Antivirus For Mac: Is It Really Necessary?

Antivirus For Mac: Is It Really Necessary?

pandasecurity-mac-antivirus

The last few days have been intense for Apple fans. Last week, Apple’s Worldwide Developers Conference took place, where they presented the company’s new hardware and software. The “bitten apple” went into depth about their new operating systems for iPhone, Mac, Apple Watch and Apple TV but… what about security-related updates?

Following the horrible San Bernardino attack from last December, a controversial topic stemmed regarding the attacker’s iPhone.Apple’s case against the FBI initiated a dispute between user privacy and government access to personal data.

Meanwhile, other giants in the sector, like Facebook and Google, showed their support for Apple by promising to implement more effective encryption tools in the future. WhatsApp was the first to use end-to-end encryption.

Now Tim Cook presents a new file system called APFS, the Apple File System, which incorporates a new encryption system that gives developers multiple options like leave something unencrypted, encrypt it with a unique password, or encrypt it with multiple passwords. The Apple File System is already available online for developers and the new version will leave HFS system and improve security and data encryption.

Why is my Mac vulnerable to advanced threats?

Despite efforts of large security companies, the truth is that no operating system is 100% reliable. Apple computers are not the Macintosh systems that we once knew. Years ago, they had a safety-guarenteed reputation, with a different and solid operating system than others. At that time, hackers targeted computers with Windows operating systems, however, as Apple’s popularity has grown, so have the malicious-code-making hackers. Mac OS X is no longer impregnable and needs mac antivirus software.

In the recent PandaLabs’ Q1 report, experts discussed the latest threats directed specifically towards Apple operating systems. One example of this is the highly powerful ransomware based on Encoder, called KeRanger, which managed to infect Apple users at the beginning of 2016. We all remember the major Trojan attacker flashback and Browlock, also known as the Police Virus or Shellshock. All of the previously mentioned examples confirm that attacks on Mac OS X are growing.

While it is true that the number of threats in the Mac’s operating system are lower than other platforms (such as Windows) we must be aware of the importance of an effective antivirus for Mac in order to fully enjoy our Apple computers. Enough excuses, let’s start preventing viruses!

To make Tor work better on the web, we need to be honest about it

To make Tor work better on the web, we need to be honest about it

To make Tor work better on the web, we need to be honest about it

Posted by   Martijn Grooten on   May 6, 2016

[Original Post: HERE]

If you regularly browse the web through the Tor network, you will have noticed that many websites are either inaccessible, or have strong barriers (in the form of difficult CAPTCHAs) put in front of them.

In a blog post, ‘The Trouble with Tor’, CloudFlare CEO Matthew Prince, whose company is responsible for many of these CAPTCHAs, explains that this isn’t a deliberate measure against Tor, but that his company is in the business of protecting websites from abuse, and CAPTCHAs are automatically put in place if a lot of abuse is seen from a particular IP address. Apparently, 94% of the requests CloudFlare sees through the Tor network are malicious.

Although it is not clear what exactly is measured to derive this figure, last year Akamai came to a similar conclusion in its State of the Internet report (pdf), in which it said that HTTP requests made through Tor were 30 times as likely to be malicious as those not made through the Tor network. Anecdotal evidence from people whose job it is to protect websites confirms this: blocking Tor is often a simple and effective way to stop certain attacks.

torcloudflarecaptcha.png

The problem for Tor here is that the Internet is still largely built on IPv4, whose size of roughly four billion addresses is small enough to be stored in a blacklist, yet large enough to ensure that different people almost always use different IP addresses. And thus, whether it is for blocking spam or malicious web traffic, keeping a list of IP addresses that have engaged in abuse and putting barriers in front of subsequent requests from those addresses is an effective way to mitigate a lot of abuse.

Tor routes traffic through a small number of exit nodes, which means that websites can’t track users by their IP address, while the Tor Browser (the recommended way to use Tor on the web) removes most other ways of tracking users. A consequence of this is that Tor users share each other’s reputation. Unfortunately, many people use Tor to do bad things, so this reputation often isn’t particularly good.

