MediaCenter Panda Security http://www.pandasecurity.com/mediacenter Just another WordPress site Mon, 22 Dec 2014 17:23:35 +0000 en-US hourly 1 http://wordpress.org/?v=4.0.1 The number of leaked email addresses and passwords has exploded in 2014http://www.pandasecurity.com/mediacenter/security/number-leaked-email-addresses-passwords-exploded-2014/ http://www.pandasecurity.com/mediacenter/security/number-leaked-email-addresses-passwords-exploded-2014/#comments Mon, 22 Dec 2014 17:22:25 +0000 http://www.pandasecurity.com/mediacenter/?p=12721 The statistics speak for themselves: The emails you send and receive every day at work are a time-bomb. This is not just because they can be an entry point for cyber-crime, such as extortion or malware that can infect your computer, but also because through email, cyber-criminals can steal your account. In fact, the email […]

The post The number of leaked email addresses and passwords has exploded in 2014 appeared first on MediaCenter Panda Security.

]]>
The number of leaked email addresses and passwords has exploded in 2014

The statistics speak for themselves: The emails you send and receive every day at work are a time-bomb.

This is not just because they can be an entry point for cyber-crime, such as extortion or malware that can infect your computer, but also because through email, cyber-criminals can steal your account.

In fact, the email account you use in your company is now in more danger than ever before, simply because the number of compromised email accounts has reached astronomical figures.

Just a few months ago, five million Gmail account details were leaked on a Russian cyber-security forum, raising doubts about the security of the Google service, and creating jitters among the service’s millions of users.

However, the scandal of leaked Gmail accounts was barely the tip of the iceberg. Shortly after, Home Depot, the home improvements retails chain, announced a security breach in its payment platform that had compromised the details of no less than 53 million email addresses.  It’s clear then that our details of email addresses can be obtained from anywhere.

As if this weren’t enough, a group of cyber-security experts recently published a study confirming the trend (as if it were really in any doubt): In just three months the details of more than six million accounts have been leaked, along with the corresponding passwords.

 five million Gmail account details leaked

It’s a frightening figure, and more so considering that these are just the confirmed cases.

According to the study, most cases are due to people using company email addresses in private environments and the low levels of security associated with such email accounts.

Trojans infecting poorly protected computers or the use of email accounts with inadequate security are the most probable causes of this increase in the leaking of email addresses and their passwords.

The result of all this is seriously concerning: the use of these passwords by cyber-criminals against the users themselves. Moreover, if millions of account details have been leaked in just the last three months, the amount for the whole of 2014 could be twenty times greater.

Given how this trend underlines that corporate email accounts are not as secure as they should be, it is advisable to implement security measures such as two-step verification or at least frequent changes to email passwords.

The post The number of leaked email addresses and passwords has exploded in 2014 appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/security/number-leaked-email-addresses-passwords-exploded-2014/feed/ 0
How to disable the WhatsApp blue double check on Androidhttp://www.pandasecurity.com/mediacenter/social-media/disable-whatsapp-blue-double-check-android/ http://www.pandasecurity.com/mediacenter/social-media/disable-whatsapp-blue-double-check-android/#comments Mon, 22 Dec 2014 15:50:39 +0000 http://www.pandasecurity.com/mediacenter/?p=12718 Android users can now disable the blue double check in WhatsApp. The corresponding update for the app is now available from Google Play. Do you want to know how to disable it? How to disable the WhatsApp blue double check on Android Follow these steps: From the latest version of the app, go to ‘Settings‘ […]

The post How to disable the WhatsApp blue double check on Android appeared first on MediaCenter Panda Security.

]]>
Android users can now disable the blue double check in WhatsApp. The corresponding update for the app is now available from Google Play.

Do you want to know how to disable it?

How to disable the WhatsApp blue double check on Android

Follow these steps:

  • From the latest version of the app, go to ‘Settings
  • Then go to ‘Account
  • Next ‘Privacy
  • And finally, unselect ‘Read receipts’.

