European Union (EU) lawmakers continue to press ahead with plans to scan private messages in an effort to crack down on criminal activity. This new control law is intended to prevent criminals from spreading child sex abuse material (CSAM) through private messaging channels. These channels include iMessage, Signal, Telegram, and WhatsApp.

Read also: Cyberbullying, a growing problem in Europe

Good idea, bad idea

No one would argue that stopping CSAM is a bad idea. However, for the chat control law to work, EU government agencies will have to scan all messages sent and received by their citizens. Even those people who are not suspected of committing any crime.

Worse still, the law will require service providers to circumvent message encryption to permit access. Message encryption is an important privacy protection that ensures only the sender and receiver can read a message. It prevents criminal interception of sensitive chat content.

Weakening encryption in any way will increase the risk of innocent people falling victim to scammers and criminals.

Has the EU changed its mind?

When the new law was first proposed, several civil liberty groups registered their opposition. Groups like the Internet Freedom Foundation, Mozilla and the Center for Democracy and technology argued that message scanning not only compromises security. But also treats every citizen as a potential suspect.

These calls were picked up by the EU’s own Civil Liberties committee. The committee voted to exclude mass scanning of encrypted messages from the proposed law. However, as the bill approaches Parliament once more, it appears that the wording may have changed. Nevertheless, the principle remains the same. The EU will still require service providers to compromise encryption algorithms. This will allow messages to be scanned as part of an ‘upload moderation’ routine.

Many MEPs have already signed an open letter against the law. They claim that chat moderation not only weakens cybersecurity but will also act as a “blueprint for authoritarian states”, providing governments with an excuse – and a means – to identify, block and potentially prosecute any content which they disagree with.

Disagreements have seen the bill delayed in Parliament, although it is due to be endorsed on the 13th December 2024. Since the most recent review, just two EU nations remain opposed to the legislation – Poland and Germany. All other member states have since fallen into line, choosing to support this privacy-breaching law. Which means that it is extremely likely this new law will be adopted across the EU, affecting citizens and anyone who communicates with them, wherever they are located in the world.

For more details about how the law could affect law-abiding citizens like you, and how to register your opposition to this assault on privacy, visit www.chatcontrol.eu.

The post How the EU is about to violate your privacy appeared first on Panda Security Mediacenter.

Since the launch of Apple’s iPhone nearly two decades ago, the device and all its consecutive versions have been among the best-selling smartphone devices in the USA.

The rising threat of smishing attacks

Criminals are well aware of the brand’s popularity in North America and have been looking for ways to exploit it. Recently, Apple users have become targets of smishing attacks.

Read also: 14 Types of Malware and How to Prevent Them

What is smishing?

Smishing  consists of phishing attempts received in the form of an SMS. Apple users have received text messages from bad actors pretending to be part of Apple’s team. The fraudsters request Apple users to click on a suspicious link that requires them to share their Apple ID and iCloud information.

How smishing works

The bad actors even make potential victims pass a captcha test to make the request look more authentic. Once the unsuspecting users verify they are not robots, they end up on a site resembling a real one with prompts asking them to share sensitive info, including passwords, usernames, full names, and other personal information. The criminals record all the data the users give and then use it to commit fraud.

Consequences of smishing attacks

Potential risks for victims

Attackers could use the info to crack Amazon or eBay accounts and purchase things with all the credit and debit cards on file. Fraudsters could also try the same email, username, and password to break into an online banking account and attempt to drain it.

Why SMS phishing is effective

SMS phishing has become more effective for hackers than regular email phishing, as email clients often forward such requests directly to a user’s junk folder. However, smartphones have not yet perfected such protection, and malicious links frequently land in people’s message centers. While many wouldn’t fall for such a trap, distracted folks could make a wrong move and get infected, hacked, and defrauded.  

How to recognize and avoid smishing attacks

Identifying red flags

In order to recognize smishing or phishing attacks, users can look for red flags that usually consist of misspelled words in the URL or text body. Verifying the phone number can also be helpful – if the message comes from a sketchy random number, the message is very likely fraudulent.

General precautions

Being cautious when receiving unsolicited messages is a must not only when it comes to SMS but also emails – clicking on suspicious links on any platform almost certainly leads to problems. Sometimes, bad actors would try to call and provide “tech support,” leading to even more malicious activities on a user’s smartphone or computer. Or fraudsters would already know the target’s first name and try to gain trust, pretending to be a person looking for human contact.  

Protective measures against smishing

While wireless service providers and smartphone manufacturers are still perfecting defense systems that could prevent fraudsters from reaching potential victims, most advanced antivirus software companies already offer a shield against such attacks.

Such advanced protection options can give you peace of mind, even if you accidently end up clicking on a suspicious link. You will receive a notification that you are going to a website known to be associated with malicious activities. Antivirus companies monitor the global internet space for such threats and ensure they protect its client base.

The post Cyber criminals target Apple users with smishing attacks appeared first on Panda Security Mediacenter.

We all know the feeling. You hit delete and suddenly realize that you’ve made a mistake. Is the file gone forever? Probably not, no. Here’s how to recover a deleted file on your Mac.

