Category Archives: Panda Security

Panda Security

The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017

In order to help consumers get a better idea about the state of the market in cybersecurity, and in turn make the right decision when it comes to shielding their digital life, the independent laboratory AV-Comparatives regularly publishes the results of its “Real-World” Protection Test. Their latest edition, called the Whole Product Dynamic “Real-World” Protection Test, is especially relevant for having compiled results over a five-month span. In this edition, Panda Security received the maximum possible score, outperforming every one of the 20 other vendors that underwent testing.

In the words of AV-Comparatives: “In this test, all protection features of the product can be used to prevent infection” “This means that the test achieves the most realistic way of determining how well the security product protects the PC”. In fact, the methodology they used for this test has itself received numerous awards and recognitions.

Thanks to the innovative technologies that were developed in response to malwares rapid evolution over the last few years, Panda Security offers the most efficient defense against threats such as ransomware and has positioned itself as the strongest ally in prevention, protection, and response in the face of today’s attack trends.

The Test, in Detail

The Real-World Test is recognized by the industry for being the most complete and rigorous of the tests performed by AV-Comparatives, since it provides the most accurate reflection of the protection offered by antivirus solutions available on the market.

Each cybersecurity solution was subjected to a total of 1769 real-time tests between July and November, consisting, for example, in exposure to malicious URLs with drive-by exploits (malware attacks that take effect just by visiting the page) and URLs that linked directly to the malware.

The analysis focused on each software’s ability to “protect systems against infection by malicious files before, during, or after execution”, the authors explain. Observing the security systems in each of these stages gives a more holistic approach to the test, allowing assessors and users to better calibrate the overall effectiveness of security solutions.

In the malware protection test, Panda successfully blocked 100% of samples in the test bench, leading in efficiency and detection ratios, followed by Bitdefender, F-Secure, Tencent, and Trend Micro with 99.9%.

These good results, which have been consistently repeated in recent months, speak to the high protection ratios offered by Panda’s solutions.

Luis Corrons, Technical Director of PandaLabs, had this to say: “We are truly proud of the results that we earned. They are the fruit of years of labor, and seeing how we were able to outperform each and every one of our competitors is a huge reward that is dwarfed only by the greatest reward of all: protecting our clients as no one else is able to do.”

The post The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017 appeared first on Panda Security Mediacenter.

Read More

Bitcoin: definition, hacks and frauds

Despite being around for several years, Bitcoin is suddenly all over the news. You probably already know it is something to do with money, so this article will help to explain what this cyrptocurrency is, why it matters, and how to use it safely.

What is Bitcoin?

Bitcoin works pretty much like every other currency – people can buy goods and services, and money can be traded on the foreign exchange market too. Coins are held in a digital wallet – and encrypted set of files on your computer – and act just like cash when making a payment.

There are some key differences however:

  • Bitcoin is entirely digital – there are no bank notes or coins – so all transactions take place electronically.
  • It is not managed by a central bank like the US Federal Reserve, instead its users maintain a shared control.
  • It uses heavy encryption to verify “money” is genuine, and to protect the identities of buyers and sellers making a transaction.

Why does Bitcoin matter?

Free from the control of central banks Bitcoin is, theoretically, affected less by interest rate rises, or ‘quantitative easing. This makes it very attractive to foreign currency investors.

The fact that this cryptocurrency works exactly like cash makes it very attractive to criminals. Police cannot trace a payment made with a physical £5 in a physical store – and the same is true of its transactions. This is why ransomware demands typically specify payment in Bitcoin.

Bitcoin – a valuable target for theft

Currently this digital currency is not widely used by consumers – but with the increased level of attention being given to the currency, more of us may be tempted to get on board. But there are some important security issues you need to be aware of first.

The digital wallet used to store Bitcoin acts just like your real-world wallet. So if someone steals your digital wallet from your computer, they also steal all the contents – your Bitcoins. Because it is virtually untraceable, there is little chance that the thief will be caught, which is why its theft and fraud is becoming increasingly popular.

On the 7th December, hackers were able to steal 4700 Bitcoin (worth £56 million!) from an online exchange. The criminals were able to break into an employee’s computer and steal crucial data that allowed them to make off with the money – early indications suggest that malware installed on the PC provided the necessary access.

