Tag Archives: Panda Security

Your Company’s IT Resources are a Mine for Hackers

Blockchain technology was invented in early 2009 to support bitcoin, a new digital currency with a clear objective: make transactions without the need for traditional intermediaries. Invented by the enigmatic Satoshi Nakamoto, bitcoin kicked off the cryptocurrency boom. But as society’s interest in cryptocurrencies has grown, so has criminal interest, creating headaches for companies’ security departments.

The rise of cryptojacking

Mining cryptocurrency is necessary for the system to work. Mining consists of a series of computations performed to process transactions made on blockchains. It creates new cryptocurrency and confirms transactions along the blockchain network. To create more cryptocoins, it is necessary to mine them. Without mining, the system would collapse.

Many users themselves have begun mining cryptocurrencies as a way to make money. Miners perform mathematical operations to verify transactions, and to do so, they use special software. Therefore, for mining to be lucrative, it is necessary to have a great deal of computational power. To make money from mining, cybercriminals are turning to cryptojacking.

Cryptojacking consists of the unauthorized use of a user’s devices to mine cryptocurrency. Basically, attackers make use of malware to hijack computers, tablets or smartphones, for example, and use them to covertly mine cryptocurrency. The user will probably note some lag in their device, but won’t be aware that it’s due to an attack attemping to mine cryptocurrency. One of the most common techniques consists in taking control of the victim’s CPU or GPU from a website infected with malware to mine cryptocurrency, such as what happened recently with YouTube. In this case, the advertising agency DoubleClick was victim of an attack that hid a Coinhive cryptojacking script in the code of YouTube advertisements. Coinhive is the most commonly used script to carry out these types of attacks. A study by security researcher Troy Mursch detected 50,000 new infected websites with cryptojacking scripts, with 80% of them using Coinhive.

Another attack technique consists in using Microsoft Word’s online video function, which allows users to insert videos in documents without the need to embed them. In this case, attackers take advantage of this feature to insert malicious scripts and to covertly take control of the power of the victim’s CPU.

Background theft

Cryptocurrency has become the gold of the 21st century. As a result, we are set to see more attacks attempting to mine cryptocurrency. Now that IT teams and state security forces have their eye on ransomware attacks, cybercriminals are opting for more secure methods to make a buck and have begun stealing IT resources to mine.

The difficulty in detecting this type of attack is making it one of cybercriminals’ preferred methods to illegally line their pockets. These attacks are also becoming increasingly sophisticated in order to affect the greatest number of devices possible. The more computational power they steal, the faster they can mine. This is giving rise to attackers fighting each other over CPU resources. Cybercriminals are including a mechanism in their code to detect competing miners and eliminate them in order to take complete control over the CPU’s resources.

That’s why companies are becoming the prime objective of attackers in 2018. If they get access to a corporate network, they have an enormous amount of resources available to them.

How can a company protect itself from cryptojackers?

These attacks have serious consequences for businesses. The most evident consequence comes from stealing CPU cycles which can slow down systems and networks, putting business and the general system availability at risk. Furthermore, once a company has been attacked, it is likely that a lot of time, money and effort will be required to get rid of and correct the problem. Intensive cryptocurrency mining can also have financial repercussions for a company, as electricity bills can be quite a bit higher due to the high energy demand.

Additionally, these attacks can wreak havoc on corporate devices. If mining is performed over a prolonged period of time, devices and their batteries can experience extreme overheating which can the devices.

Of course, one should also not forget that being a victim of cryptojacking means that an attacker has gotten through security systems and has obtained control of the company’s devices, putting the company’s data privacy at risk.

To be protected from a possible cryptocoin mining attack, one should follow these security measures:

  • Perform periodic risk evaluations to identify vulnerabilities.
  • Regularly update all systems and devices.
  • Adopt advanced cybersecurity solutions that allow for a detailed visibility of activity on all endpoints and control all running processes.
  • Create a secure browsing environment, installing extensions that hinder cryptocurrency mining.

The post Your Company’s IT Resources are a Mine for Hackers appeared first on Panda Security Mediacenter.

Read More

Satori and the Latest Botnets to Wreak Havoc on the IoT

The number of connected devices is increasing at a staggering pace. Statista estimates that by 2025, that number will reach up to 75.4 billion globally, assuring their presence in practically every sector. This rapid increase is creating security concerns, especially in relation to recent botnets like Satori, which infect devices with cryptocurrency mining software.