How to disable the WhatsApp blue double check on Android

Don’t forget though, that if you disable read receipts, you won’t be able to see when your messages are read either.

What do you prefer?

The post How to disable the WhatsApp blue double check on Android appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/social-media/disable-whatsapp-blue-double-check-android/feed/ 0
5 tips to avoid a ‘nightmare before Christmas’http://www.pandasecurity.com/mediacenter/tips/5-tips-avoid-nightmare-christmas/ http://www.pandasecurity.com/mediacenter/tips/5-tips-avoid-nightmare-christmas/#comments Fri, 19 Dec 2014 08:58:44 +0000 http://www.pandasecurity.com/mediacenter/?p=12710 If you’re going away, don’t post details on social networks about where you are or when you’re returning. It’s better not to share this kind of information with others on your Facebook or Instagram account. If you order a taxi for the company’s Christmas party, remember that all the apps on your phone require certain permissions. […]

The post 5 tips to avoid a ‘nightmare before Christmas’ appeared first on MediaCenter Panda Security.

]]>
Christmas-nightmare

  • If you’re going away, don’t post details on social networks about where you are or when you’re returning. It’s better not to share this kind of information with others on your Facebook or Instagram account.
  • If you order a taxi for the company’s Christmas party, remember that all the apps on your phone require certain permissions. Sometimes, these can be abusive and reveal more information than you would like.
  • Protect your computer and your Android devices with antivirus software. At Christmas we use these devices more than ever, sending WhatsApp or email greetings, etc. If you want to download a free antivirus, choose the one that best meets your needs and stay safe online this Christmas.
  • Both on your phone and your computer you should only keep installed the applications you really use. We all like to download and try out apps and programs that look interesting, but after some time many of them accumulate without being used. All of these will slow down your system, so get rid of those you don’t use to improve performance.
  • Use your common sense. No one should ask you to send confidential data via email, so when somebody does ask you, you should be suspicious and, obviously, not send any details.

The post 5 tips to avoid a ‘nightmare before Christmas’ appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/tips/5-tips-avoid-nightmare-christmas/feed/ 0
The Snowden effect: Has cyber-espionage changed the way we view security?http://www.pandasecurity.com/mediacenter/security/snowden-effect-cyber-espionage-changed-way-view-security/ http://www.pandasecurity.com/mediacenter/security/snowden-effect-cyber-espionage-changed-way-view-security/#comments Thu, 18 Dec 2014 17:50:29 +0000 http://www.pandasecurity.com/mediacenter/?p=12705 In the history of international espionage in general and specifically in the case of the US National Security Agency (NSA), there has been a turning point. Previously, everyone speculated about the extent to which the USA was monitoring us, yet without there being any clear evidence of this. Who has never thought that someone, somewhere […]

The post The Snowden effect: Has cyber-espionage changed the way we view security? appeared first on MediaCenter Panda Security.

]]>
snowden

In the history of international espionage in general and specifically in the case of the US National Security Agency (NSA), there has been a turning point. Previously, everyone speculated about the extent to which the USA was monitoring us, yet without there being any clear evidence of this. Who has never thought that someone, somewhere was keeping track of all the messages you write on Facebook or in emails?

Thanks to Snowden of course, we know now this is true. The NSA has been spying left, right and center on all the tools that people use every day: data from Microsoft, Facebook, Yahoo, Google, Skype and YouTube were carefully analyzed by the NSA and the FBI. Even Hollywood couldn’t have come up with such a scarcely credible plot. Yet they hadn’t foreseen that Edward Snowden, one of their employees would jump ship and reveal their little secret to The Guardian and The Washington Post

Over a year later, the ex-CIA operative continues to be a famous name. One Internet security survey of more than 20,000 people across 24 countries, organized by the Canadian Centre for International Governance Innovation (CIGI) has revealed that 60% of participants in the survey had at some time heard of Snowden. Germany was the country where most people had heard of him: some 94% of respondents. Not so surprising when you think that Chancellor Angela Merkel had had her phone tapped by US spies.