In November, another Bitcoin banking service, Tether, was compromised. Hackers managed to steal nearly $31 million worth of Bitcoin belonging to service users from the bank’s virtual account. The bank has not released details of how the attack was carried out, but again it appears that the issue was caused by one of their computers being compromised.

How to protect yourself

Your digital wallet is key to protecting your digital money. If cybercriminals can steal your digital wallet, or trick you into handing over user names, passwords or encryption keys, you could be robbed.

In reality the principles for staying safe when using cryptocurrency are exactly the same as shopping online. Never give a stranger your Bitcoin account details. And always ensure that your computer is properly protected against hacking and malware using a security solution like Panda Gold Protection. Ready to learn more? Check out our Bitcoin archive.

Download your Antivirus

The post Bitcoin: definition, hacks and frauds appeared first on Panda Security Mediacenter.

Read More

HP laptop owners – act now to avoid being hacked

HP owners need to take immediate action after it was discovered “keylogging” software has been installed by default on more than 460 models of laptop. When enabled, this function could allow hackers to monitor and steal sensitive information like user names and passwords.

What is a keylogger?

A keylogger is a small application that runs in the background, monitoring and recording every pressed on your keyboard. The version installed on affected HP laptops has been bundled with the drivers needed to make the Synaptics touchpad work.

Keyloggers are a very popular form of malware, used by criminals to capture logon details from infected computers. They can then use those details to hack into online accounts to steal money or commit other fraudulent activities.

An honest mistake

Keyloggers do have a legitimate purpose too however. In the case of the HP bug, the keylogging function is used by the Synaptics development team to run various tests and ensure that hardware and software is operating correctly as it is being created.

Normally the keylogging functionality is removed before drivers are released to laptop manufacturers, but in this case it was not. So every machine issued with the buggy drivers also has the keylogger installed.

Don’t panic, but act now

Fortunately, the keylogging function is disabled by default – so your laptop is not currently collecting your sensitive personal data. However, should a hacker gain access to your machine, they can probably enable the logging software.

HP has released an updated set of drivers for laptop owners that removes the keylogging component completely. If you have one of the machines, you should download and install these new drivers (called softpaqs) as soon as possible. There is a list of affected models and download links here.

Increasing personal protection

Normally cybercriminals have to be more creative when installing keyloggers, using the same techniques they rely on for distributing malware and Trojans. These efforts can usually be detected and blocked with a good antimalware solution like Panda Gold.

Another useful tip is to avoid using your hardware keyboard whenever entering very sensitive data. Panda Security provide a ‘virtual keyboard’, where you click letters and numbers on the keyboard displayed on your screen, rather than tapping letters on the physical keyboard. Even if your machine does have an undetected keylogger installed, by avoiding the physical keyboard, it cannot capture anything entered on screen.

Keep your machine fully updated at all times

If your laptop has the option to accept and install manufacturer updates automatically, you should enable it immediately. That way, every software patch released by HP will be applied straight away, reducing the window of opportunity for hackers to compromise your machine – and your personal data.

Learn more about the Panda virtual keyboard and how to protect against keylogger malware by downloading a free trial of Panda Gold Protection today.

 

Download Panda Free Antivirus

The post HP laptop owners – act now to avoid being hacked appeared first on Panda Security Mediacenter.

Read More

What will change after Net Neutrality gets repealed on Thursday?

The potential Net Neutrality repeal is a trending topic in the US

The potential Net Neutrality repeal is continuing to be a trending topic here in the US, and more and more people are starting to realize how the FCC decision is going to affect their lives. We recently covered what Net Neutrality is and how you can cast your vote for or against it. While Net Neutrality repeal has been accompanied by predominantly negative media coverage and the topic has sparkled furious conversations amongst hundreds of thousands of people from all over the world, this Thursday the Republican-dominated FCC will repeal Net Neutrality. Rather than pouring gasoline on the fire, we decided to accept the democratic decision and put down a list of things that will most likely change after the repeal.