1. Use Finder’s Undo Move option

If you realize your mistake immediately, you can recover a deleted file in just two clicks:

• Open Finder
• Click Edit -> Undo Move

This menu option will reverse the change, restoring your file to its original location.

2. Restore from Trash

Normally, any file that you delete is moved to the Trash can. This provides a helpful layer of security to reduce the risk of deleting something accidentally. To recover a deleted file:

• Click the Trash icon in the dock
• Scroll through to find your file
• Right click the file and select Put Back from the pop-up menu

MacOS will then restore the deleted file back to its original location.

3. Restore from Recently Deleted

Some of the built-in MacOS apps, like Photos, include a trash can function called Recently Deleted. The Recently Deleted folder stores deleted items for thirty days before they are permanently deleted, giving you a chance to get them back if you make a mistake.

To recover a deleted file from Recently Deleted: 

• Open Photos, Notes or whichever Apple app you were using
• Click the Recently Deleted folder in the left-hand menu bar. You may need to type your password or use FaceID to access the folder.
• Right click the deleted file and select Recover from the pop-up menu

The system will now put the deleted file back to its original location.

Read also: How to Get Rid of a Computer Virus [Mac and PC]

What if these methods don’t work?

Hopefully, you are also using Apple Time Machine to regularly backup your data (if not, now would be a great time to start!). Every hour, Apple Time Machine takes a ‘snapshot’ of your Mac, copying changed files to an external disk. If you accidentally delete a file, you can recover it from the Time Machine snapshot.

Apple Time Machine is particularly useful because it can also recover files that have been deleted from your Trash can. Ready to learn more? Apple has full instructions on how to setup and use Time Machine here.

If you have permanently deleted a file and don’t have a backup system, you will need to consider using file recovery software. These are powerful tools than can scan your Mac’s hard drive to locate and recover deleted files.

Although relatively effective, file recovery tools are the very last resort. You should not rely on them to protect you against data loss. A proper backup solution, like Time Machine, gives you greater control and peace of mind, just in case something goes wrong.

So there you have it, three ways to quickly recover deleted files on your Apple Mac. Good luck!

The post How to recover deleted files on a Mac appeared first on Panda Security Mediacenter.

Finding out that your computer or laptop is infected with a virus is a scary feeling. You may have important files on the hard drive, irreplaceable photos or an in-progress project that you forgot to save. Viruses, many caused by malware, can significantly impact your device’s performance and even threaten the safety of your personal information and data.

While antivirus software adds additional protection to your devices, you still need to be aware of viruses and their removal processes. Viruses are not a one-size-fits-all type of issue, and each can affect the performance of a phone or computer in a variety of ways.

If you think your device is infected, our guide can help you figure out how to get rid of a virus and restore your device’s productivity. 

• What Is a Computer Virus?
• How to Get Rid of a Virus on Your Windows Computer
• How to Get Rid of a Virus on a Mac
• How Does Your Computer Get Infected With a Virus?
• Signs of a Computer Virus
• 6 Tips to Prepare for Virus Removal

What Is a Computer Virus?

A virus is usually a piece of tampered code that changes how a device functions and operates. Viruses can be passed from device to device through infected attachments or links, and they usually attach to and hide behind previously installed programs. Some viruses are referred to as worms, and these infections can spread to other devices without human interaction. 

Many malware viruses use social engineering to attract and trap users, while others disguise themselves as helpful programs before penetrating an entire system — take, for instance, the heuristic virus.

Other types of viruses are common, including:

• File-infecting viruses
• Macro viruses
• Overwrite viruses
• Polymorphic viruses
• Resident viruses

…and more.

How to Get Rid of a Virus on Your Windows Computer

If you believe your computer may be compromised by a virus, your next step is computer virus removal. You will need to use Windows Security to remove the intruder.

1. Open Windows Security. This can be accessed from the settings menu.
2. In the left panel, select Virus & threat protection.
3. Select Scan options.
4. Choose Microsoft Defender Antivirus and then select Scan now. Your computer will restart and reboot in a safer, offline mode. After your PC restarts, navigate back to Virus & threat protection.
5. Reveal the findings from the virus scan by selecting Scan now under Virus & threat protection in the middle panel. You can also access this history from Protection history on the right-hand sidebar. Then, restart your computer in Safe Mode.
6. Navigate to System in the settings menu and select Storage.
7. Click the Temporary files bar.
8. Choose to Delete all temporary files.
9. Hit Remove files. In regular mode, restart your computer.

After you have run a virus scan and deleted all temporary files, you can download and extract Autoruns. This Microsoft tool identifies malicious programs that should be deleted from your computer.

While most Windows systems have antivirus and antimalware software already installed, you may want to investigate your device’s protections and consider installing an antivirus system to help protect your device in the future.

How to Get Rid of a Virus on a Mac

While many people believe they cannot get viruses on Macs, these devices can also be infected. There are a variety of viruses posing as Mac antiviruses — including MacDefender and MacSecurity — that are malicious and dangerous. If your Mac has been infected, here is how to clean malware on your Mac.