Tor, understandably, doesn’t concern itself with the content of the traffic; it would be impossible for it do so without compromising its security. From Tor’s point of view, therefore, no traffic is ‘bad’. However, in the case of website security, it is fair to say that bad traffic is that which the site owner doesn’t want to receive.

It is often suggested that websites that put barriers in front of Tor traffic don’t care about privacy or anonymity. With perhaps a few exceptions, this misses the point. For a website owner, putting such barriers in place is often a sensible security decision that stops a lot of abuse while hurting relatively few people.

If we want to make the web more accessible through Tor — and I think this is something worth striving for — we should at least acknowledge this.

We could make the argument that anonymity and privacy are so vital that they make it worth trying to deal with the bad Tor traffic in other ways; I have seen this argument work in individual cases. There may also be technical ways to mitigate some of the abuse, for instance by building some kind of proof-of-work into the Tor Browser, which might make it less attractive to use in automated attacks.

But we could also try to solve the problem in another way: by making more people use Tor.

Tor is often said to be very useful for journalists wanting to protect their sources and for opposition activists under repressive regimes. This is certainly true, but it is fair to say that most people fall into neither category. At worst, they suffer from government censorship — a problem which is just as well solved by VPNs.

But Tor can be useful for average Internet users too, even those that aren’t particularly concerned about privacy. It is, for instance, a great way to check prices in online shops, to ensure you aren’t quoted a higher price based on your past browsing activity. It can also be useful to login to social media when on a trip you don’t want everyone to know about; this prevents you from accidentally leaking your location. Indeed, the fact that a million people used Facebook‘s .onion site last month suggests that there is certainly an interest in doing so.

Of course, while increasing the ‘good’ Tor traffic will make it less attractive for websites to put barriers in place, it won’t stop the bad traffic. But it will force website owners and those tasked with protecting their websites to look for other solutions to deal with this problem.

torlogo.png

A Kidnapping Survival Guide: How to Combat Digital Ransomware (Part 1)

A Kidnapping Survival Guide: How to Combat Digital Ransomware (Part 1)

A Kidnapping Survival Guide: How to Combat Digital Ransomware (Part 1)

Kidnappers can easily take your digital information using one of the most dreaded types of malware: ransomware. Cyber-criminals are relying more and more on these malicious programs to block our computers.  Now, they are asking for larger amounts of money if you want them to “give back” access to your hard-drive.

The losses that a business can incur from an attack of this kind are enormous, which is why it is essential to be knowledgeable about the basic precautions that should be taken if you are in this type of situation.  First to prevent these types of attacks; and then to fight them.

We have prepared a summarized guide with the essential things that you need to be aware of. Here they are:

  • Do not forget the basics. Ignore any of the “simple” measures, which can be fatal for your company’s security. For example, if you allow your company’s employees to open email attachments containing executable files (like a PDF or Word document with a clickable tracking number for a delivery), then you are opening the door for cyber-attacks.
  • Remember that “human factor”. People are your business’ weakest links when it comes to security, since it is usually much easier to trick them then to trick a machine. It is essential that you give your team the right skills (for example, teach them how to recognize a supplanter or a suspicious email). Your employees can be your company’s best shield against ransomware, or they can be the black hole your organization falls into.
  • Perform an inventory of all of your company’s hardware and software. If something leads us to grow suspicious of a potential attack, it is important to know what “it” is and where we can find “it”.  How fast you are able to respond to an incident will largely depend on how long it takes you to locate the affected computers and systems.
  • Compartmentilize your company’s network, or in other words, divide your company’s network into areas with different access profiles. Apply internal rules to define the type of communication that can be exchanged between these groups and the privileges they have during certain events, in order to prevent greater problems.
  • The safety of our corporate network isn’t the only thing we need to worry about. Every computer (computers, tablets, mobile…) used by employees in the organization must be protected because they are both an entry point and a first line of defense against any type of infection. For instance, when a laptop connects from an external network not belonging to the company, the risk for infection is multiplied. We must prepare ourselves.
  • Buy a good security solution for your company. If you are constantly updating your database, then an anti-virus will more likely and more rapidly be able to detect all kind of threats, even some of the newest ones.
Even the inventor of the World Wide Web can be hacked. What about us?