Small businesses and artists

When Net Neutrality gets repealed, internet providers will lawfully be able to give priority to specific sites over others. What this means for artists is that if Verizon and SoundCloud start disagreeing at some point in the future, you may not be able to access the music website from your devices. Mobile carriers and ISPs will have the power to render websites such as Netflix and SoundCloud useless. If you are a small business owner who relies massively on Facebook advertising, you may have to start looking for a different platform to promote your business as people may not be able to access it freely and its popularity will decrease. Verizon is pushing a video platform called go90, so you may have to move from YouTube to go90. You may have to start using the Aol search engine instead of Google. If you are a website owner, you may have to pay a premium to ISPs if you want them to allow users with normal internet speeds to your website.

Increased bills

While we keep in mind that tech giants such as Facebook and Google may have to end up forking some cash to sweeten their relationships with ISPs, this may have an impact on your pocket as they will have to find a way to justify the new expense. This can come in various forms, you may have to pay additional $5 to your wireless carrier if you want to be able to access Facebook, or Facebook may have to end up charging its users for the service. If Net Neutrality gets repealed on Thursday, your new home internet bill might start looking similar to your Verizon Wireless bill – ISPs will stop being treated as utility bills. This is an equivalent of giving SoCal Edison the ability to charge you more for electricity used by a Samsung fridge vs. a fridge manufactured by Whirlpool.

User experience

After the Net Neutrality repeal, loading an Amazon page may not be as easy as it is right now. Your connection will depend on the relationship between the two companies. The internet provider of your choice will have the power to slow down your connection to sites that are on their naughty list. You may be taking for granted the fast speeds that you have now – soon it may take you minutes to load your favorite online magazine. ISPs will not breach your first amendment; they will simply make you wait more unless you, or the website, pay them.

Monopoly

One of the perks of living in the free world is the fact that if a company decides to abuse their power over its clients, these clients are free to leave and look for a better solution. If you are lucky enough to live in densely populated areas, you most likely have access to a few ISPs so you can pick and choose. If you live in a place where there are just one or two broadband providers, then you most likely should not be happy to see the Net Neutrality repealed as you will not have other options but to pay what you are being asked. And we all know that nowadays, the internet is not a luxury but a necessity.

Twilight of modern Internet

Currently, there are many websites expressing their protest against the so-called ‘twilight of the modern internet’ and want ISPs to continue being treated as utility companies. Others are glorying the decision to repeal Net Neutrality as this will “restore the internet freedom” for Internet providers and telecom companies. Whatever their decision is, we all will have to respect it – tech companies such as Google, Amazon, and Facebook have been tracking your online steps and internet habits for years, now a few more big names such as Verizon Wireless and Comcast will simply join the crowd and get their piece of the pie.

The post What will change after Net Neutrality gets repealed on Thursday? appeared first on Panda Security Mediacenter.

Read More

What Will the CISO of the Future Look Like?

As the cyber landscape evolves, the role of the CISO (Chief Information Security Officer) is transforming. Managers at companies of varying size are more aware of the importance of cybersecurity than ever before, and, therefore, CISOs are increasingly present on the boards of directors. The new business context due to disruptive technological developments (such as the Internet of Things and the rise of the cloud), together with growing threat levels, requires security managers to face various changes, such as aligning with business objectives to respond to security needs. Although the profile of a CISO is still technical, its link to business objectives requires specific capabilities and a broaderbusiness vision.

New Responsibilities for a New CISO

With the increase in cyberattacks and the danger of sensitive data leaks looming over companies, the work of the new CISO takes on a role never before seen. According to a study by the Ponemon Institute, 67% of CISOs are responsible for establishing their company’s security strategies and initiatives. This figure indicates an increasing level of influence, confirming that the CISO goes from being a simple guardian of the IT area to a trusted adviser in the upper echelons of organizations.

In the above mentioned study, 60% of respondents said that their organization considers security as one of their priorities. The ability to prevent and respond to attacks is now of great importance for companies, which begin to value the tasks of the CISO to promote awareness and provide adequate training in cybersecurity among the staff, as well as investments in cybersecurity  tools to detect possible threats.

The integration between business and technology taking place with the digital revolution is creating a more complex ecosystem for companies and their employees dedicated to security. The CISO must now act according to business demands and assuming the same objectives as other executives of the company.  69% of the respondents in the Ponemon study consider that the appointment of a security director with corporate responsibility is fundamental for the company. The CISO of the future must report its activities within the organization, assume budget and compliance challenges, and implement business tactics driven by business objectives.

