Tag Archives: Urgent

Meltdown and Spectre, behind the first security hole discovered in 2018

The security flaw affects virtually every operating system, in particular those based on Intel, AMD and ARM processors.

2018 could not have had a worse start from a cyber-security perspective as, yesterday, a major security hole was found in Intel, AMD and ARM processors.  The critical flaw discovered in the affected computers’ architecture and operating system has rocked the technology industry, and developers around the world have rushed to roll out fixes.

The vulnerability, leveraged by the Meltdown exploit on Intel systems, is particularly worrying as it can lead to exfiltration of sensitive data such as login credentials, email messages, photos and other documents. It enables attackers to use a malicious process run at user level on the affected workstation or server in order to read other processes’ memory, even that of high-privileged kernel processes.

The flaw can hit home users and virtually every company, as Spectre affects all kinds of computers: desktops, laptops, Android smartphones, on-premises servers, cloud servers, etc. The more critical information handled by a potential victim, the greater the risk to suffer the attack.

Microsoft and Linux have already released updates for their  customers security. We’d like to inform our customers and partners that the tests carried out by Panda Security show that there are no compatibility conflicts between our endpoint security solutions and Microsoft’s security update.

At present, there is no evidence of public security attacks leveraging the flaw, but judging from past experience, it is not at all improbable that we may witness an avalanche of Trojans and spam campaigns attempting to exploit the vulnerability.

How to mitigate the vulnerability

Newer generation processors are not affected by the flaw, however, replacing all vulnerable systems is not a viable option at this time.

For that reason, the only possible countermeasure at this stage is to mitigate the vulnerability at operating system level. Microsoft and Linux are working on or have patches ready that prevent the exploitation of this hardware bug, with Linux being the first vendor to release a fix.

Microsoft, which initially planned to include a patch in the security update scheduled for Tuesday January 9, released a fix yesterday that is already available on the most popular operating systems and will be gradually deployed to all other systems. For more information, please visit this page.

It is worth mentioning that Microsoft’s security patch is only downloaded to target computers provided a specific registry entry is found on the system. This mechanism is designed to allow for a gradual update of systems coordinated with security software vendors. This way, computers will only be updated once it has been confirmed that there is no compatibility issue between the patch and the current security product.

Technical Support

For more information, please refer to the following technical support article . There you will find detailed information about the Microsoft patch validation process, how to manually trigger the patch download, and the way our products will be gradually updated to allow the automatic download of the new security patch just as with any other update.

We’d also like to encourage you to find detailed information about Microsoft’s security update and the potential impact it can have on desktop, laptop and server performance.

Finally, Microsoft, Mozilla and Google have warned of the possibility that the attackers may try to exploit these bugs via their Web browsers (Edge, Firefox and Chrome), and that temporary workarounds will be released over the next few days to prevent such possibility.  We recommend that you enable automatic updates or take the appropriate measures to have your desktops, laptops and servers properly protected.

Cyber-Security recommendations

Additionally, Panda recommends that you implement the following best security practices:

  • Keep your operating systems, security systems and all other applications always up to date to prevent security incidents.
  • Do not open email messages or files coming from unknown sources. Raise awareness among users, employees and contractors about the importance of following this recommendation.
  • Do not access insecure Web pages or pages whose content has not been verified. Raise awareness among home and corporate users about the importance of following this recommendation.
  • Protect all your desktops, laptops and servers with a security solution that continually monitors the activity of every program and process run in your organization, only allowing trusted files to run and immediately responding to any anomalous or malicious behavior.

Panda Security recommends all companies to adopt Panda Adaptive Defense 360, the only solution capable of providing such high protection levels with its managed security services. Discover how Panda Adaptive Defense 360 and its services can protect you from these and any future attacks.

Customers using our Panda Security home use solutions  also enjoy maximum protection as they feed off the malware intelligence leveraged by Panda Adaptive Defense 360, as shown in the latest independent comparative reviews. The protection capabilities of Panda Security’s technologies and protection model are demonstrated in the third-party tests conducted by such prestigious laboratories as AV-Comparatives.

How do these vulnerabilities affect Panda Security’s cloud services?

Cloud servers where multiple applications and sensitive data run simultaneously are a primary target for attacks designed to exploit these hardware security flaws.

In this respect, we’d like to inform our customers and channel partners that the cloud platforms that host Panda Security’s products and servers, Azure and Amazon, are managed platforms which were properly updated on January 3, and are therefore protected against any security attack that takes advantage of these vulnerabilities.

What effect do these vulnerabilities have on AMD and ARM processors?  