Even the inventor of the World Wide Web can be hacked. What about us?

Even the inventor of the World Wide Web can be hacked. What about us?

contraseñas_FOTO2Even the inventor of the World Wide Web, Mr. Tim Berners-Lee, can have his password stolen. The hackers were able to access IT resources belonging to the organization that governs the Web (W3C). This makes us wonder: Is there a company that isn’t vulnerable to this type of attack?

 

We all face the same problem: We are only as strong as our weakest link. Stealing the password belonging to a single employee, especially if their access level is high (for example, a manager), is sufficient means for a cyber-criminal to sneak into a company’s entire system.

 

According to a recent report by the Cloud Security Alliance (CSA), nearly a quarter (22%) of the IT breaches in companies began with asingle password leak. In addition, 65 per cent of the study’s participants believe that there is a medium to high chance that there will be future risks caused by a compromised password.

 

A fourth of IT breaches began with a single password leak

 

contraseñas_FOTO1

PICTURED: TIM BERNERS-LEE, THE INVENTOR OF THE WORLD WIDE WEB

Like many others, Tim Berners-Lee’s situation could have been easily avoided. If an attacker gained access to the back door of the W3C it was because Berners-Lee repeated passwords. It is possible that he used the same password as the one he used for the IRC chats he used to communicate with his team.

 

The intruder initially got into the system using Berners-Lee’s information, then the same password opened other access points without problem. It was even possible to sneak into the web’s editing area, retouch the founder’s profile, and leave an encryption seal to prove that the cyber-criminal had been there.

 

To avoid being in this situation, there’s a simple and effective measure that should be followed by everyone in your company: use a different password for every service. That way, if one of your passwords is stolen, cyber-criminals will not have access to other resources belonging to your company.

Likewise, it’s also important to have a dependable security solution for your business to fall back on, like Panda Adaptive Defense 360, which is able to combat the theft of corporate information against both external and internal threats.

Intel Launches Xeon E7-8800, 4800 v4 Broadwell-EX Family

Intel Launches Xeon E7-8800, 4800 v4 Broadwell-EX Family

Intel announced its newest Xeon E7-8800/4800 v4 Broadwell-EX series of processors. The Broadwell-EX E7 v4 series features an additional QPI lane to increase scalability compared to the E5-2600 v4 Xeons we recently reviewed, and increases the LLC (Last Level Cache) to 60 MB and the core count to 24 (an increase over the 18-core maximum found with the previous-generation E7 v3 Haswell-EX family). The E7 v4 Series is socket-compatible with the previous generation E7 v3 series Brickland platform after a BIOS update.

The E7 v4 series features the same 14nm Broadwell microarchitecture found on the Broadwell-EP E5 v4 series. Intel is focusing on offering more features for each generation of Xeons as it wrestles with the expiration of Moore’s Law. The E7 v4 series offers the expanded feature set that we found with the E5 v4 Broadwell-EP series, such as Posted Interrupts, Page Modification Logging, Cache Allocation Technology and Memory Bandwidth Monitoring, among many others. The E7 v4 series, like the E5 v4, offers 70 RAS (Reliability, Availability and Serviceability) features and up to 70 percent more encryption performance. The Broadwell-EX family provides up to 60 MB of Last Level Cache, as opposed to an upper limit of 45 MB for the E5 v4 series, and also brings the notable addition of support for 3DS LRDIMMs and DDR4 Write CRC (an enhanced error control scheme). The E7 v4 series reaches a maximum 165W TDP, but also offers 150, 140 and 115W TDP flavors.

The E7 v4 only offers up to 32 PCIe 3.0 lanes in comparison to the 40 lanes provided by the E5 v4 series, but E7 processors tend to be deployed into quad-socket (or more) implementations. PCIe lanes scale accordingly with the addition of more processors, thus offering an increase in the number of PCIe lanes available to the system. For instance, a dual-socket E5 v4 system provides 80 PCIe 3.0 lanes, but a quad-socket E7 v4 provides 128 PCIe 3.0 lanes. Some Broadwell-EP E5 v4 SKUs scale up to four sockets, but the E7 v4 Broadwell-EX series supports up to eight sockets in a native configuration. The E7 v4 series also expands up to 32 sockets with third party node controllers (available from select server vendors). 