In this post, we take a look at some of the most dangerous botnets, as well as some of the ways that they can be combatted to protect the IoT.

Risks posed by IP cameras

As we commented in a previous blogpost, the ease of installation and low costs have popularized IP cameras, causing many companies and security providers to opt for them instead of traditional CCTV systems. But like any other IoT device, they are susceptible to being hacked remotely.

This risk is exploited by the Hide ‘N Seek (HNS) botnet. This network of bots is capable of infecting a series of devices through a specific Peer-to-Peer (P2P) protocol, using the Reaper vulnerability. Your current version can receive and execute various types of commands to extract data, execute code, or cause interference in device operations. In an attack detected in January of this year, more than 20,000 infected devices were registered, the majority of them IP cameras.

Stolen cryptocurrencies

Satori is a modified version of the Mirai open source botnet. This botnet is also capable of remotely controlling connected devices. In fact, Mirai was involved in distributed denial of service (DDoS) attacks that paralyzed DNS provider Dyn in 2016. Since Dyn was the provider of companies such as Amazon, Netflix and Twitter, Mirai managed to paralyze much of the internet for a few hours.

But Satori is capable of much more: last January it was discovered that a variant exploits a vulnerability of the Claymore Miner cryptocurrency program. After taking control of the software, Satori replaces the address of the user’s wallet with a wallet controlled by the attacker. The attacker then receives all the user’s cryptocurrencies and the user is none the wiser until they review the software configuration manually.

Hacked routers

The Masuta botnet is another creation of the Satori authors. In this case, Masuta takes advantage of the routers’ vulnerabilities in two different ways. On the one hand, they access devices using the factory configuration credentials, in a similar way to the Mirai botnet. On the other hand, the PureMasuta variant uses an old bug found in the Home Network Administration Protocol (HNAP). Fortunately, fewer and fewer router models maintain this protocol by default.

How to stay protected against botnets

As with any network, our connected devices can never achieve absolute invulnerability, but we can prevent possible attacks and be better prepared for when they are directed at our devices through specific recommendations for each case.

If we want to install a surveillance system, it is advisable to use cameras connected by cables instead of wireless. A wireless network multiplies the options for attackers to introduce some type of malware into the system. It is also preferable to maintain an in-house server to manage the data of the surveillance system (instead of using an externalized server). In this way, the likelihood of unauthorized access to the system is greatly reduced.

With regard to cryptocurrencies, the safest activity to manage them is their storage in a physical wallet (hardware devices similar to a pen drive that are connected by USB). These wallets store private keys and make it possible to sign transactions without exposing them.

As for routers, the best recommendation against attacks by botnets that use old vulnerabilities is to make sure that they have the latest firmware updates and use more modern and secure protocols, such as the upcoming WPA3.

Finally, as a general recommendation, it is necessary to monitor the traffic of your company’s network at all times to avoid unauthorized access. For this, solutions such as Panda Adaptive Defense 360 give you absolute control of all data on the corporate network, monitoring, registering, and categorizing 100% of all active processes. The best way to avoid being attacked by a botnet is to have visibility of everything that happens on your company, minimizing attack vectors.

The post Satori and the Latest Botnets to Wreak Havoc on the IoT appeared first on Panda Security Mediacenter.

Read More

Panda Security Summit on Advanced Security

On May 18th, Panda Security will host its inaugural summit on cybersecurity in the Teatro Goya (Goya Theatre) in Madrid. It will be a meeting point for all CSOs and CISOs across Europe. The Panda Security Summit (PASS2018) is a one-day conference comprising five different talks and various workshops. At the event, we will address issues of protection and threats along all parts of the security chain, hearing points of view from analysts, public institutions and private companies.

At the conference, we will talk about the necessary basic tools for a company to achieve the highest level of security possible, going beyond detection and responses to threats. We will speak about the importance of being a resilient company from a cybersecurity point of view. But how can one recover after suffering a setback?

We will discuss the importance of having a good strategy that addresses prevention, detection, containment and response, as well as talk about how companies can learn and adapt, with examples that show the importance of studying the entire cycle to be able to survive in today’s environment.

Five talks on attacks, protection and much more

We will look at issues ranging from the latest in attacks and protection to the overall state of cybersecurity. In the same vein, attendees will learn about what strategies for cyber-resilience are employed by governments, large companies, SOCs and individuals.

