in the event of a security incident. Any company in the real world that stores valuable information or materials (we are not aware of any company that is holding a galactic princess captive in its basement), would have responded much more effectively to the attack launched on the Death Star’s dungeons.

It is unbelievable that so much time passes between the time when Han and Chewbacca destroy all surveillance cameras in the detention center, and the time when someone finally realizes that there is something wrong and decides to send troops to put the situation under control.

Top executives are not very receptive to the CISO’s advice

If the Death Star were an organization in the real world, Admiral Wilhuff Tarkin, who is responsible for supervising the operation of the battle station, would be the General Manager. Despite knowing all the intricacies and potential of the gigantic ship, it is really surprising that he pays absolutely no attention to any warnings regarding security risks.

At the end of the movie, when the Rebel Alliance’s X-wing squadron is attacking the Death Star, a member of the battle station’s crew – equivalent to a CISO or a member of the IT security team in a real-world organization – warns Tarkin of potential vulnerabilities. Had the Admiral been more receptive to these cyber-security recommendations, he would have evacuated all personnel from the space station.

No patch management policies

Nevertheless, the most serious security mistake affecting the Death Star is the vulnerability found and exploited by the rebel forces in order to destroy it. This is a tiny space, only 2 meters wide, which Luke Skywalker fires at, blowing up the Death Star.

However, a few minutes before the young Jedi fires his proton torpedoes, the Death Star engineers also discover its one fatal flaw. Had they installed a security patch, the Galactic Empire would probably still be ruling the Galaxy.

Reality vs fiction

“This is one more example in which parallels can be drawn between fictional and real-life situations,” states Hervé Lambert, Global Retail Product Manager at Panda Security. “Almost any connected device is susceptible to hacking and reprogramming for shutdown or for any other purpose other than the intended one. Device and/or program developers must be aware of this and reinforce security protocols.

The bad guys’ goals have changed, their techniques have become more sophisticated, the attack vectors have multiplied, and their tools are more precisely designed. Attackers are meticulously studying their victims to adapt their strategy and achieve the greatest possible impact.
The efficiency, effectiveness, and profitability of the real world’s dark side are proven time and again, and we must be vigilant to implement the mindset shifts and strategies required to achieve the highest levels of security.”

Download your Antivirus

The post Top 8 cyber-security mistakes in Star Wars appeared first on Panda Security Mediacenter.

Meltdown and Spectre, behind the first security hole discovered in 2018

The security flaw affects virtually every operating system, in particular those based on Intel, AMD and ARM processors.

2018 could not have had a worse start from a cyber-security perspective as, yesterday, a major security hole was found in Intel, AMD and ARM processors.  The critical flaw discovered in the affected computers’ architecture and operating system has rocked the technology industry, and developers around the world have rushed to roll out fixes.

The vulnerability, leveraged by the Meltdown exploit on Intel systems, is particularly worrying as it can lead to exfiltration of sensitive data such as login credentials, email messages, photos and other documents. It enables attackers to use a malicious process run at user level on the affected workstation or server in order to read other processes’ memory, even that of high-privileged kernel processes.

The flaw can hit home users and virtually every company, as Spectre affects all kinds of computers: desktops, laptops, Android smartphones, on-premises servers, cloud servers, etc. The more critical information handled by a potential victim, the greater the risk to suffer the attack.

Microsoft and Linux have already released updates for their  customers security. We’d like to inform our customers and partners that the tests carried out by Panda Security show that there are no compatibility conflicts between our endpoint security solutions and Microsoft’s security update.

At present, there is no evidence of public security attacks leveraging the flaw, but judging from past experience, it is not at all improbable that we may witness an avalanche of Trojans and spam campaigns attempting to exploit the vulnerability.

How to mitigate the vulnerability

Newer generation processors are not affected by the flaw, however, replacing all vulnerable systems is not a viable option at this time.

For that reason, the only possible countermeasure at this stage is to mitigate the vulnerability at operating system level. Microsoft and Linux are working on or have patches ready that prevent the exploitation of this hardware bug, with Linux being the first vendor to release a fix.