And let’s not forget their responsibility toward ensuring the availability of IT services at all times, as well as their airtight grip on data. In this way, the new CISO must reduce the imminent risk of data leaks, protecting the privacy of users and consumers, and complying with new regulations, such as the GDPR.

From Technician to Leader

Most security officers have a technical profile related to studies in computer science. It makes sense, taking into account the need to understand programming and work closely with your team on a technical level. However, the CISO of the future must have business vision and be able to influence the direction the company takes, with leadership skills and interpersonal and strategic communication. The CISO of the future must also be able to draw up plans and models of operations that contribute to the brand, including not only the technical side of cybersecurity but also its essential human side.

The CISO has made its way into organizations after years of being considered an afterthought, and this recognition must be welcomed by security experts as an exciting challenge. This evolution, which now requires an amalgam of technical, legal, regulatory and communicative knowledge, demonstrates the shift towards a global ecosystem much more aware of the importance of cybersecurity. It’s time to reinvent yourself and accept that the traditional IT role no longer exists. Are you ready to be the CISO of the future?

The post What Will the CISO of the Future Look Like? appeared first on Panda Security Mediacenter.

Read More

What is a botnet?

Botnets have become one of the biggest threats to security systems today. Their growing popularity among cybercriminals comes from their ability to infiltrate almost any internet-connected device, from DVR players to corporate mainframes.

Botnets are also becoming a larger part of cultural discussions around cyber security. Facebook’s fake ad controversy and the Twitter bot fiasco during the 2016 presidential election worry many politicians and citizens about the disruptive potential of botnets. Recently published studies from MIT have concluded that social media bots and automated accounts play a major role in spreading fake news.

The use of botnets to mine cryptocurrencies like Bitcoin is a growing business for cyber criminals. It’s predicted the trend will continue, resulting in more computers infected with mining software and more digital wallets stolen.

Aside from being tools for influencing elections and mining cryptocurrencies, botnets are also dangerous to corporations and consumers because they’re used to deploy malware, initiate attacks on websites, steal personal information, and defraud advertisers.

It’s clear botnets are bad, but what are they exactly? And how can you protect your personal information and devices? Step one is understanding how bots work. Step two is taking preventative actions.

How Do Botnets Work?

To better understand how botnets function, consider that the name itself is a blending of the words “robot” and “network”. In a broad sense, that’s exactly what botnets are: a network of robots used to commit cyber crime. The cyber criminals controlling them are called botmasters or bot herders.

Size Matters

To build a botnet, botmasters need as many infected online devices or “bots” under their command as possible. The more bots connected, the bigger the botnet. The bigger the botnet, the bigger the impact. So size matters. The criminal’s ultimate goal is often financial gain, malware propagation, or just general disruption of the internet.

Imagine the following: You’ve enlisted ten of your friends to call the Department of Motor Vehicles at the same time on the same day. Aside from the deafening sounds of ringing phones and the scurrying of State employees, not much else would happen. Now, imagine you wrangled 100 of your friends, to do the same thing. The simultaneous influx of such a large number of signals, pings, and requests would overload the DMV’s phone system, likely shutting it down completely.

Cybercriminals use botnets to create a similar disruption on the internet. They command their infected bot army to overload a website to the point that it stops functioning and/or access is denied. Such an attack is called a denial of service or DDoS.

Botnet Infections

Botnets aren’t typically created to compromise just one individual computer; they’re designed to infect millions of devices. Bot herders often deploy botnets onto computers through a trojan horse virus. The strategy typically requires users to infect their own systems by opening email attachments, clicking on malicious pop up ads, or downloading dangerous software from a website. After infecting devices, botnets are then free to access and modify personal information, attack other computers, and commit other crimes.

More complex botnets can even self-propagate, finding and infecting devices automatically. Such autonomous bots carry out seek-and-infect missions, constantly searching the web for vulnerable internet-connected devices lacking operating system updates or antivirus software.

Botnets are difficult to detect. They use only small amounts of computing power to avoid disrupting normal device functions and alerting the user. More advanced botnets are even designed to update their behavior so as to thwart detection by cybersecurity software. Users are unaware they’re connected device is being controlled by cyber criminals. What’s worse, botnet design continues to evolve, making newer versions harder to find.