In addition to our speakers, we will hear from important names in the industry such as: Ian McShane, Research Director a Gartner; Javier Candau, Head of the Spanish National Cryptologic Center; Carles Solé, CISO at CaixaBank; and Nicola Esposito, Director of the CyberSOC EMEA Center at Deloitte.

These talks will focus on important issues in the world of cybersecurity and will present a strategic vision. Attendees will also be encouraged to take part in the conference by talking about the main challenges they face.

PandaLabs Report

We will will also release a new report from PandaLabs. The findings from this new study are based on key concepts of cyber-resilience. This report addresses how a company can be resilient in today’s complicated environment.

From the report, we will reveal, among other things, a ranking of the most resilient countries, how threats have evolved and how defense systems have adapted to new threats. The report also details the state of international cybercrime and cyberwarfare as well as figures on attacks against individuals and companies we have seen and are set to see in the coming months.

Workshops: Cyber kill chain, threat hunting and other trends

To top it all off, after the speeches we will hold several cybersecurity workshops. At the workshops, attendees will learn how to make their company cyber-resilient and be prepared for new threats.

Workshop topics will include the cyber kill chain as well as more advanced topics such as threat hunting. The workshops will close out the summit.

After more than 28 years of providing security solutions, Panda Security is hosting its inaugural summit on cybersecurity. Are you gonna pass this opportunity up?

An not-to-be-missed event for all cybersecurity professionals. Managing change helps an organization to become resilient, and the Panda Security Summit will be an event that will change your perspective. Don’t miss the the first edition of this event. Sign up here.

The post Panda Security Summit on Advanced Security appeared first on Panda Security Mediacenter.

Read More

AV-Comparatives Awards Panda Security with Gold for 2017 Performance

Today, Wednesday February 7, the independent laboratory AV-Comparatives celebrated the annual Awards Ceremony for manufacturers of IT security solutions that have undergone their rigorous tests over the course of the year. In 2017, Panda Security achieved the highest level of protection in the Real-World Protection Test, leading to the accomplishment of taking home the gold for the Security Awards of the same year.

Real-World Protection Test, the most demanding assessment 

In 2017, the independent laboratory AV-Comparatives submitted 21 computer security products for Windows to a rigorous investigation. All programs were tested for their ability to protect against real-world threats, identify thousands of recent malicious programs, provide protection without slowing down the PC, and remove malware that has already infected a device.

“AV-Comparatives’ Real-World Protection Test is one of the most challenging antivirus software tests there is. It simulates a typical user browsing the Internet. [It] is unique in the fact that it runs fully automatically, meaning no other testing lab can test against the same huge number of threats. Logging, screen video recording and sandboxing are all completely automated,” according to Andreas Clementi, founder and CEO of AV-Comparatives.

In order to distinguish products that achieve outstanding scores in the tests, the laboratory holds an annual awards ceremony. Panda has been recognized, among other things, for its ease of installation and use, a value which is further cemented by the excellent results obtained in the last 12 months.

The acknowledgments Panda Security received  in 2017 are the following :

“Real World Protection 2017 Gold Award” and “Approved Security Product” for its Panda Free Antivirus solution focused for homeusers and  for Adaptive Defense 360, the advanced cybersecurity solution for companies, respectively.

Initially focused on the creation of antivirus software, the company has expanded its line of business towards advanced cybersecurity services with technologies for the prevention of cybercrime.

With protection solutions and systems management and control tools, Panda Security will direct its actions both in the corporate market for companies and for domestic users. Its products are available in more than 23 languages for its more than 30 million users in 190 countries around the world.

AV-Comparatives: industry leaders in independent cybersecurity testing

AV-Comparatives is an independent, highly reputable organization and an established testing authority. Their analyses are focused on checking whether security software, such as PC-based antivirus products and mobile security solutions, fulfill their promises to users. Being certified by AV-Comparatives is highly valued by the industry and by customers.

The post AV-Comparatives Awards Panda Security with Gold for 2017 Performance appeared first on Panda Security Mediacenter.

Read More

Panda Security Appoints Juan Santamaría as New Chief Executive Officer

The Board of Directors have appointed Juan Santamaría, who for the past year had been serving as General Manager, as the new CEO of Panda Security. With this commitment, Santamaría will boost the company’s global business and consolidate its presence in the market as leaders in the sector of cloud-based advanced cybersecurity solutions.

“It’s an exciting project to push the company further at a time when its technology positions itself once again as a leader in the sector, a project that I’m taking on with very much enthusiasm, respect, and full dedication.” Juan Santamaría.