Some 85% of Chinese citizens also know who Snowden is, and with good reason. He revealed that Washington had been spying for years on China and Hong Kong. Paradoxically, citizens of these countries are more aware of Edward Snowden than those from his native soil: just 76% of Americans know what he did. Kenya is bottom of this particular ranking: just 14% of the population is conscious of just how far the tentacles of the U.S. security agency spread around the globe.

security

In fear of the all-seeing eye of the U.S. ‘Big Brother’, 39% of respondents who knew about Snowden have taken measures to improve their privacy and security because of the scandal. Curiously, citizens of India are those that have been most diligent in protecting themselves (69%), followed by those in Mexico and China. The French, Swedish and Japanese have barely changed their security habits, while in the USA, some 36% have improved their privacy. Perhaps most are resigned to their government’s knowing who they are friends with on Facebook or how many hours they spend playing Candy Crush, as they suppose there is not much they can do about it anyway.

Indirectly, the Snowden case and the widespread paranoia about the possibility that governments are spying on your digital life has had other effects, even for those who weren’t aware. Some two-thirds of respondents confessed to being more concerned about their privacy than a year ago, while 62% say they are aware that government agencies in other countries may be secretly spying on them online. A similar figure, 61%, expressed concern that their own government could be monitoring everything they do on the Web.

It also turns out that we now change passwords more than ever to protect our privacy. Some 39% of respondents claimed they regularly change their passwords, and that they do so more frequently than in the previous year. So even if you have to click the ‘Password reset’ button a hundred times because your brain is unable to remember which digit you changed the last time, at least you won’t feel that someone is reading your confidential data.

Moreover, 43% of respondent confessed to avoiding certain Web pages, just in case, and 73% said that they wanted their personal details and private information stored physically on a secure server.

More than one year on, the Snowden revelations continue to resound in the halls of power and across cyber-space, though it’s rare to see the young IT engineer in the media. He now lives in Moscow, reads Dostoevsky and spends his days watching ‘The Wire’. Revealing that the world is not secure and that the U.S. government has its nose in everyone’s business has led to a life in exile for this brave man, though at least it has served to encourage all of us to improve our security.

If after reading this article your level of paranoia has gone from Def Con 5 to Def Con 1, we remind you that you can also safeguard the privacy of the data on your phone with Panda Mobile Security, our free antivirus for Android.

The post The Snowden effect: Has cyber-espionage changed the way we view security? appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/security/snowden-effect-cyber-espionage-changed-way-view-security/feed/ 0
The five top WhatsApp stories of 2014http://www.pandasecurity.com/mediacenter/social-media/five-top-whatsapp-stories-2014/ http://www.pandasecurity.com/mediacenter/social-media/five-top-whatsapp-stories-2014/#comments Thu, 18 Dec 2014 09:15:13 +0000 http://www.pandasecurity.com/mediacenter/?p=12699 WhatsApp is undoubtedly one of the most popular apps, with few users yet to install it on their smartphones. It is now one of the most widely used types of communications worldwide. This has inevitably led to a continuous stream of news stories in 2014 about WhatsApp, and in particular, about scams that exploit the […]

The post The five top WhatsApp stories of 2014 appeared first on MediaCenter Panda Security.

]]>
whatsapp-news

WhatsApp is undoubtedly one of the most popular apps, with few users yet to install it on their smartphones. It is now one of the most widely used types of communications worldwide.

This has inevitably led to a continuous stream of news stories in 2014 about WhatsApp, and in particular, about scams that exploit the app or the new features introduced to the app.

The five top WhatsApps stories of 2014

1. Facebook buys WhatsApp

Breaking News: Facebook buys WhatsApp. US $19,000 was the incredible amount that changed hands.

However, when the news broke, users’ main concern was how this would affect them. Would user privacy be compromised?

In the end these were just rumors, as so far nothing much has changed.

2. Reading contacts’ chats

The ability to read the chats of your WhatsApp contacts. This was the tempting offer made by a group of cyber-criminals to entice users into their trap.