Botnets take time to grow. Many will lay dormant within devices waiting for the botmaster to call them to action for a DDoS attack or for spam dissemination.

Vulnerable Devices

Botnets can infect almost any device connected directly or wirelessly to the internet. PCs, laptops, mobile devices, DVR’s, smartwatches, security cameras, and smart kitchen appliances can all fall within the web of a botnet.

Although it seems absurd to think of a refrigerator or coffee maker becoming the unwitting participant in a cyber crime, it happens more often than most people realize. Often appliance manufacturers use unsecure passwords to guard entry into their devices, making them easy for autonomous bots scouring the internet to find and exploit.

As the never-ending growth of the Internet of Things brings more devices online, cyber criminals have greater opportunities to grow their botnets, and with it, the level of impact.

In 2016, a large DDoS attack hit the internet infrastructure company Dyn. The attack used a botnet comprised of security cameras and DVRs. The DDoS disrupted internet service for large sections of the country, creating problems for many popular websites like Twitter and Amazon.

Botnet Attacks

Aside from DDoS attacks, botmasters also employ botnets for other malicious purposes.

Ad Fraud

Cybercriminals can use the combined processing power of botnets to run fraudulent schemes. For example, botmasters build ad fraud schemes by commanding thousands of infected devices to visit fraudulent websites and “click” on ads placed there. For every click, the hacker then gets a percentage of the advertising fees.

Selling and Renting Botnets

Botnets can even be sold or rented on the internet. After infecting and wrangling thousands of devices, botmasters look for other cybercriminals interested in using them to propagate malware. Botnet buyers then carry out cyber attacks, spread ransomware, or steal personal information.

Laws surrounding botnets and cybercrime continue to evolve. As botnets become bigger threats to internet infrastructure, communications systems, and electrical grids, users will be required to ensure their devices are adequately protected from infection. It’s likely cyber laws will begin to hold users more responsible for crimes committed by their own devices.

Botnet Structures

Botnet structures usually take one of two forms, and each structure is designed to give the botmaster as much control as possible.

Client-server model

The client-server botnet structure is set up like a basic network with one main server controlling the transmission of information from each client. The botmaster uses special software to establish command and control (C&C) servers to relay instructions to each client device.

While the client-server model works well for taking and maintaining control over the botnet, it has several downsides: it’s relatively easy for law enforcement official to location of the C&C server, and it has only one control point. Destroy the server, and the botnet is dead.

Peer-to-peer

Rather than relying on one centralized C&C server, newer botnets have evolved to use the more interconnected peer-to-peer (P2P) structure. In a P2P botnet, each infected device functions as a client and a server. Individual bots have a list of other infected devices and will seek them out to update and to transmit information between them.

P2P botnet structures make it harder for law enforcement to locate any centralized source. The lack of a single C&C server also makes P2P botnets harder to disrupt. Like the mythological Hydra, cutting off the head won’t kill the beast. It has many others to keep it alive.

Botnet Prevention

It should be clear by now that preventing botnet infection requires a comprehensive strategy; one that includes good surfing habits and antivirus protection. Now that you’ve armed yourself with the knowledge of how botnets work, here are some ways to keep botnets at bay.

Update your operating system

One of the tips always topping the list of malware preventative measures is keeping your OS updated. Software developers actively combat malware; they know early on when threats arise. Set your OS to update automatically and make sure you’re running the latest version.

Avoid email attachments from suspicious or unknown sources

Email attachments are a favorite source of infection for many types of viruses. Don’t open an attachment from an unknown source. Even scrutinize emails sent from friends and family. Bots regularly use contact lists to compose and send spam and infected emails. That email from your mother may actually be a botnet in disguise.

Avoid downloads from P2P and file sharing networks

Botnets use P2P networks and file sharing services to infect computers. Scan any downloads before executing the files or find safer alternatives for transferring files.

Don’t click on suspicious links

Links to malicious websites are common infection points, so avoid clicking them without a thorough examination. Hover your cursor over the hypertext and check to see where the URL actually goes. Malicious links like to live in message boards, YouTube comments, pop up ads, and the like.