The E7 v4 series also supports up to 24 TB of memory in an eight-socket configuration (128GB 3DS LR-DIMMS), which is double the amount supported by the E7 v3 series. This incredibly dense configuration can be accomplished by deploying 24 DIMMs per socket (spread over the eight available memory channels).

The Brickland platform links the on-die four-channel memory controllers to four Intel Scalable Memory Buffers (codenamed Jordan Creek), through separate Intel SMI Gen 2 channels, which increases the number of memory channels to eight. A single socket supports up to 3 TB of memory with three of the 128 GB 3DS LR-DIMMs on each channel.

This continued expansion of addressable memory will be important for large-scale analytics applications in the enterprise. In-memory databases (storing the working data set in memory) are becoming widespread as data centers look to wring the utmost performance from the compute resource without the hindrance of limited storage performance.

Users can deploy 3D XPoint with NVDIMMs to use it as bit-addressable memory (much like a slower tier of memory). According to Intel, its forthcoming 3D XPoint memory offers up to 10x the density of DRAM, which could be another motivation for Intel to double the amount of memory supported on the platform.

The E7 v4 block diagram indicates that the Broadwell-EX architecture employs the same modular design as the E5 v4 HCC die, but brings the addition of the third QPI link to the ring on the right. The additional QPI link creates a mesh for data traffic. This reduces the number of “hops” required in quad-socket configurations by allowing all four CPUs to communicate directly with one another. The additional QPI link also reduces the number of jumps between each CPU in larger multi-socket configurations.

The high-end E5 v4 HCC die actually supported up to 24 cores, but Intel disabled one core on each side of the ring, which led to the 22-core limitation. Each core also features a 2.5 MB cache slice, so the two disabled cores on the E5 v4 reduced the maximum amount of LLC to 55 MB.

The E7-8890 v4 has all 24 cores active, and as a result, it offers up to 60 MB of LLC due to the cache associated with the extra two cores. The E7 v4 Broadwell-EX series scales from 8 cores/16 threads up to 24 cores/48 threads and clock frequencies span from 3.2 GHz to 2.0 GHz. All of the E7 v4 models support hyperthreading, but the E7-4820 v4 and E7-4809 v4 do not support Turbo Boost Technology.Intel extended Cluster On Die (COD) mode to the E7 v4 series in four socket environments, which is an increase in comparison to the dual-socket limitation with the Haswell-EX series. COD speeds performance by splitting the cores, LLC and home agents of each ring into a distinct cluster, which then operates within a NUMA domain to localize cache accesses to the same ring/cluster. This feature ultimately reduces LLC access latency, which improves performance.

Intel positions the Broadwell-EX E7 v4 series for scale-up compute-intensive workloads, such as real-time analytics, in-memory databases, online transaction processing (OLTP) workloads, supply chain management (SCM) and enterprise resource planning (ERP), among others.

Intel claims that the E7-8890 v4 provides up to 1.4x more performance with half the power consumption of an IBM Power8 platform, along with 10x the performance per dollar. Intel also touts that its new architecture supports 3TB of memory per socket in comparison to 2 TB per socket for the IBM Power8 competitor, but it is notable that IBM has its Power9 architecture waiting in the wings.

Intel indicates that the E7 v4 series has set 27 new benchmark world records and offers up to 1.3x average performance with several key industry-standard workloads (SPECjbb, SPECint, SPECvrt, TPC-E). The company also claims up to 35 percent more VM density in comparison to the E7 v3 series, as measured with the SPECvrt_sc 2013 benchmark.

Many of the users that will migrate to the new platform follow a multi-year update cadence due to maintenance contracts, so Intel included comparisons to the E7 v2 Ivy Bridge-EX series. Intel claims that the E7 v4 series provides up to twice the VM density, 4.6x faster ad-hoc queries, and 2.9x the performance with STAC-M3 theoretical profit and loss workloads in comparison to the E7 v2 series.