In this case, it was supposedly an application that would allow you to read your contacts’ messages. In reality however, when you installed it on your device, you would be subscribed to a premium-rate SMS service.

3. WhatsApp reaches 600 million users

In August this year, WhatsApp reached 600 million active users around the world.

This was announced by the CEO and co-founder of the app who was keen to underline that these were active users (those that had used WhatsApp at least once in the previous month), and not just registered users.

This most popular messaging app is also, however, the most popular target for cyber-criminals.

4. WhatsApp Gold, special scam version

One example of the above are the scams that end up subscribing users to premium-rate SMS services. In this case, what they were offering was the ‘Oro’ (Gold) version of WhatsApp with a special design and emoticons.

This app was promoted by cyber-criminals on Twitter. Once again, this was just another lie to scam users, as we reported back in October.

5. Blue Double Check

And the year has ended more or less as it started. With news that was as much welcomed as it was feared. Confirmation that your message has been read now comes in the form of blue check marks.

WhatsApp users were quick to react and the developers were forced to think again. They have now announced that future versions will include the option to remove this feature. No doubt this is good news for many users.

Who would argue that WhatsApp will continue to be an endless source of news in 2015? We’ll be waiting!

The post The five top WhatsApp stories of 2014 appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/social-media/five-top-whatsapp-stories-2014/feed/ 0
The message that can crash WhatsApphttp://www.pandasecurity.com/mediacenter/news/message-can-crash-whatsapp/ http://www.pandasecurity.com/mediacenter/news/message-can-crash-whatsapp/#comments Tue, 16 Dec 2014 10:35:33 +0000 http://www.pandasecurity.com/mediacenter/?p=12691 Warning! The Spanish Civil Guard is warning of a new threat on WhatsApp! Known in Spanish as the “mensaje de la muerte” (the message of death), it only affects Android devices, not iPhones. It works as follows: You receive a text message with Chinese-type characters which, having been copied and pasted to Whatsapp, will crash […]

The post The message that can crash WhatsApp appeared first on MediaCenter Panda Security.

]]>
Warning! The Spanish Civil Guard is warning of a new threat on WhatsApp!

whatsapp-death-message

Known in Spanish as the “mensaje de la muerte” (the message of death), it only affects Android devices, not iPhones.

It works as follows: You receive a text message with Chinese-type characters which, having been copied and pasted to Whatsapp, will crash the application on Android devices. This is particularly dangerous for WhatsApp groups, as it blocks WhatsApp for all group members and deletes the group.

How to resolve the WhatsApp ‘message of death’

  • If received from another user: just delete the chat to resolve the problem.
  • If the message comes through a group, go to “Settings”, “Applications” “Manage Applications”, “WhatsApp”, “Clear Data”. Be aware however that all chats and messages histories for all groups will be deleted.

The post The message that can crash WhatsApp appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/news/message-can-crash-whatsapp/feed/ 0
More controversy for Uber: The app compiles user data without permissionhttp://www.pandasecurity.com/mediacenter/security/controversy-uber-app-compiles-user-data-without-permission/ http://www.pandasecurity.com/mediacenter/security/controversy-uber-app-compiles-user-data-without-permission/#comments Fri, 12 Dec 2014 09:49:57 +0000 http://www.pandasecurity.com/mediacenter/?p=12675 The emergence of Uber has put taxi drivers around the world on red alert. Just this week, the Spanish High Court has ordered the company to cease operations on the grounds of unfair competition with taxi drivers. Yet it’s not just the business model (putting customers in touch with unlicensed drivers) that stretches the limits […]

The post More controversy for Uber: The app compiles user data without permission appeared first on MediaCenter Panda Security.

]]>
uberThe emergence of Uber has put taxi drivers around the world on red alert. Just this week, the Spanish High Court has ordered the company to cease operations on the grounds of unfair competition with taxi drivers.