He holds a bachelor’s degree in Economics and Business Studies from the Complutense University of Madrid and an Executive MBA from INESE. He also holds a Master’s Degree in Financial Management and Control from IE Business School and completed a Private Equity Venture Capital program at Harvard Business School.

Juan Santamaría

Santamaría has a solid track record in running technology companies, with expertise in investment management in the field of ICT. He is a member of the board of directors of several technology companies such as Altitude Software, BKOOL and Kiuwan, where he has collaborated as an executive director before taking up his current position. Previously he was CFO of Sopra Profit, consultant at Gartner and executive Director at Logtrust.

José Sancho, president of Panda Security, said in a statement: “the addition of Juan is evidence of a commitment to the evolution of the company at a global level. Becoming the axis of management for the success of our advanced cybersecurity solutions, he will shape Panda Security’s technological and commercial program that, already, is taking on a revolutionary momentum in the international market. ”

His successful career has opened the door to his new position at Panda Security at a time of exponential growth for the company. His goal will be to maintain the quality and level of strategic relationships achieved so far, without losing the focus on the technological development applied to its cybersecurity solutions.

Fernando García Checa, former CEO of Panda, said: “Juan has a strong knowledge of Panda, is deeply involved in the project, and has made great strides as General Manager in 2017, achieving some of the highest numbers the company has seen in many years”.

The post Panda Security Appoints Juan Santamaría as New Chief Executive Officer appeared first on Panda Security Mediacenter.

Read More

6 Things We Should Have Learned in 2017

This past year we bore witness to the sophistication of cyberattacks and their vertiginous growth. If we look at what happened in security in 2017, there are quite a few lessons that we should heed to, especially for businesses. These six lessons will help us to avoid making the same mistakes this year.

  1. Our response to incidents is as important as preventing them

One of the most important events of last year was the Uber incident. It came to light that Uber had concelead the fact that data corresponding to 57 million users had been pirated at the end of 2016. As the Uber CEO acknowledged, the criminals downloaded a database from servers used by Uber containing the personal information of users (name, email, and phone number) and data relating to 600,000 drivers in the United States. To prevent the attack from coming to light, the company paid the hackers $100,000.

The data theft at Equifax was the biggest hack of sensitive personal data in history. An organized group of cybercriminals took advantage of a security breach within their web application to steal information on 143 million customers, taking their social security numbers, postal addresses and even driving license numbers.

Whereas failure to notify users of the breach led to some legal entanglement for Uber (made worse by their payout to hackers), in the case of Equifax, their inconsistent statements about the vulnerability and their post-breach lack of commitment to consumers demonstrate a highly unprofessional approach.

To avoid situations like these, it is crucial for security updates to be a part of your business strategy — and notifying authorities, though unpleasant, should always be the first step to take after a breach. What happened at Uber can also teach us another lesson: sharing credentials via code is not such a great idea. This bad practice is what gave hackers access to the servers, having obtained the credentials thanks to the code that Uber developers published on Github.

  1. Attacks are not just a matter of malware

Not everything is ransomware (although, if you follow cybersecurity in the media, it may sometimes feel that way). With malwareless attacks, attackers assume the identity of the administrator after having obtained their network credentials using non-malicious tools on the company’s devices. Malwareless attacks are sure to be a trend in 2018, so we would do well to learn from these cases.

PandaLabs detected a case in which the attackers used Sticky Keys to sneak through the back door, accessing the computer without entering credentials. This remote access can then be monetized by generating online traffic that can be sold to third party websites or by auctioning access to the compromised machines. Another example is the use of Powershell for cryptocurrency mining.

To combat these attacks, advanced tools combined with Threat Hunting methods based on user behavior are essential. Monitoring the corporate network in real time and giving visibility to the activities in the teams, we can discover what legitimate tools are being violated and protect our companies.

  1. Secure passwords do not have to be hard to remember

Despite the suggestions of Bill Burr, which for years governed the policy of password creation in the online environment, a secure password should not be difficult to remember. This year we learned that even those that combine alphanumeric, uppercase and lowercase, and special characters can often be guessed by a computer. Given that human behavior is predictable, computer algorithms allow cybercriminals to detect weaknesses and patterns, and with them they manage to decipher our passwords.

In 2017, we witnessed a radical change in the recommendations of the National Institute of Standards and Technology (NIST) to create a secure password. Now we are encouraged to use compound sentences with random words that are easy for us to remember; that way, a bot or a computer can not crack the password by means of countless combinations. The password, then, can still be easily remembered by the user, but it will be difficult for a cybercriminal to decipher it.