 

 

Source: tomshardware

http://www.tomshardware.com/news/intel-e7-v4-broadwell-ex-cpu,31993.html

The Hotel Sector: an easy target with juicy profits

The Hotel Sector: an easy target with juicy profits

The Hotel Sector: an easy target with juicy profits

video-cover-02 (002)Stealing information and then holding it for ransom is a trendy cyber-attack that has arrived to the hotel sector.  PandaLabs, Panda Security’s anti-malware laboratory, is launching a study called  The Hotel Hijackers“ (download our guide here); a document that reviews the increasing tendency of cyber-attacks directed towards large hotel chains.

Research showed us that 2015 was the year for these type of attacks and we have detailed information on this type of intrusion and how this sector was largely affected worldwide, in many famous hotels like the Trump, Hilton and Starwood hotels.

Why the hotel sector?

Hotels make billions of dollars from the millions of guests that pass through their doors everyday and hotels keep all of their guests’ sensitive data on file, just waiting to be compromised, and cyber-criminals know it.

[]

OnSight And Protospace: NASA’s HoloLens Apps For Exploring Mars

OnSight And Protospace: NASA’s HoloLens Apps For Exploring Mars

At the end of March, we tried the HoloLens augmented reality (AR) experience again at Microsoft BUILD. One demo in particular, called Destination: Mars had our News Director, Seth Colaner, on the surface of Mars with a virtual avatar of Buzz Aldrin. Although the experience was targeted for tourists (it will be installed at the Kennedy Space Center Visitor Complex this summer) the demo used OnSight, an actual tool used by NASA scientists to explore the surface of Mars with HoloLens. Last week, I was invited to NASA’s Jet Propulsion Lab (JPL) in Pasadena to see how OnSight actually works in a scientific setting.

From Earth To Mars…In Pasadena

Unlike the small demo room in the Moscone Center, the OnSight experience at JPL utilized a massive room, with more than enough space (no pun intended) to fit one or even two small cars. There were multiple stations, each with the same OnSight experience, so that I could traverse the same surface with other journalists in the room–but more on that later.

The first wave of OnSight was a solo walkthrough of the Martian surface. As I walked around, Alex Menzies, the software lead for JPL’s augmented and virtual reality projects, tagged along next to me to explain OnSight’s various features.

When the program booted up, I was transported to Mars, specifically the Naukluft Plateau, an area visited by the Curiosity rover last month. In fact, the rover was the first thing I saw on the surface. Obviously, it wasn’t moving around in the virtual space, but nevertheless, it was astounding to see a 1:1 version of NASA’s latest rover on the Red Planet.

As for the surface itself, the area surrounding the rover was well-defined. I could see the various ridges of different rocks and even notice their shadows casting on the ground. As we found out in an interview with Menzies and Jeff Norris, the Mission Operations Innovation lead at JPL, OnSight is able to provide this high level of detail because multiple photos of the same area were shot from different positions.

The result is quite astounding. I could actually crouch down on the rocky surface and see every nook and cranny up close and in high detail. Granted, I could still see some pixelation as well as a rainbow streak pattern that started in my peripheral vision but ended up all over the screen, which distorted the color of the surface, but it was still quite the experience. (The rainbow effect appears to be related to the HMD’s lenses, not the hologram.)

Menzies also showed me the main tool used by NASA’s scientists in OnSight. By tapping my finger in the air, I brought up a small toolbar that allowed me to place a custom point in the area, which would ping other users to show its location. I could also bring up a virtual ruler that easily allowed me to measure the distance between two points.

The entire floor served as the surface of Mars for our OnSight demo.

The entire floor served as the surface of Mars for our OnSight demo.As I ventured farther away from the rover’s location, I noticed that the surface quality deteriorated. Soon it was hard to discern any details about the rocks around me. All I saw were pixelated shadows and ridges. These were areas that Curiosity didn’t visit yet. Instead, the images used in these pixelated areas were from the Mars Reconnaissance Orbiter (MRO), a satellite that orbits Mars. At its closest point, the periapsis, it’s 300 km away from the surface, while its apoapsis, its furthest point in orbit, is around 45,000 km.