Get Antivirus Software

Getting antivirus software is the best way to avoid and eliminate botnets. Look for antivirus protection that’s designed to cover all of your devices, not just your computer. Remember, botnets sneak into all types of devices, so look software that’s comprehensive in scope.

With the Internet of Things increasing, so too does the potential for botnet size and power. Laws will eventually change to hold users more responsible for the actions of their devices. Taking preventative action now will protect your identity, data, and devices.

The post What is a botnet? appeared first on Panda Security Mediacenter.

Read More

New Study Shows “Fake News” Part of Parents’ Concerns about Online Activities

Controversies around “fake news” sites aren’t just nightly news fodder or political footballs. As it turns out, they’re new additions to the list of parental fears, sitting alongside computer viruses, social media, and online sexual predators.

Parents today aren’t just worried about their kids watching internet porn. Many are concerned their child will read a Breitbart article or watch a video on CNN.

Panda Security’s exclusive analysis of U.S. parents reveals what they fear the most when it comes to websites, online activities, and apps.

  • More than twice as many parents consider right-wing website Breitbart unsafe for children than CNN.
  • 20 percent of parents think CNN is not safe for their kids.
  • 47.9 percent of parents think Breitbart is unsafe for children.
  • 75.9 percent of parents think anonymous sharing is a danger to kids.
  • More parents block Facebook (5.9 percent), YouTube (5.8 percent), Netflix (4.3 percent), than they do Pornhub (2.5 percent).
  • 54.2 percent of parents are most concerned about sexual predators online.
  • 37.1 percent of parents concerned about sexual predators haven’t spoken to their kids about it.

We surveyed 1,000 U.S. parents to determine the websites, apps, and activities that most concern them when it comes to their children.

Parents Are Worried About Some Of The Web’s Most Popular Sites


Of our total sample of respondents, 90.1 percent ranked Pornhub as “Very Unsafe” or “Somewhat Unsafe”. Our analysis also shows some major social media sites as a source of concern for many parents. 47.0 percent of parents view Facebook as unsafe, while Reddit received the same rating from 46.1 percent of respondents.

Video streaming websites like YouTube and Netflix also ranked as concerning to parents. 36.7 percent of parents said YouTube was a safety concern while 15.5 percent also felt the same about Netflix.

Parents also considered news sites like CNN and Breitbart as a threat to their children. 20.5 percent felt concerned about CNN while 47.9 percent reported Breitbart News as somewhat or very unsafe.

For parents who felt “Very Safe” or “Somewhat Safe” towards specific websites, Amazon ranked first with 71.4 percent. More parents said they felt Netflix (69.9 percent) was safer than Wikipedia (65.5 percent).

More Parents Blocked YouTube than Pornhub

Our analysis showed there was a disconnect between parental concern and parental action. We found more parents reported blocking video websites like YouTube (5.8 percent) and Netflix (4.3 percent) than they did porn sites like Pornhub (2.5 percent).

One reason why parents may be blocking sites like YouTube and Netflix more than Pornhub is that parents may consider excessive screen time more concerning and more likely than specific content like pornography. Parents may feel the chances of their children finding/watching adult content too remote for concern, especially if the children are very young.

However, a University of New Hampshire survey of 1,500 internet-using youth between the ages 10 and 17 showed 42 percent of them had been exposed to online pornography in the past year. Of those, 66 percent reported unwanted exposure.

Parents Overwhelmingly Think Anonymous Online Sharing Is Unsafe for Kids


Of the seven online activities we listed, “anonymous sharing” was the online activity most concerning to parents. 75.9 percent reported feeling “somewhat unsafe” or “very unsafe” when it came to their kids and anonymous sharing.

The data suggests app developers need to include better parental controls for monitoring or stopping anonymous sharing activities of children.

Anonymity could factor into the perceived safety of social media sites. While there’s a good amount of safety concern among parents for a social website like Facebook (47 percent), it’s even more for 4chan (58.4 percent)—a site where anonymity is more prevalent.

Social networking was the second most unsafe online activity with 57.2 percent followed by “video sharing/watching” at 56.6 percent. A larger percentage of parents reported feeling concerned about video sharing than reported being concerned about the video sharing website YouTube.