  1. The malware tries to go unnoticed

Malware is growing exponentially. PandaLabs registered 15,107,232 different malware files that had never been seen before. Only a small part of ¡ total malware is truly widespread. That is, most malware changes every time it infects, so each copy has a very limited distribution and always tries to go unnoticed.

Having a limited life, the malware attacks the smallest possible number of devices to reduce the risk of being detected. In this sense, it is essential to choose an advanced cybersecurity platform to recognize and respond to attacks in real time.

  1. Be quick to implement patches

When it comes to patches, it’s never too early. The idea is to implement a method of action according to the characteristics of the architecture of our company (its systems, services and applications) in which we evaluate the implications of patching >(or failing to patch). Once this is taken into account, acting quickly is essential. Equifax, to give just one example, was first attacked in May 2017 because they hadn’t patched a vulnerability detected in March.

  1. Neglecting Shadow IT can be very expensive

The systems, solutions and devices used in a company, but which have never been explicitly recognized by the organization, are known as Shadow IT. This enemy in the shadows represents an overwhelming number of blind spots for the security of the company, since it is very difficult to protect something whose existence we aren’t even aware of. According to an EMC study, annual losses caused by Shadow IT reach up to 1.7 trillion dollars. Therefore, it is necessary to design affordable policies that cover the needs of workers, preventing them from resorting to unauthorized solutions. Prioritizing security awareness and evaluating why users turn to applications and tools not provided by the company could even help to improve workflows.

To start the year on the right foot, we can take 2017, internalize it, and move forward. External threats continue to grow, so our attention to basic tasks and lessons learned should do so in turn.

The post 6 Things We Should Have Learned in 2017 appeared first on Panda Security Mediacenter.

Read More

Panda Security named a Visionary in Gartner Magic Quadrant for Endpoint Protection Platforms

Panda Security was named a Visionary in the Gartner 2018 Magic Quadrant for Endpoint Protection Platforms1.

Panda Security as a Visionary

The report’s evaluation is based on their completeness of vision and their ability to execute.

According to Gartner, “Visionaries deliver in the leading-edge features — such as cloud management, managed features and services, enhanced detection or protection capabilities, and strong incident response workflows — that will be significant in the next generation of products, and will give buyers early access to improved security and management. Visionaries can affect the course of technological developments in the market, but they haven’t yet demonstrated consistent execution. Clients pick Visionaries for best-of-breed features.”

We feel that Gartner has recognized our products unique value proposition and encourage you to view a complimentary copy of the full report.

According to the report, “In the past 12 months, EPP solutions have continued on track to consume features from the EDR market, and some of the traditionally pure-play EDR vendors have continued to bolster their solutions with protection capabilities more often found in EPP. This trend of playing catch-up from two directions has resulted in a slew of vendors with similar capabilities and with little to differentiate themselves. Those that do differentiate do so with managed features backed by automation and human analysts; a focus on cloud-first management and reporting, and improving the operational side of IT with a focus on vulnerability protection and reporting; and, most importantly, pushing full-stack protection for EPP and EDR use cases to organizations of all sizes.”

Adaptive Defense is the only solution available on the market that offers the full protection of a traditional antivirus, white listing, and protection against advanced threats all in one.

As stated in the Gartner research report, “Predicts 2018: Security Solutions”2: “By 2019, 45% of enterprises will manage data loss by leveraging CASBs and using encryption and EDRM techniques.”

“Panda Security is honored to be recognized as a Visionary in Gartner’s Magic Quadrant for Endpoint Protection Platforms as we strive to keep our customers protected against malware and non-malware attacks and turn endpoint activity data into insights and actionable intelligence. We believe this recognition is a proof of our success in achieving our mission and we look forward to bringing new innovative solutions and services in the space of advanced threat prevention, detection, investigation and threat response to Panda Security’s and our Channel Partners’ portfolio.”

– Juan Santamaria Uriarte, CEO, Panda Security

Read a complimentary copy of the 2018 Magic Quadrant for Endpoint Protection Platform

Panda Security’s Cloud-Based Solution for Organizations

Panda Adaptive Defense 360 is Panda Security’s cloud-based solution that provides, in a single lightweight agent, the highest level of Endpoint preventive Protection, Detection and Response, reducing drastically the exposure surface to any kind of malware and non-malware attacks.