Yet it’s not just the business model (putting customers in touch with unlicensed drivers) that stretches the limits of legality. The app, which effectively manages requests and responses, also contains some dubious aspects.

This is what a group of IT security researchers have discovered after analyzing how the mobile app works. They have analyzed the code of the Android app in detail and their findings don’t reflect well on Uber.

The study revealed that while users take advantage of the services they offer, the system transmits information about their Internet habits along with certain features of their phone, details that are entirely unrelated to the service.

The San Francisco based ‘start-up’ would seem to be interested in the people its customers are in contact with; it collects data on the length of calls and the phone numbers.

It also gathers information about the apps installed on the device, the free memory space and byte circulation. Similarly, the GPS coordinates and the IP address of the phone are recorded.

taxi

 

The company wants to know what messages (SMS, MMS and emails) are sent and received by users, and suspiciously, the tool reports the malware that the phone is vulnerable to and the security algorithm used on the device. The obvious question is, why would a company that only offers a transport service need all this information about its users?

Some have defended its strategy, claiming that this is an anti-fraud measure to identify fake accounts (competitors could use the app covertly with other intentions). Still, the end doesn’t justify the means. The terms and conditions of the app don’t reflect the entire flow of information that really takes place.

For the moment these experts have only analyzed the app for Android; it’s still unclear whether the same things happen on the iOS version. Nevertheless, it may be best to fear the worst, as Apple is hardly renowned for its discretion.

If you think that after this news Google will be withdrawing the app from its platforms, you’re probably forgetting a small detail -in the form of a bundle of cash. Google Ventures, the branch of the company that invests in new ventures and business opportunities, has financed Uber to the tune of $258 million. It’s unlikely to write that off just for a small problem of privacy.

Uber is not the only app that uses your data without clarifying the reasons. We recently discussed some torch apps that do the same with GPS coordinates, photos and text messages.

You can’t entirely avoid being spied upon, though revelations like these are a wake-up call to be on your guard with respect to the permissions on the apps that you download. It’s common to accept conditions without reading them in the belief that an app must be trustworthy, but all that glitters isn’t gold.

Remember that Panda Mobile Security, our free antivirus for Android, can help you to monitor which personal data on your phone is shared with third-parties.

The post More controversy for Uber: The app compiles user data without permission appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/security/controversy-uber-app-compiles-user-data-without-permission/feed/ 0
The six most infamous attacks of 2014http://www.pandasecurity.com/mediacenter/security/six-infamous-attacks-2014/ http://www.pandasecurity.com/mediacenter/security/six-infamous-attacks-2014/#comments Thu, 11 Dec 2014 15:19:45 +0000 http://www.pandasecurity.com/mediacenter/?p=12669 Dropbox, Paypal, Gmail… There were many technology giants who suffered security problems of one sort or another in 2014. Sometimes, even the best antivirus isn’t enough to protect the files you share with others, but we can offer you an antivirus software that includes a password manager which helps you securely access all your Web […]

The post The six most infamous attacks of 2014 appeared first on MediaCenter Panda Security.

]]>
2014-security-attacks

Dropbox, Paypal, Gmail… There were many technology giants who suffered security problems of one sort or another in 2014.

Sometimes, even the best antivirus isn’t enough to protect the files you share with others, but we can offer you an antivirus software that includes a password manager which helps you securely access all your Web services while only having to remember one master password.

Below we offer a summary of the most infamous attacks of the year, and take the opportunity to remind you to set strong passwords and use them on all your devices.

The six most infamous attacks of 2014

  1. eBay and PayPal, the first to be hit

In May, eBay took us all by surprise when it asked users of PayPal, its online payment platform, to change their passwords.  

The Internet auction site seemingly confirmed that cyber-criminals had accessed, a couple of months earlier, the accounts of some employees.

This, in turn, would have given them access to the company’s internal network, and from there to the database with user names, phone numbers, email addresses and passwords.

They did assure however that neither the bank details nor the credit card data of customers had been compromised.