Parents Are Worried About How Their Kids Get News


Our analysis shows 47.9 percent of the total pool of respondents who had heard of the right-wing website Breitbart rated it “somewhat unsafe” or “very unsafe”. That’s compared to 20.5 percent that responded the same to the more centrist Cable News Network. 8.1 percent said they considered both websites a safety concern when it came to their children.

Wikipedia also ranked as somewhat or very unsafe to 12.2 percent of parents. “Fake news” controversies and growing concerns about biased information are threatening the legitimacy of some online information sources like Wikipedia.

Parents Are Very Concerned About Sexual Predators


Of the six options presented, 52.4 percent of parents chose “sexual predation online” as their top online concern for their children. 14.3 percent chose “Maintaining online privacy” followed by “online bullying” at 11.8 percent.

More Than a Third of Parents Don’t Talk To Their Kids About Online Sexual Predation


While 52 percent of parents reported sexual predation as their primary concern, 37 percent of those said they hadn’t spoken to their children about the topic in the past year. Among parents who reported online bullying as their primary concern, a similar percentage hadn’t spoken to their children about the topic, at 33 percent.

For less emotionally and physically dangerous concerns like “Computer Viruses” and “Hidden Fees in Online Apps”, the percentage of all parents who expressed concern, but hadn’t spoken with their children, was even higher (54 percent and 43 percent, respectively).

Among parents most concerned about maintaining online privacy, 44 percent of parents overall hadn’t discussed the topic. The numbers suggest the threat of online privacy and identity theft is being perceived as a similar to hidden app fees.

Cyberbullying Is Being Underrated By Parents As A Concern


Our analysis shows parents biggest fears aren’t reflective of actual prevalence rates. Of the total group, 54.2 percent of parents said sexual predation online was their biggest concern while 11.8 percent said the same for online bullying. Sexual predation is defined as any person using the internet for the express purpose of targeting a minor to perform non-consensual sex acts.

Compared to sexual predation, cyberbullying occurs much more frequently for children. The prevalence rate for sexual predation online is only 13.0 percent. In contrast, a 2016 study commissioned by the Cyberbullying Research Center found 33.8 percent of U.S. high school students between the ages of 12 and 17 said they had experienced cyberbullying. Examples of cyberbullying can include sending threatening or hurtful texts, posting embarrassing photos or video, and/or spreading rumors.

Methodology

Panda Security conducted an online survey of 1,000 U.S. parents.
Our survey was designed to gather from parents four different types of data:

  • Demographic
  • Level of concern for specific websites, online activities, and apps
  • Actions they’ve taken to address their concerns.
  • Their knowledge level of their child’s online activities, friends, and passwords.

We wanted to discover what parents were the most concerned about and what they were doing to address those concerns, either directly (e.g. blocking content) or indirectly (e.g. discussing issues with their children).

Our approach to analyzing the data was to determine if there was a correlation between the level of concern and amount of reported activity.

The post New Study Shows “Fake News” Part of Parents’ Concerns about Online Activities appeared first on Panda Security Mediacenter.

Read More

Computer Security Day 2017: The Current State of Cybersecurity

Thursday 30th November marks the 29th Computer Security Day – an unofficial “holiday” used to raise awareness of cybersecurity issues that affect us all. At the most basic level, people across the world are encouraged to take the opportunity to create new strong passwords.

The annual Computer Security Day is also a useful chance to assess wider cybersecurity implications, and how well industry and individuals are protecting themselves.

So, what is the current state of IT security?

Security is more complex than ever

Every day new devices are added to home networks, most of which also connect to the Internet. From smart heating thermostats to remote controlled blinds and games consoles, technology is becoming part of the very fabric of our homes. And if smart speakers like Amazon’s Alexa and Apple’s HomePod sell as well as expected this Christmas, the home network is going to become busier (and more complicated) than ever.

The only drawback to all these devices is that they increase the number of potential attack points for cybercriminals. In the past, hackers would only have the option of breaking into your home PC. But with so many network connected devices to choose from, hacking in has actually become easier.

Security is not being prioritised by manufacturers

In the rush to sell their products as quickly as possible, some manufacturers are cutting corners. The software powering these devices often contains bugs and security holes that can be used by hackers to gain access. Once connected to the device, they can then attack other more important devices, like your laptop or PC.