Microsoft, which initially planned to include a patch in the security update scheduled for Tuesday January 9, released a fix yesterday that is already available on the most popular operating systems and will be gradually deployed to all other systems. For more information, please visit this page.

It is worth mentioning that Microsoft’s security patch is only downloaded to target computers provided a specific registry entry is found on the system. This mechanism is designed to allow for a gradual update of systems coordinated with security software vendors. This way, computers will only be updated once it has been confirmed that there is no compatibility issue between the patch and the current security product.

Technical Support

For more information, please refer to the following technical support article . There you will find detailed information about the Microsoft patch validation process, how to manually trigger the patch download, and the way our products will be gradually updated to allow the automatic download of the new security patch just as with any other update.

We’d also like to encourage you to find detailed information about Microsoft’s security update and the potential impact it can have on desktop, laptop and server performance.

Finally, Microsoft, Mozilla and Google have warned of the possibility that the attackers may try to exploit these bugs via their Web browsers (Edge, Firefox and Chrome), and that temporary workarounds will be released over the next few days to prevent such possibility.  We recommend that you enable automatic updates or take the appropriate measures to have your desktops, laptops and servers properly protected.

Cyber-Security recommendations

Additionally, Panda recommends that you implement the following best security practices:

  • Keep your operating systems, security systems and all other applications always up to date to prevent security incidents.
  • Do not open email messages or files coming from unknown sources. Raise awareness among users, employees and contractors about the importance of following this recommendation.
  • Do not access insecure Web pages or pages whose content has not been verified. Raise awareness among home and corporate users about the importance of following this recommendation.
  • Protect all your desktops, laptops and servers with a security solution that continually monitors the activity of every program and process run in your organization, only allowing trusted files to run and immediately responding to any anomalous or malicious behavior.

Panda Security recommends all companies to adopt Panda Adaptive Defense 360, the only solution capable of providing such high protection levels with its managed security services. Discover how Panda Adaptive Defense 360 and its services can protect you from these and any future attacks.

Customers using our Panda Security home use solutions  also enjoy maximum protection as they feed off the malware intelligence leveraged by Panda Adaptive Defense 360, as shown in the latest independent comparative reviews. The protection capabilities of Panda Security’s technologies and protection model are demonstrated in the third-party tests conducted by such prestigious laboratories as AV-Comparatives.

How do these vulnerabilities affect Panda Security’s cloud services?

Cloud servers where multiple applications and sensitive data run simultaneously are a primary target for attacks designed to exploit these hardware security flaws.

In this respect, we’d like to inform our customers and channel partners that the cloud platforms that host Panda Security’s products and servers, Azure and Amazon, are managed platforms which were properly updated on January 3, and are therefore protected against any security attack that takes advantage of these vulnerabilities.

What effect do these vulnerabilities have on AMD and ARM processors?  

Despite the Meltdown bug seems to be limited to Intel processors, Spectre also affects ARM processors on Android and iOS smartphones and tablets, as well as on other devices.

Google’s Project Zero team was the first one to inform about the Spectre flaw on June 1, 2017, and reported the Meltdown bug before July 28, 2017. The latest Google security patch, released in December 2017, included mitigations to ‘limit the attack on all known variants on ARM processors.’

Also, the company noted that exploitation was difficult and limited on the majority of Android devices, and that the newest models, such as Samsung Galaxy S8 and Note 8, were already protected. All other vendors must start rolling out their own security updates in the coming weeks.

The risk is also small on unpatched Android smartphones since, even though a hacker could potentially steal personal information from a trusted application on the phone, they would have to access the targeted device while it is unlocked as Spectre cannot unlock it remotely.

Apple’s ARM architecture chips are also affected, which means that the following iPhone models are potentially vulnerable: iPhone 4, iPhone 4S, iPhone 5 and iPhone 5C. Apple has not released any statements regarding this issue, so it is possible that they managed to fix the flaw in a previous iOS version or when designing the chip.

As for the consequences and countermeasures for AMD processors, these are not clear yet, as the company has explained that its processors are not affected by the Spectre flaw.

We’ll keep you updated as new details emerge.

 

The post Meltdown and Spectre, behind the first security hole discovered in 2018 appeared first on Panda Security Mediacenter.