  1. Hollywood images leaked to the Web

September witnessed one of the most talked about attacks of 2014: CelebGate.

The leaking of nude images of 2013 Oscar winner, Jennifer Lawrence, as well as of other models and actresses via the 4Chan /b/ forum, was the subject of much debate.

jennifer-lawrence-oscar

Apple claimed that the accounts of these celebrities “were compromised by a very targeted attack on user names, passwords and security questions”. A practice “that has become all too common on the Internet”.

This way, Apple denied that the hacking of these accounts was the result of a vulnerability in its iCloud or ‘Find my iPhone’ services.

  1. Theft of five million Gmail passwords

In September, a Russian cyber-security forum published a file with more than five million Gmail account details.

Several experts confirmed that over 60% of the username/password combinations were valid. Google claimed however that the information was outdated, i.e. that the accounts either didn’t exist or were no longer used.

Like Apple, it said there was no evidence that its systems had been compromised.

  1. Viator and user bank details

Also in September, Viator was the victim of a security attack through which cyber-criminals accessed the bank details of its users. Company sources said that the attack took place between September 2 and 3.

It appears that Viator became aware of the hacking thanks to complaints from customers about unauthorized charges on the credit cards used on the service.

credit-card-pc

As you would expect, and to prevent the theft of more data, Viator asked users to change their account passwords and to keep an eye on any transactions charged against their credit cards.

  1. 200,000 Snapchat images

After the invasion of privacy of Hollywood actresses and models, in October, users of Snapchat had the security of their files compromised.

Snapchat is a mobile app for sending photos and images that are deleted between one and ten seconds after the message is read.

Although Snapchat doesn’t store users’ images, another app, Snapsave, available for Android and iOS, does save them, and this enabled the theft of 200,000 photos.

  1. Attack on Dropbox

A user of Pastebin, a meeting point for hackers and IT security specialists, claimed to have obtained the passwords of seven million Dropbox users and, in order to prove this, made some of them public.

On the company’s official blog, Dropbox was quick to announce that it had not been hacked, but that the data had been stolen from other services and consequently used to access its platform.

What does Dropbox advise? Not using the same password for all services and enabling two-step verification.

The post The six most infamous attacks of 2014 appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/security/six-infamous-attacks-2014/feed/ 0
6 tips for shopping online safely at Christmashttp://www.pandasecurity.com/mediacenter/tips/6-tips-shopping-online-safely-christmas/ http://www.pandasecurity.com/mediacenter/tips/6-tips-shopping-online-safely-christmas/#comments Tue, 09 Dec 2014 12:58:07 +0000 http://www.pandasecurity.com/mediacenter/?p=12662 Many of us now prefer to shop online: you can avoid the queues, it’s easier to compare goods and prices… No doubt Christmas is one of the times of the year when most online transactions take place. That’s why we want to offer you some tips for shopping online safely. 6 tips for shopping online […]

The post 6 tips for shopping online safely at Christmas appeared first on MediaCenter Panda Security.

]]>
christmas-online-shoppingMany of us now prefer to shop online: you can avoid the queues, it’s easier to compare goods and prices…

No doubt Christmas is one of the times of the year when most online transactions take place. That’s why we want to offer you some tips for shopping online safely.

6 tips for shopping online safely at Christmas

1. Use a secure WiFi or Internet connection

It’s convenient (and cheaper) to use public WiFi connections that are not password-protected.

When you connect from your house or from the office, you know who is responsible for the network and who else could be connected, but on a public network, anyone else could be connected.

For this reason, it is far better if you are going to make transactions online -such as Christmas shopping- to do so from a secure Internet connection.

2. Keep your computer up-to-date and protected

Bank details are some of the most sensitive data that you can transfer across the Internet and they are essential when making such transactions. If this Christmas you intend to buy any presents online, make sure your computer is up-to-date and properly protected.

How? Keep your operating system updated and use the best antivirus. Take a look, and choose the one that best adapts to your needs.