Its EDR capabilities are achieved thanks to the complete behavior visibility of all endpoints, users, files, processes, registries, memories and networks. On top of these EDR capabilities, Panda Adaptive Defense 360 provides two unique, out-of-the-box services:

  1. The 100% Attestation Service that provides the highest level of prevention ever, simply by allowing to run only those applications validated in real time by Panda without delegating the responsibility to administrators.
  2. And the Threat Hunting and Investigation Service that detects, contains and responds to any threats that were able to bypass other security controls.

All this takes place on Panda Adaptive Defense’s Cloud Platform that allows a seamless deployment and management on all endpoints inside and outside the network from a single console while reducing the total cost of setup and running.

According to Gartner in its research report, “Redefining Endpoint Protection for 2017 and 2018”3, “Organizations should pay particular attention to solutions that include managed services (or perhaps more accurately described as “managed features”) like threat hunting or file classification — those that reduce the administrative workload by automation and orchestration, and those that focus on lowering the knowledge and skills barrier through built-in contextualized threat hunting assistants, guided response tools and easy-to-understand-and-use user interfaces.”

Panda Security has been independently tested, with other EPP vendors, by AV-Comparatives with a consistent 100% detection rate during the last 6 months in a row.

1 Gartner, Magic Quadrant for Endpoint Protection Platforms, Ian McShane Eric Ouellet Avivah Litan Prateek Bhajanka, 24 January 2018.

2 Gartner, “Predicts 2018: Security Solutions”, Dale Gardner, Deborah Kish, Avivah Litan, Lawrence Pingree and Eric Ahlm, 15 November 2017.

3 Gartner, “Redefining Endpoint Protection for 2017 and 2018,” Ian McShane, Peter Firstbrook, Eric Ouellet, 29 September 2017.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post Panda Security named a Visionary in Gartner Magic Quadrant for Endpoint Protection Platforms appeared first on Panda Security Mediacenter.

Read More

Panda Security and everis Join Forces to Improve Clients’ Cybersecurity

Panda Security has signed a collaboration agreement with everis Aerospace, Defense and Security to offer its clients advanced cybersecurity services. The alliance between the two companies will allow Panda Security to combine its renowned intelligent workplace protection technology with everis’s broad and specialized offer in cybersecurity.

Within the framework of this agreement, the two companies are introducing the Integral Enterprise Defense solution: a new and exclusive external monitoring, management, treatment, analysis, evaluation and cybersecurity consulting service for customers using Panda Adaptive Defense. This solution will give Panda Security customers the advantages of having the support of a highly specialized cybersecurity team without having to make a major investment.

Integral Enterprise Defense offers a combination of high value added services. It allows real-time analysis of data collected directly from the computers protected by Panda Adaptive Defense and continuously monitors for potential cyber threats.

At the same time, it makes everis’s cybersecurity team available to the client. This expert team offers support and advice on aspects such as the management of security alerts, regulatory compliance and the new GDPR regulation, data analysis, and proposals for action plans.

The solution to advanced cyber threats

According to Juan Santamaría, General Manager of Panda Security, “the collaboration between Panda Security and everis will offer effective protection against known and unknown threats to customers thanks to the perfect combination of security solutions and services. This cooperation will allow the most advanced computer security services provided by everis to apply Panda Adaptive Defense’s intelligent cybersecurity technology, protecting its own digital infrastructures and business fabric from the increase in advanced cyber threats. ”

For Miguel Ángel Thomas, partner responsible for the area of ​​cybersecurity in everis, the signing of this agreement is welcome news that will contribute to reinforcing the position of the company as a provider of advanced cybersecurity services. According to him, “the collaboration between everis and Panda allows us to offer new and innovative solutions to our customers to improve their security and that of their employees”.

The post Panda Security and everis Join Forces to Improve Clients’ Cybersecurity appeared first on Panda Security Mediacenter.

Read More

From 1980 to 2018: How We Got to the GDPR

In 1980, the Organization for Economic Cooperation and Development, or OECD, established frameworks to protect privacy and personal data. From then until now, we have experienced several profound changes in legislation, notably the EU Data Protection Directive. Now in 2018, the General Data Protection Regulation, or GDPR, will begin to take on its true value, as May of this year will be when the adaptation period will be over.

The first moves toward a data protection law

The development of the OECD Guidelines, stemming from the need to adapt the already obsolete OEEC, was the first step to committing the thirty-five participating countries to mutual respect and clarity in the transfer of information.

As the importance of the Internet and data grew and became global, the OECD guidelines established the first comprehensive personal data protection system in all its member states.