Despite the Meltdown bug seems to be limited to Intel processors, Spectre also affects ARM processors on Android and iOS smartphones and tablets, as well as on other devices.

Google’s Project Zero team was the first one to inform about the Spectre flaw on June 1, 2017, and reported the Meltdown bug before July 28, 2017. The latest Google security patch, released in December 2017, included mitigations to ‘limit the attack on all known variants on ARM processors.’

Also, the company noted that exploitation was difficult and limited on the majority of Android devices, and that the newest models, such as Samsung Galaxy S8 and Note 8, were already protected. All other vendors must start rolling out their own security updates in the coming weeks.

The risk is also small on unpatched Android smartphones since, even though a hacker could potentially steal personal information from a trusted application on the phone, they would have to access the targeted device while it is unlocked as Spectre cannot unlock it remotely.

Apple’s ARM architecture chips are also affected, which means that the following iPhone models are potentially vulnerable: iPhone 4, iPhone 4S, iPhone 5 and iPhone 5C. Apple has not released any statements regarding this issue, so it is possible that they managed to fix the flaw in a previous iOS version or when designing the chip.

As for the consequences and countermeasures for AMD processors, these are not clear yet, as the company has explained that its processors are not affected by the Spectre flaw.

We’ll keep you updated as new details emerge.

 

The post Meltdown and Spectre, behind the first security hole discovered in 2018 appeared first on Panda Security Mediacenter.

Read More

Scam Alert: Your Trusted Friends Can Hack Your Facebook Account

how-to-hack-facebook-account

If you receive a message from any of your Facebook Friends asking for urgent help to recover their Facebook account, since they’ve added you as one of their ‘Trusted Contacts‘—just don’t blindly believe it.

Researchers have detected a new Facebook phishing scam that can even trick an experienced technical user into falling victim to the scam, helping an attacker gain access to your Facebook account.

This latest social media scam is abusing “Trusted Contact”—a Facebook account recovery feature that sends secret access codes to a few of your close friends in order to help you regain access to your Facebook account in case you forget your password or lost access to your account.

According to a public security alert published by AccessNow, the attack initiates by an already compromised account of one of your friends, asking for urgent help to get back into his/her Facebook account.

The attacker explains that you are listed as one of his/her Trusted Contacts on Facebook and asks you to check your email for a recovery code and share with the attacker (who’s hiding behind the identity of your friend).

However, in actual, the code you received is not the key to unlock your friend’s account, but instead, the attacker initiated “Forgot my password” request for your account in an attempt to hijack your Facebook account.

Knowing that a friend is in trouble, apparently one would share the code without giving a second thought.

“The new attack targets people using Facebook, and it relies on your lack of knowledge about the platform’s Trusted Contacts feature,” Access Now warns.

You should know Facebook’s Trusted Contacts feature doesn’t work the way this phishing attack suggests. To understand how this feature works, you can head on to this Facebook post.

The Access Now says, “So far we’re seeing the majority of reports [falling victims to this new Facebook phishing scam] from human right defenders and activists from the Middle East and North Africa.”

Although this latest Facebook scam is initiated using a compromised Facebook account of one of your friends, any of your Facebook friend can also intentionally trick you into handing over your Facebook account to them (looking at the way how people accept friend requests sent by anyone on the social media platform).

facebook-trusted-contact

The best way to protect yourself is always to be vigilant to every recovery emails you receive, and read the recovery message or email carefully, even if it is sent by one of your actual friends.

Stay Safe!

Powered by WPeMatico

Equifax hit with a data breach possibly affecting half of the US population

pandasecurity tips equifax data breach

This Thursday Equifax, one of the three major credit bureaus in the US, announced that cyber security incident involving consumer information of nearly half of the population in the US had been spotted on July 29th, 2017. In the press release published yesterday, they stated that based on their internal investigation the data breach began taking place in mid-May, 2017 until it was intercepted on July 29th, 2017. They confirmed the personal information of more than 142 million people had been compromised. The stolen information includes personal information of Equifax consumers such as; full names, SSN, DOB, address, credit card numbers and driver’s license details. The breach includes sensitive personal data of UK and Canadian residents too.

The provider of consumer credit scores confirmed that even though the interference has been terminated, there is still an ongoing investigation about the damages as well as the reason for the data breach. It is not a secret that apart from being a credit bureau Equifax has also been marketing themselves as a “leading provider of data breach services, serving more than 500 organizations with security breach events every day.

This is a disappointing event for our company and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said in an official statement Chairman and Chief Executive Officer, Richard F. Smith.