Have scientists just invented a vaccine against fake news?

The issue of fake news hasn’t been far from the headlines since Britain voted to leave the European Union, and Donald Trump was elected the 45th President of the United States. These unexpected outcomes have been blamed, in part, on “fake news” circulating on social media sites like Facebook.

There are two problems with fake news. First, it is almost completely untrue, like claims that Pope Francis had endorsed Donald Trump for President. Second, these fake stories aren’t seen by everyone – just the people who the Facebook/Twitter news algorithms identify as the most likely to read them.

The real problem is that not everyone can tell the difference between fake and real news. Surprisingly, young people growing up in the Internet era seem least able to spot a fake news story.

Scientists think they may have an answer

Having investigated the phenomenon, researchers believe they may have developed a ‘vaccine’ against fake news. Their experiments found that people who are shown real news, followed by a fake news story were much more likely to accept the lies they saw second.

But if the “true” news story referenced fake news and warned about its untrustworthiness first, fewer people were tricked when they came to read the second. The research team now believes that by calling out fake news first, people won’t be fooled when read lies at a later date.

No protection is fool-proof

Obviously there are a few problems with this proposed vaccine. First, story writers must be aware of the details of fake news stories before they can write their own. Which makes writing news even harder than it already is.

Second, the exact same “vaccine” can be used by used by fake news outlets to make their own stories even more credible. Presenting a fake story and discrediting the truth in it could have a similar effect on readers – particularly if they encounter the lies first.

Don’t trust everything you see on social media

The proposed vaccine may help to limit the spread of fake news, but it will never eradicate it completely. Instead we all need to take some responsibility for training ourselves to spot the lies that are published online. We can start by being more sceptical about the popular stories appearing in our timelines until they are checked against a reputable news source.

In fact, Facebook published 10 tips for spotting fake news – and they work very well. By learning to verify the news we read ourselves, the vaccine may become irrelevant.

It is also worth remembering that fake news is often about more than fooling people and influencing their thinking. Fake news sites have been known to host malware that infects computers, stealing personal information, or demanding a ransom after encrypting their data.

Fortunately there is a proven vaccine for fake news-related malware – Panda Security Antivirus. This comprehensive anti-malware kit may not stop you being fooled by fake news – but it will stop your computer being infected.

Download your Antivirus

The post Have scientists just invented a vaccine against fake news? appeared first on Panda Security Mediacenter.

2017 in Figures: The Exponential Growth of Malware

2017 was especially hectic for cybercrime, especially when it comes to malware and its offshoots. The increased number of attacks and, above all, the professionalization of the techniques used by cybercriminals has been at the root of malware’s exponential proliferation. In 2017 alone (according to data collected up to September 20), PandaLabs registered 15,107,232 different malware files that we had never seen before. But the total number of new malware is much higher — up to 285,000 new malware samples every day.

It makes perfect sense that the top 10 of malware files in our cloud includes names like WannaCry, the ransomware that caused havoc in business networks around the world, and a version of CCleaner, installed by more than two million users. But in addition to the trends that have been making headlines everywhere, what conclusions can we draw about the state of malware in 2017? We discuss the essentials in PandaLabs’ Annual Report.

Malware’s Attempt to Go Unnoticed

Upon reviewing the figures, we see that of the 15,107,232 files registered, 99.10% have been seen only once. That is, 14,972,010 files. We have only seen 989 malware files on more than 1,000 computers, 0.01%. This corroborates what we already knew: namely, that aside from a few exceptions — such as the abovementioned WannaCry or HackCCleaner — most malware changes every time it infects, so each copy has a very limited distribution.

This year’s data makes it clear that although there are many more types of malware, each of them infects only a few devices individually. By attacking the minimum number of possible devices, each specimen reduces the risk of being detected and fulfils its purpose: to go unnoticed and ensure the attack’s success.

In any case, the total number of new malware samples (15 million) is not so relevant when it comes to calculating risk. What really affects us is the frequency with which we can individually confront the malware itself. To evaluate this risk, PandaLabs measured only those malware infection attempts that were not detected by signatures or by heuristics.