After a few minutes of alone time on Mars, I was brought into the same session with the other journalists in the room. From my perspective, they appeared as transparent avatars walking around the surface. Then, someone broke the silence in the room as another avatar appeared on Mars. It was Katie Stack Morgan, one of the research scientists on the Curiosity rover mission, and she actually uses OnSight on a regular basis to investigate the Martian surface. After she showed us the various points of interest on the plateau, I had a chance to talk to her about her current project.

Specifically, Stack Morgan is trying to find deposits of silica, a certain type of rock composition. Silica, which appears on the surface as a bright rock, is a tell-tale sign that water traveled through the area. Based on the location of these deposits, she can determine the direction of the water flow as well as the strong Martian winds. By following the path of silica deposits, she hopes to find a source of water on Mars.

Planning The Next Rover

After some time on Mars, we tried another demo that was more down to Earth; specifically, we saw a model of a Mars rover that’s slated to launch sometime in 2020. Even though this demo also used HoloLens, it wasn’t an OnSight experience–it was another program called Protospace.

The area for this demo was significantly smaller than the OnSight demo (think of a room about 15 feet in length), and we gathered around what seemed to be just an empty portion of the room. Here, Norris discussed the potential uses of Protospace for the team at JPL. In short, it’s a method for various groups to collaborate together to see a virtual model of any ongoing project. In the case of the Mars 2020 rover, various engineers can take a look at the prototype model and make suggestions or send feedback on how to improve it before production, which saves time and more importantly, money.

With that in mind, he then revealed the rover in front of our very eyes. Even in its prototype phase, it was quite an awesome sight. Various parts were shaded in different colors, and you could crouch down to look at it from a different angle or walk around to see a specific part up close. If you happened to “walk” through the model, you would see some parts cut away, giving you a more detailed, cross-section view.

As a final twist, Norris grabbed a physical model of one of the rover’s wheel bases and compared it to the virtual model. It was an exact match, further showing that it’s possible to use HoloLens in lieu of a physical model as a way for engineers to collaborate on future projects.

In fact, Protospace was already used in a real-world scenario. Mechanical engineer Stephen Pakbaz told me that some of the rover’s technicians used Protospace to check on the size of its nuclear batteries, which are installed in the rear. Specifically, the technicians wanted to make sure that the batteries would fit while it was inside the rocket so that there wouldn’t be any problems during the flight to Mars.

The Protospace team put a HoloLens device on a tripod in order to show viewers what we were seeing with the AR glasses.

The Protospace team put a HoloLens device on a tripod in order to show viewers what we were seeing with the AR glasses.Obviously, the rover has to be build in a traditional computer-aided design (CAD) program before it enters protospace. According to Marcutte Vona, a producer on the Protospace project, the model takes up “several gigabytes” as a CAD file. However, the team takes a low-level detailed version of the model from the program and makes the file smaller by removing certain parts that technicians wouldn’t be looking at in the first place, such as the rover’s various bolts and screws. Then, it is put through a lossless compression program (Pied Piper, anyone?) before it enters Protospace. By the time it’s loaded onto the HoloLens program, Vona said that the file size is about half a gigabyte.

For now, I could mark only various points of interest on the rover. However, the developers of Protospace are working on new features for users such as the ability to turn and rotate the object. The program developers are working closely with the actual users to figure out the best features for Protospace. One thing Pakbaz mentioned was that he wanted to see the assembly of certain parts in AR.

The Wave Of The Future

The fact that both applications are functioning well with a device that’s still in development is quite astonishing. OnSight and Protospace proved that AR (and more specifically, HoloLens) is a viable option for NASA’s various endeavors such as planning a new rover for Mars exploration or learning more about its surface.

Still, nothing beats the real thing. It will take many years (and a lot more money) to get the first humans on Mars, but with these HoloLens applications, the team at JPL can get a head start in gathering crucial data on its surface as well gain enough expertise to build the next spacecraft that will land humans on the Red Planet.

Source: tomshardware

http://www.tomshardware.com/news/nasa-jpl-hololens-onsight-protospace,31864.html

PandaLabs identifies 227,000 malware samples per day in the first quarter of 2016

PandaLabs identifies 227,000 malware samples per day in the first quarter of 2016

PandaLabs identifies 227,000 malware samples per day in the first quarter of 2016

pandalabs-2016-04PandaLabs, Panda Security’s laboratory, outlined in this report the main cyber-security developments over the first months in 2016, showing statistics of malware and cyber-attacks in the first quarter of 2016. The amount of malware created continues to break records, with more than 20 million new samples identified, an average of 227,000 per day.