The Atlanta-based credit bureau created an emergency website that is supposed to be able to provide users with information if their details have been amongst the exposed ones. According to Equifax, all you have to do is fill in your last name as well as the last six digits of your SSN. Sadly, the website does not provide any information if your details have been compromised. Understandingly, the site sparked a wave of negative public reactions because the created website does not provide you with information if you’ve been amongst the victims, but simply adds you to a queue for a free identity theft service subscription that you may be able to get in about 7-10 days.

Things do not look well for Equifax senior team as Bloomberg reported three Equifax execs had sold nearly $2 million in shares in the Atlanta-based credit bureau few days after the breach was discovered. Did they know about the breach when they sold the shares? It is unclear, so we will leave this to the U.S. Securities and Exchange Commission for civil cases and the U.S. Department of Justice for criminal cases to decide.

The percentage of having your details exposed in this data breach is high, so there are a few things you should do immediately;

  • Monitor your bank statements.

    Check your credit card bank statements at least once a week for fraudulent transactions. It only takes a minute to have a quick look.

  • Avoid spoofing websites

    Multiple sites are conveniently offering to check if your details have been part of the breach. Do not use them, only go through sites that are approved by Equifax, i.e., https://www.equifaxsecurity2017.com/

  • Install antivirus software

    Having antivirus software installed on all your devices will add another layer of security to your personal information. Not having antivirus software in such times is utterly irresponsible.

  • Change passwords

    Changing your password needs to happen at least once every three months. The information from this breach combined with the information from other breaches might be exactly what hackers needed to strike.

  • Check your credit reports

    Be vigilant and install an application such as Credit Karma on your phone. Make a habit of checking your credit reports at least once a week and be sure to report fraudulent accounts immediately.

As you can see, no one is fully protected against cyber theft. Experian was a victim back in 2015, Yahoo, LinkedIn, and eBay has had data breaches too. We advise you to be vigilant and to monitor your banking and credit accounts. Never be afraid to report fraudulent account activity!

The post Equifax hit with a data breach possibly affecting half of the US population appeared first on Panda Security Mediacenter.

Read More

Petya: New global ransomware attack

New ransomware attack similar to Wannacry spreads globally

“New global ransomware attack”. This is the message that has been trending on Twitter in the last hours, accompanied by the hashtags #Ransomware and #Petya. A new type of WannaCry on a global scale is attacking businesses all over the world. And, just as in the previous international attack, computers are blocked, while a screen tells the user that their computer will not work until they pay a ransom of 300 dollars in bitcoins.

Petya

The new ransomware attack is affecting users across the globe especially in Ukraine and Russia, where several banks, transport and oil companies have suffered the consequences. However, there is also evidence of companies in Spain, UK, USA and other territories that are victims of this wave of attacks.

Rumors spread fast on the Internet so it is advisable to keep calm and not believe everything that is read on social networks. Therefore, in the event of any eventuality, it is best to ask the system managers if the protection measures are up to date or wait for the IT services of the company in which you work give you some indication. In the meantime, if you want to be informed about how the consequences of the attack evolve, it is important to go to reliable sources, media or companies in the cybersecurity sector, “warns Hervé Lambert, Global Retail Product Manager at Panda Security.

How does the new ransomware work

This new ransomware is a variant of the Petya family, and runs on computers by encrypting certain files, while blocking the boot sector of the compromised system. This prevents the user from accessing their own computer unless they enter an access key, after having paid the ransom, which restores the operating system, as if nothing had happened.

New functionality in this Petya variant is this new cyberattack is able to reboot the PC to show what looks like a ‘chkdsk’ process but is actually encrypting the files on your hard drive. Once all your files are encrypted the PC will then display a DOS-like ransomware screen with the increasing familiar “Ooops, your important files are encrypted” message.

The attack may cause a complete shutdown of the operating system

The attack, which has forced several European banks to suspend their activity, has also hit public services, as in the case of the Ukrainian Government. The Government’s website of this country has experienced several problems.

It is highly recommended to check that the security programs are upgraded, the latest protection features are enabled, updating the operating system and you must also check if the Firewall is enabled.

The post Petya: New global ransomware attack appeared first on Panda Security Mediacenter.

Read More

Are you ready for the next ransomware attack?

Top 5 Tips to Avoid Ransomware Attack #NoWeDontWannaCry

On Saturday, cybercriminals managed to infect businesses from more than one hundred and fifty countries with malicious software. The ransomware was spreading through a fault in the Windows OS. Microsoft immediately issued emergency patches for Windows XP, Windows 8, and Windows Server 2003 and encouraged individuals and businesses to update their systems in an attempt to stop the ransomware from spreading.