Where there are decent security provisions on the device, owners are making basic mistakes that place their network at risk. As always, poor passwords are the biggest problem, making the hacker’s job even easier. If you have network connected devices at home, use this Computer Security Day to update all of those passwords too.

We are getting better at cybersecurity

Networks may be more complex than ever, but our security options are also improving. Most home routers used to connect to the Internet now include firewall functions to keep hackers out for instance. And the tools used to detect and remove malware are also improving daily.

In fact, anti-malware is the last line of defence when it comes to protecting your personal data. If hackers do manage to break through defences and compromise network-connected devices like webcams and smart speakers, anti-malware will stop them accessing your computers where the really valuable personal information is held.

If you do nothing else this Computer Security Day, please take a few minutes to download and install a free copy of Panda Antivirus for your PC. You should also take the opportunity to protect your smartphone too – download a free copy of Panda Mobile Security today.

The post Computer Security Day 2017: The Current State of Cybersecurity appeared first on Panda Security Mediacenter.

Read More

3 Poor IT Practices that Endanger Companies

An attack perpetrated by a criminal, a malicious or negligent action taken by an employee… The causes of security incidents can be very diverse. And, according to a recent study by Ponemon Institute, 28% are caused by poor IT practices. In many cases, these failures are due to limited security policies that do not cover all possible risks. By overlooking certain tasks and processes, IT teams are exposing the vulnerabilities of their companies. In this post, we will highlight three key aspects that should be adequately monitored by the security officers of any company.

Neglecting printers is dangerous

This seemingly harmless device can endanger your corporate network. It is worth remembering that printers are also sophisticated storage devices, and that they usually have a longer lifespan than any of our connected devices. According to a study by Spiceworks, only 16% of IT managers believe that printers are vulnerable to security breaches, a figure significantly lower than that corresponding to computers and mobile phones.

Since printers store sensitive document data, it is convenient to delete and review their content periodically. Also, if you stop updating the printers’ firmware, they can become an attack vector (especially if they are connected to the central corporate network). Different types of attacks could allow cybercriminals access to insecure printers, obtaining the documents that have been printed, analyzing network traffic, and even obtaining user information and passwords.

Do you know what applications your employees are using?

Another risk is not knowing what cloud services employees are using. It is important to perform a Shadow IT study and evaluate the dangers implied by applications and services not expressly authorized by security teams. According to an EMC study, annual losses that can be traced back to Shadow IT have reached up to 1.7 trillion dollars. Many organizations are unaware that their employees use services and applications outside of those put at their disposal by the company itself, increasing the blind spots and, therefore, the attack surface of the company.

To stave off malicious behavior, it is essential to monitor corporate network activity and have complete visibility of the software and applications employees are using.  These are crucial characteristics of a security system that is able to act against apps that could endanger the company’s sensitive information or intellectual property. It is very important to educate employees, but also to design policies that can satisfy their needs and prevent them from authorizing services in an insecure way, or by “taking the back door”. Likewise, IT professionals must evaluate each and every service and application, preventing access to those that are dangerous with infrastructural protocols (such as firewalls and proxies).

What if an employee loses their company phone?

The loss of corporate devices, whether mobile phones, computers, tablets, etc., should be extremely disconcerting for any IT professional. In a Tech Pro Research survey, when asked about the company’s weakest link in terms of cybersecurity, 45% answered that the most vulnerable point was mobile devices. To protect against collateral damage from loss or theft, ideally all corporate devices would be encrypted. IT administrators must ensure that contained on them is not compromising, and that these devices can only access corporate information through a VPN. And, in case of loss, administrators should have the ability to block it remotely.

By permitting mobile devices to install applications, even versions authorized by the operating system, you are, figuratively speaking, placing a door where there used to be a wall. It is important to ensure that the IT team has an identifiable base of all mobile systems connected to the corporate network and that, if possible, vulnerability tests and remote control may be performed to analyze penetration levels.

These are just three examples of areas that IT teams must take care to address. Ignoring these good practices can open the door to security incidents that cause considerable economic impact. In a context in which external threats are growing in number and complexity, avoiding risks by implementing basic protocols should be an obligation for every IT professional.

The post 3 Poor IT Practices that Endanger Companies appeared first on Panda Security Mediacenter.

Read More