3. Buy from well-known sites with a good reputation

One of the first things you should do when shopping online is check that the URL of the website coincides with the website where you think you are and that it begins with HTTPS.

Buying only from reputable online stores will help prevent you from falling victim to data or identity theft.

4. Check the privacy and refunds policies

Check their privacy policy. It should be in a visible place and up-to-date.

Can you return the goods? And what if you want to change something, say, for another size? These are also important things to consider when choosing places to shop online.

5. Don’t follow links in emails and ads

At this time of year it’s not unusual to receive thousands of ads for unbeatable offers. Though it’s worth stopping to think if they aren’t just too good to be true. 

Such adverts and email campaigns with offers and fantastic discounts are often used as a tool by cyber-criminalsAvoid phishing scams and don’t fall into the trap.

6. Keep an eye on your credit card transactions

It is also important that after making purchases online you check that all the transactions in your statement are the ones you have made yourself.

If you see anything suspicious, get in touch with your bank.

The post 6 tips for shopping online safely at Christmas appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/tips/6-tips-shopping-online-safely-christmas/feed/ 4
Christmas is coming… And cyber-criminals are on the prowlhttp://www.pandasecurity.com/mediacenter/security/christmas-coming-cyber-criminals-prowl/ http://www.pandasecurity.com/mediacenter/security/christmas-coming-cyber-criminals-prowl/#comments Fri, 05 Dec 2014 13:28:25 +0000 http://www.pandasecurity.com/mediacenter/?p=12658 Christmas is coming, and what could be better this year than doing your Christmas shopping without having to leave home. All you need is a computer, an Internet connection and your credit card. Yet although this is one of the great benefits of the Web, it can also be the perfect trap: It gives certain […]

The post Christmas is coming… And cyber-criminals are on the prowl appeared first on MediaCenter Panda Security.

]]>
Christmas-shopping

Christmas is coming, and what could be better this year than doing your Christmas shopping without having to leave home. All you need is a computer, an Internet connection and your credit card. Yet although this is one of the great benefits of the Web, it can also be the perfect trap: It gives certain types of criminals the chance to steal from a store’s customers without even going near the stop.

Stores’ Web pages receive their customers’ account details in order to complete the online transaction. If a cyber-criminal manages to access the store’s system, they would have access to this information and could exploit it to carry out their own transactions. To prevent this, you should make sure that the website interacts with the platform that your bank has set up in order to purchase online securely.

While such systems are at risk throughout the year, the Christmas period sees a lot more of this type of crime, given the amount of transactions that take place.

However, even if you go physically to the point-of-sale, there are still risks. In 2013, Target, the US retail chain, fell victim to an attack that leaked the credit card details of 40 million customers.

During the store’s Christmas campaign, cyber-criminals used a type of malware that targeted point-of-sale (POS) terminals, infecting the credit card payment systems. Since then, there have been many more such attacks, and the tools used are continually updated.

The strain of malware that hit Target was BlackPOS, a program that exploits a vulnerability to install on computers connected to POS terminals. It identifies the card reader process and steals information from the terminal memory with another malware: RAM Scraper.

online-credit-card

This year another malicious code, FrameworkPOS, is doing the rounds. So far it has been used in attacks aimed at The Home Depot. With this system, cyber-criminals have managed to obtain the credit and debit card details of more than 50 million customers.

According to the Department of Homeland Security, as many as a thousand companies around the United States have been affected by another malicious code, dubbed Backoff, which targets POS terminals. Its effects are similar: It extracts data from the terminals’ memories to obtain card passwords. It infiltrates systems through the file ‘explorer.exe’.

Although there is little that customers can do about the malware that affects POS terminals, companies can take preventive measures. They should make sure that their antivirus solutions are up-to-date, use complex passwords on all devices, check their firewall and use encrypted data transfer systems.

The post Christmas is coming… And cyber-criminals are on the prowl appeared first on MediaCenter Panda Security.

]]>
http://www.pandasecurity.com/mediacenter/security/christmas-coming-cyber-criminals-prowl/feed/ 0