Recommendations for a Malware-free 2018

Following these tips will help reduce the risk of becoming a victim of malware:

  • Think before you click: do not access links sent to you by strangers.
  • Avoid downloading applications from unreliable sources.
  • Do not wait until tomorrow — keep up with system updates.
  • Use strong passwords to protect your identity.
  • Choose an advanced cybersecurity platform.

Our protection technologies improve and are updated as the amount of malware grows, which is why we are able to detect the threats that other solutions cannot. Panda Adaptive Defense is keeping up with threats and offers the market the services and tools needed to face whatever awaits in 2018. We’re ready to take on the new year!

The post 2017 in Figures: The Exponential Growth of Malware appeared first on Panda Security Mediacenter.

Small business cybersecurity risks for 2018

About 99.8% of all businesses in the USA are considered small businesses. The Census Bureau and the Small Business Administration define small businesses as private companies having fewer than 500 employees. Roughly about 50% of the US workforce in the US is employed by small businesses. While this is a significant chunk of the US economy, this is arguably the most fragile one. Only one-third of the newly formed small businesses will survive ten years or more.

Being a small business in the sea of thriving competition means that you have to be spotless in everything you do as chances your business won’t last long are high – only about half of all new small businesses make it past the 5-year mark. Small business owners wear many hats and are known to be the most optimistic businessmen in the world. Even though the risks are there and your business could cease to exist in a blink of an eye due to a cyber-security issue or a lawsuit, being a business owner is probably the only way for you to get a piece of the American dream. So many people jump on the train!

While optimism is an integral part of being a leader, leaders do not rely on luck, they are cautious and always prepared. It has been estimated that half of the small businesses that suffer a cyber-attack go out of business within six months as a result. And your business could be the next victim.

Here is a top five of the biggest threats to small firms in the US for 2018.

Phishing attacks

The first, and probably the most common problem seen in small businesses, is seeing them falling for phishing scams. Those types of scams are as old as the internet, and you can avoid becoming a victim by educating your employees about the dangers on the internet, and by restricting their rights accordingly. Make sure that even if they want to harm your company devices, they won’t be able to succeed.

Ransomware

No one is safe; ransomware attacks happen all the time and companies from all sizes fall victims every day. Ransomware attacks could be easily avoided if all company systems are kept up-to-date, and they have quality anti-virus software installed. Always make sure that you regularly make backups of your company’s files and be very careful with the data that you open on your computer – use your anti-virus software to confirm that they are not malicious. Make sure you run regular educational cyber security seminars with your employees who have access to company devices.

Cloud storage

The cloud computing services are genuinely changing the ways how small businesses operate and are becoming an option of choice for small and medium-sized companies. Cloud storage services ease the lives of many business owners as they come with defense measures and timely security updates. While cloud storage might seem like a great idea you never know if your cloud storage provider is as secure as you want them to be, make sure that you are using reputable service providers.

Attacks affecting websites

Web-based attacks will continue to change small businesses in 2018. Very often small business websites do not have multiple layers of security and hackers make their way in so they can execute malicious activities right from your company website. This could have a disastrous effect on your branding as such websites get quickly penalized by search engines such as Google and Bing. Not changing your passwords or not updating your company website WordPress plugins may cost you a lot.

Compromised and stolen devices

Laptops, cell phones, tablets, computers, and Macs – they all contain company information that could be useful for cybercriminals. Make sure that you highlight to your employees that company information should only be stored and accessed by verified and adequately secured company devices. The information on stolen or compromised machines could be used against the interests of the company that you own or represent.

Small business will be a target in 2018!

However, cybersecurity should not be of concern if you have multiple layers of security on all your systems, backup up your company’s files often, and you regularly update your systems. Do not ignore those update-notifications – they are released by service providers to improve processes and security. Your chances of becoming a ransomware victim, or seeing your company website being taken over by hackers significantly decrease if you build a habit of updating your systems and have anti-virus software solutions capable of handling the cybersecurity needs of your company.

Check out our 2018 Cybersecurity Trends Report

The post Small business cybersecurity risks for 2018 appeared first on Panda Security Mediacenter.