Cyber-crime does not stop

Cyber-criminals continue attacking without giving sensitive infrastructures the chance to take a break, as seen in the attack suffered by 21st Century Holdings, a clinic specialized in cancer treatments with headquarters in Florida. The clinic had to alert their 2.2 million patients and workers that their personal data might have been compromised.

The Rosen Hotels & Resort chain has been the victim of an attack that occurred between September 2014 and February 2016. The company alerted their clients who may have used a credit or debit card in their establishments over this time period that their data could have been stolen by the attackers.

Even the world’s most powerful governments haven’t been spared, such as the United States, where the Department of Defense has presented a rewards program called “Hack the Pentagon” in which rewards are offered to hackers who find security holes in the Pentagon’s web pages, applications and networks.

Smartphones are another easy target for cyber-criminals. SNAP is the name of a vulnerability that affects the LG G3 phones. The problem is due to an error in the implementation of LG notifications called Smart Notice, which allows JavaScript to be executed.

The growing sector, the Internet of Things, is also affected by this year’s criminal activity. In this area, we can see how something as innocent as a doorbell can be attacked. Manufacturers are becoming more aware of their product’s safety, in fact, General Motors just launched a new rewards program for hackers who are able to find vulnerabilities in their vehicles.

Q1 in numbers

The PandaLabs study shows that Trojans continue to be in the lead of all malware samples. Out all malware samples created in 2016, Trojans are number one with 66.81% of the total (an increase compared to last year), followed by viruses (15.98%), worms (11.01%), PUPs (4.22%) and aware/Spyware (1.98%):

pandalabs1

 

When we analyze the infections caused by malware worldwide, we find Trojans in the lead again. This is normal if we take into account the rise in ransomware infections, including the rise of Trojans, which is also one of the most popular attacks cyber-criminals use because it allows them to obtain money easily and securely. There are more and more companies whose networks are falling victim to these cyber-criminals and who are paying millions of euros to rescue their stolen information:

pandalabs2

According to PandaLabs, Asia and Latin America are the most affected regions

In this study we can find a table showing the countries with the highest and lowest infection rates in Q1 of 2016: Asia and Latin America (China leads the ranking with 51.35% of infections) are the most affected countries; while the Scandinavian countries have the lowest infection rates with (Sweden at the lowest at 19.80%).

 

pandalabs3pandalabs4If you want to know more about the specific attacks, be up to date with the latest research carried out by the FBI, and the latest news of the cyberwar, you can download the entire document here. We hope this is of interest to you!

Burned By Too Many Scams, Microsoft Bans Tech Support Ads In Bing Search Results

Imagine if an entire section of the phone book (remember those?) was dominated by fake companies and scam artists. You’d hope the phone book people would wise up and get rid of that section. That appears to be Microsoft’s way of thinking as it bans tech support ads from its Bing search results.

Earlier this week, Microsoft quietly announced the change to its Bing Ads policy, disallowing third-party ads for online tech support “because of serious quality issues that can impact end user safety.”

Which is a shorthand way of saying “we’ve seen to many people burned by ‘tech support’ scams and we’re not going to help these a-holes take advantage of people, even if they pay for ads.”

The “tech support” scam involves the victim being tricked into believing their computer needs fixing. This can happen in a number of ways: Phone calls from people claiming to be tech support staff; pop-up warnings alerting the user to a nonexistent virus or other problem with their computer; and paid ads on search engine results.

Victims are deceived into either turning over payment information to the scammer, or ceding remote control of their device to the scammer (sometimes both). The problem is particularly annoying to Microsoft, as the company’s name is frequently invoked by scammers pretending to represent Microsoft.

In 2015, Microsoft says it received some 150,000 complaints from consumers who were contacted in some form by bogus tech support services.