These guidelines were based on eight principles to ensure that the interested party was notified when their data were collected; that this data was used for the stated purpose and for nothing else; that, in addition, these purposes were defined at the time of collection; that your data would not be disclosed without your consent; that the data record be kept secure; that the interested party be informed of everything; that they could access their data and make corrections; and, finally, that the interested party had at their disposal a method to hold the data recorder accountable for not following said principles.

And then came the data protection framework

In 1995, it was time to update the regulation of personal data and its management. Directive 95/46/EC of the European Union, also known as DPD, or Data Protection Directive, was a step forward that included the eight OECD guidelines and extended the application in a context where privacy was much more important.

But the fundamental change was in the legal section. Specifically, the OECD guidelines consisted of the Council’s recommendations regarding the guidelines that govern the protection of privacy and the cross-border flow of personal data and, therefore, non-binding.

Directive 95/46/EC changed this aspect, providing more concise definitions and specific areas of application. Although the directive itself is not binding for citizens, the member states had to transpose the local directives before 1998. This modification was also intended to create an administrative homogeneity and an equal legal framework for all member states.

Adopting the GDPR

Despite the considerable efforts involved in the implementation of the Data Protection Directive, in just a decade the progress proved to be insufficient. One of the main criticisms of the previous directive was the limited control of the interested parties over their data, which includes their transfer outside the European area.

This directly involves multinationals and large companies that were able to take advantage of the deficient framework of the previous directive for their own interests. To resolve this, in 2016 the adoption of the General Data Protection Regulation, or GDPR, was approved.

Since then, and until May 2018, everyone has had time to adapt to the regulations. The most remarkable thing about the GDPR is that, unlike the previous directives, it does not require local legislation, homogenizing, once and for all, legislation regarding protection within the member states and companies that work with EU citizens’ information, inside and outside of this region.

Is your company ready?

The European Union foresees that the application of the GDPR will suppose sanctions of up to twenty million euros or 4% of turnover of the previous period for non-compliance. Now that we are in the final stretch, it is convenient to determine whether our company is prepared to meet the challenges.

All companies that collect and store the personal data of their employees, customers and suppliers residing in the EU are affected. This is important if we take into account that 80% of the data handled by the organizations is unstructured.

The increase of confidential data stored in an array of databases puts protection in the spotlight. Cyberattacks could lead to a serious sanction. Good practices in Data Security Governance are the key to mitigating these risks and ensuring compliance.

Luckily we have tools such as Panda Adaptive Defense and Panda Adaptive Defense 360, which have a Data Control module to help with such tasks. This tool is specialized in simplifying the management of this personal data since it discovers, audits and monitors in real time the complete life cycle of these files. And do not forget that keeping up with the GDPR is an active and meticulous process, but one which can be simplified and automated if with the right help. Don’t wait until May!

The post From 1980 to 2018: How We Got to the GDPR appeared first on Panda Security Mediacenter.

Read More

Meltdown and Spectre, behind the first security hole discovered in 2018

The security flaw affects virtually every operating system, in particular those based on Intel, AMD and ARM processors.

2018 could not have had a worse start from a cyber-security perspective as, yesterday, a major security hole was found in Intel, AMD and ARM processors.  The critical flaw discovered in the affected computers’ architecture and operating system has rocked the technology industry, and developers around the world have rushed to roll out fixes.

The vulnerability, leveraged by the Meltdown exploit on Intel systems, is particularly worrying as it can lead to exfiltration of sensitive data such as login credentials, email messages, photos and other documents. It enables attackers to use a malicious process run at user level on the affected workstation or server in order to read other processes’ memory, even that of high-privileged kernel processes.

The flaw can hit home users and virtually every company, as Spectre affects all kinds of computers: desktops, laptops, Android smartphones, on-premises servers, cloud servers, etc. The more critical information handled by a potential victim, the greater the risk to suffer the attack.

Microsoft and Linux have already released updates for their  customers security. We’d like to inform our customers and partners that the tests carried out by Panda Security show that there are no compatibility conflicts between our endpoint security solutions and Microsoft’s security update.

At present, there is no evidence of public security attacks leveraging the flaw, but judging from past experience, it is not at all improbable that we may witness an avalanche of Trojans and spam campaigns attempting to exploit the vulnerability.

How to mitigate the vulnerability

Newer generation processors are not affected by the flaw, however, replacing all vulnerable systems is not a viable option at this time.