However, systems that did not immediately install the new patches continued being vulnerable and kept getting infected. Luckily, on Sunday, a young British researcher found the “kill switch” of the ransomware and managed to shut off the spreading of the malicious software completely. Nearly 250,000 devices were affected, and there were over 200,000 victims of the attack. Experts say that this is just a temporary solution and hundreds of thousands of systems are still vulnerable because many individuals and businesses simply do not update their systems, or do not have antivirus software. Hospitals are vulnerable in particular as having downtime cannot easily be justified.

What you should do to prevent yourself from becoming a victim of ransomware

We’ve created a short list of what should you do to prevent yourself from becoming a victim of ransomware.

  • Update your OS
    Find the time and go to your Windows Action Center and install all recommended OS updates. It only takes a few minutes. There is a reason why Microsoft are issuing these patches; they make your system better. Always keep your system up-to-date.
  • Be vigilant
    There are many ways you get infected with malware such as WannaCry. Do not click on links that you do not recognize and do not open attachments if you are not expecting them. Avoid using P2P services.
  • Create regular backups
    The only way you can have your files back without paying a hefty ransom is by creating regular backups of your data. If you end up being infected, you will wipe your system, and you will restore your old content back.
  • Don’t stay logged as an admin
    Don’t browse when logged as an admin and do not give your employees more rights than they need. Don’t rely on common sense, sometimes employees get carried away, and their internet browsing may end up costing you a lot.
  • Install antivirus software
    Even if you have the latest version of your OS, your connected device is never fully protected unless you have an antivirus software that is keeping it safe. You may find the graph below helpful when you are choosing the right solution for your needs.

    Panda Security is proud to announce that it is one of the only three companies that achieved 100% safety ranking for three months in a row; this means that Panda Security has successfully blocked every threat, over the last three months.

And if you’ve already been affected the question is…

Should you pay the ransom?

No, do not pay the hackers. By paying them, you are encouraging them to continue their activities. You also do not have a guarantee that they will release the files. And you do not know if you will be blackmailed again in the future. You don’t know where the money will go so by paying the ransom you may end up supporting terrorism, or the regime in North Korea.

As mentioned in our post a few weeks ago, it is not worrying that US government is developing tools to infiltrate various systems successfully, the real problem begins when hackers start having access to such tools. Don’t delay it, get protected now!

The post Are you ready for the next ransomware attack? appeared first on Panda Security Mediacenter.

Read More

One billion and one reasons to change your password

After another Yahoo’s data breach find out why you need to strengthen your security

Dear 2016, we want you to please be over already! PLEASE!

In a statement released by Yahoo yesterday they confirmed that there’s been another data breach. According to the press release the leaked information is associated with more than one billion Yahoo user accounts. The incident is different than the one reported few months ago. However, initial examinations suggest both attacks have been performed by the same hackers. There are a few things we recommend you to do right away to avoid becoming a victim of cybercrime. Don’t delay it!

When did this happen?

Yahoo confirmed the incident happened August 2013. Not to be mistaken with the data breach reported on September 22nd earlier this year.

What information was stolen?

No one really knows for sure, however the stolen information may have included personal information such as names, email addresses, telephone numbers, dates of birth, passwords and, in some cases, encrypted or unencrypted security questions and answers.

How is this affecting Yahoo?

In terms of branding and resonance, it’s the latest security blow against the former number one Internet giant. This kind of news won’t help user confidence in the company that has been heavily criticized by leading senators for taking two years to disclose the September 2014 breach. To make matters worse, this new one is from 2013. Yahoo was down more than 2.5 percent in after-hours trading on the Nasdaq in New York.

The company once valued at $125bn will not be sold for more than $5bn to Verizon. The price may go even lower. What make things really bad for Yahoo is that according to BBC, Yahoo knew about the hack but decided to keep quiet… not a smart move.

The good news

Even though your personal information has been circling the dark web for more than 2 years, you may not be affected at all. We are talking about 1 billion accounts – this is a lot of data to process. However, if you don’t change your passwords regularly or if you tend to keep using the same answers on security questions, you may be in danger.

Troublemakers might be able to use the information to get your bank details or commit identity fraud. It’s vital to be self-conscious and protect yourself. And if you do, you don’t have anything to worry about.
Even though Yahoo are working closely with law enforcement and they are doing their best to protect your data, changing your password regularly and installing an antivirus software is a must.

The post One billion and one reasons to change your password appeared first on Panda Security Mediacenter.

Read More