Last December, Washington state filed suit against online tech support company iYogi, alleging deceived consumers by falsely claiming affiliation with Microsoft, HP, Apple, and others. Customers then paid iYogi between $80 and $199 to upgrade their systems from Windows 7 to Windows 10, for example, despite the fact that Microsoft explicitly offers all home Windows users that upgrade for free. The company also allegedly used their remote access to computers to generate fake, flashing warnings about viruses, before charging upwards of $380 to have the “virus” repaired.

The Bing ban on tech support ads comes the same week that Google announced a ban on search engine ads for payday lenders.

Source: www.consumerist.com

Burned By Too Many Scams, Microsoft Bans Tech Support Ads In Bing Search Results

Google Doubles Down On Mobile VR With ‘Daydream’ Ecosystem

Google announced Daydream, which is an entire mobile VR ecosystem, including reference mobile phone specifications, design guidelines for Daydream compatible HMDs, and a software distribution platform built for navigation within VR.

Google IO 2016 kicked off today, and during the opening keynote presentation, Clay Bavor, the company’s VR team lead, revealed the company’s plans to move from the entry level Google Cardboard HMDs to a much more robust mobile VR platform that is “comfortable and approachable for everyone,” and better suited to compete with the likes of Samsung and Oculus’s Gear VR.

Google’s Cardboard project has enjoyed wide adoption over the past two years, and the company has learned a lot about virtual reality in that time. Millions of people have Cardboard viewers, and there have been more than 50 million Cardboard apps installed to date, but Google said that that was just the beginning. In the fall of this year, Google and its partners will launch Daydream alongside the Android N operating system.

Daydream is a more high-end product than Cardboard. Google has laid out specific “Daydream-ready” hardware guidelines for device manufactures that wish to support the platform. Google is taking performance seriously in this venture; certified devices will have to achieve specific framerate targets and deliver sub-20ms motion-to-photon latency to qualify.

Daydream isn’t just about higher performance, VR-capable smartphone specifications, though. Google has created reference design specifications for Daydream VR HMDs, and for a portable controller with spatial tracking. Google did not go into specifics about the design elements of the HMD, but it did say that Daydream kits will be much more comfortable than Google Cardboard and that they will offer “great optics.”

The reference design specifications also include guidelines for the Daydream VR controller. The reference device that Google demonstrated is similar to the Oculus remote in appearance, but unlike the Oculus remote, Google’s device incorporates minimal spatial tracking with orientation sensors. Google showed the controller being used to navigate through menus and to play certain games. The controller also features a limited selection of buttons to help you navigate through VR.

Software is the third piece of Google Daydream. The company said it redesigned the Google Play store with VR in mind. You can navigate through your library of content, search for new content, and even buy new apps, all without leaving the virtual reality environment. Google said it has partnered with a large number of big name partners to bring content to Daydream.

The New York Times, the Wall Street Journal and CNN have agreed to bring their immersive news content to the platform. Hulu, Netflix, Imax, Lionsgate and other video production and hosting companies have also signed on. Big name game studios are also getting behind Daydream. EA, nDreams, CCP Games, Ubisoft, MinorityVR and others have committed to releasing content when Daydream launches later this year.

Google has also redesigned several of its own services to work well with VR. Google Play Movies and Google Photos will both be supported on day one. Google Photos will even be getting VR photo support tacked on. Google Street View will be upgraded for Daydream VR, too, allowing you to browse the world in an immersive first person format.

YouTube will be getting an overhaul for Daydream, too. Google said the video streaming service is being rebuilt with VR in mind. You’ll be able to do voice searches to find content, and playlists will be designed for VR navigation. YouTube VR video streaming and spatial audio will be natively supported. Google also confirmed that the entire library of standard video content will be available.

Google did not offer a specific date for Daydream, but it said that the platform will launch this fall with many partners on board. Samsung, HTC, LG, ZTE, Xiaomi, Huawei, Asus and Alcatel will all launch Daydream-ready phones, and Google said there will be many HMDs launched with them.

Developers that wish to get started early are welcome to do so. The SDK for Daydream is part of the latest Android Development kit, which is available today

 

Source: tomshardware

http://www.tomshardware.com/news/google-daydream-mobile-vr-platform,31828.html

Contact us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Questions, issues or concerns? I'd love to help you!

Click ENTER to chat