For that reason, the only possible countermeasure at this stage is to mitigate the vulnerability at operating system level. Microsoft and Linux are working on or have patches ready that prevent the exploitation of this hardware bug, with Linux being the first vendor to release a fix.

Microsoft, which initially planned to include a patch in the security update scheduled for Tuesday January 9, released a fix yesterday that is already available on the most popular operating systems and will be gradually deployed to all other systems. For more information, please visit this page.

It is worth mentioning that Microsoft’s security patch is only downloaded to target computers provided a specific registry entry is found on the system. This mechanism is designed to allow for a gradual update of systems coordinated with security software vendors. This way, computers will only be updated once it has been confirmed that there is no compatibility issue between the patch and the current security product.

Technical Support

For more information, please refer to the following technical support article . There you will find detailed information about the Microsoft patch validation process, how to manually trigger the patch download, and the way our products will be gradually updated to allow the automatic download of the new security patch just as with any other update.

We’d also like to encourage you to find detailed information about Microsoft’s security update and the potential impact it can have on desktop, laptop and server performance.

Finally, Microsoft, Mozilla and Google have warned of the possibility that the attackers may try to exploit these bugs via their Web browsers (Edge, Firefox and Chrome), and that temporary workarounds will be released over the next few days to prevent such possibility.  We recommend that you enable automatic updates or take the appropriate measures to have your desktops, laptops and servers properly protected.

Cyber-Security recommendations

Additionally, Panda recommends that you implement the following best security practices:

  • Keep your operating systems, security systems and all other applications always up to date to prevent security incidents.
  • Do not open email messages or files coming from unknown sources. Raise awareness among users, employees and contractors about the importance of following this recommendation.
  • Do not access insecure Web pages or pages whose content has not been verified. Raise awareness among home and corporate users about the importance of following this recommendation.
  • Protect all your desktops, laptops and servers with a security solution that continually monitors the activity of every program and process run in your organization, only allowing trusted files to run and immediately responding to any anomalous or malicious behavior.

Panda Security recommends all companies to adopt Panda Adaptive Defense 360, the only solution capable of providing such high protection levels with its managed security services. Discover how Panda Adaptive Defense 360 and its services can protect you from these and any future attacks.

Customers using our Panda Security home use solutions  also enjoy maximum protection as they feed off the malware intelligence leveraged by Panda Adaptive Defense 360, as shown in the latest independent comparative reviews. The protection capabilities of Panda Security’s technologies and protection model are demonstrated in the third-party tests conducted by such prestigious laboratories as AV-Comparatives.

How do these vulnerabilities affect Panda Security’s cloud services?

Cloud servers where multiple applications and sensitive data run simultaneously are a primary target for attacks designed to exploit these hardware security flaws.

In this respect, we’d like to inform our customers and channel partners that the cloud platforms that host Panda Security’s products and servers, Azure and Amazon, are managed platforms which were properly updated on January 3, and are therefore protected against any security attack that takes advantage of these vulnerabilities.

What effect do these vulnerabilities have on AMD and ARM processors?  

Despite the Meltdown bug seems to be limited to Intel processors, Spectre also affects ARM processors on Android and iOS smartphones and tablets, as well as on other devices.

Google’s Project Zero team was the first one to inform about the Spectre flaw on June 1, 2017, and reported the Meltdown bug before July 28, 2017. The latest Google security patch, released in December 2017, included mitigations to ‘limit the attack on all known variants on ARM processors.’

Also, the company noted that exploitation was difficult and limited on the majority of Android devices, and that the newest models, such as Samsung Galaxy S8 and Note 8, were already protected. All other vendors must start rolling out their own security updates in the coming weeks.

The risk is also small on unpatched Android smartphones since, even though a hacker could potentially steal personal information from a trusted application on the phone, they would have to access the targeted device while it is unlocked as Spectre cannot unlock it remotely.

Apple’s ARM architecture chips are also affected, which means that the following iPhone models are potentially vulnerable: iPhone 4, iPhone 4S, iPhone 5 and iPhone 5C. Apple has not released any statements regarding this issue, so it is possible that they managed to fix the flaw in a previous iOS version or when designing the chip.

As for the consequences and countermeasures for AMD processors, these are not clear yet, as the company has explained that its processors are not affected by the Spectre flaw.

We’ll keep you updated as new details emerge.


The post Meltdown and Spectre, behind the first security hole discovered in 2018 appeared first on Panda Security Mediacenter.

Read More