1. Navigate to the Applications Folder in Finder.
2. Move any offending applications to Trash. After moving applications to trash, navigate back to Finder.
3. Select Go in the top menu and then Go to Folder in the dropdown.
4. Enter “/Library” in the search field and click Go. Drag any related or suspicious folders to the Trash.
5. 5. Empty the Trash.
6. Next, you’ll open the Launchpad by clicking on the icon with multiple colorful tiny square icons in the bottom toolbar.
7. In the search field, type Activity Monitor and launch the program.
8. Go to the CPU tab to view all running processes. Keep an eye out for any unfamiliar or suspicious process names by clicking the X in the top left corner. 

9. If you identify a process that seems like malware, select it, then click the gray X in the top left corner of the Activity Monitor. Click Force Quit to terminate the process.

These are just a few simple ways to delete viruses from a computer without antivirus. If your computer has a virus that originated from a browser extension, you will need to delete these as well.

Removing Extensions on Safari:

1. Open Safari and select Preferences from the top dropdown menu.
2. Click Extensions. Here is where you will uninstall suspicious extensions. These could have been added by you or a piece of malware.

Removing Extensions on Chrome:

1. Open Chrome and navigate to the three dots in the upper right-hand corner.
2. Select More Tools and then Extensions.
3. In the new screen, you can click Remove on any suspicious extensions.

In order to prevent a virus, be sure to download a secure Mac antivirus system on your computer. Additionally, it’s important to update your software as often as you can and back up your data regularly to ensure you will not lose previous files if ever infected with a virus. 

How Does Your Computer Get Infected With a Virus?

Viruses are a common threat to computer systems, capable of causing significant damage to data, software and even hardware. Understanding how these harmful programs gain access to your computer is crucial for maintaining a secure system. 

Here are some of the most common ways a computer can get infected with a virus:

• Email attachments: Opening email attachments from unknown or suspicious sources can lead to infection. Malicious attachments can contain viruses or other types of malware designed to compromise your system as a part of phishing scams.
• Infected downloads: Downloading files or software from untrustworthy websites can be risky. Hackers often hide viruses within seemingly harmless downloads like freeware, shareware or cracked software.
• Compromised websites: Visiting malicious or compromised websites can lead to automatic downloads of harmful software. These sites often use scripts or pop-ups to infiltrate your computer without your knowledge.
• Vulnerabilities in software: Operating outdated systems can have security flaws that allow viruses to enter. Hackers exploit these vulnerabilities to inject malicious code into your system.
• Removable media: Inserting infected USB drives or other removable media into your computer can introduce viruses. These devices may carry malware from other systems they’ve been connected to.

Signs of a Computer Virus

Before you begin the virus removal process, double-check that your device’s symptoms are characteristic of viruses. A few telltale signs that your computer or phone may be infected are:

• Pop-up messages are appearing. If pop-up messages appear every time you use your device or they are hard to close out of, you may have a virus. Never click on a suspicious pop-up if you think your device may have a virus, even if it’s a virus warning.
• Your device is running slowly. Make sure all of your applications and systems are up to date. If you are unable to increase its speed, it may be experiencing the side effects of a virus that is hijacking your device.
• Your hard drive is making noise. If your hard disk is making continuous noises or spins with minimal to no computer activity, your device could have a virus.
• Programs are continually crashing. If programs are starting and closing automatically, or your system randomly shuts down or freezes, your device could be infected by a virus.
• You have missing files. If you are missing files that you know were not deleted, this may be due to malware. Some malware deletes, moves or encrypts files so you cannot open them.
• High network activity. If your Wi-Fi or internet activity is active even when you are not using it, a virus could be infiltrating your internet to send and steal information.
• Your device overheats. If your device has a virus, it is most likely working overtime to keep things running smoothly. This can cause overheating in phones and computers. Keep an eye on your CPU temps and how hard your device’s fans are working.
• Warnings are being released by your antivirus software. If you have antivirus software installed, don’t ignore its warnings. This could be a sign that your device is compromised.

6 Tips to Prepare for Virus Removal

Even after you’ve detected a virus, there’s preparation to be done before jumping into virus removal. To ensure that all internal and external files have been cleaned, it’s important to keep every possible removal method accounted for and prepare your devices to get rid of a virus.

1. Scan personal data: Before beginning the virus removal process, scan all your personal data for viruses. This will ensure that viruses aren’t accidentally reinstalled after the removal process. Scanning tools like the Panda Cloud Cleaner can help disinfect your PC quickly.
2. Reboot Safe Mode: A virus can only access your device when it’s running. When placed in Safe Mode, your device will only load the essential files, which can stop all viruses from starting.
3. Use a rescue USB drive or rescue disk: A rescue USB drive allows you to scan a device without starting it. This helps keep viruses contained and provides you with an additional safe space to scan for viruses. 
4. Don’t forget manual removal: You may need to view and delete program files manually to get rid of a virus. If you feel comfortable, download Autorun, which allows you to see exactly what it is that is operating on your computer and how to get rid of it. This type of virus removal can be overwhelming, so be sure you’re prepared to determine the legitimacy of your programs before beginning.
5. Employ clean install: If all else fails, it’s possible to resort to a clean install. A clean install deletes everything on your hard drive, but it also almost always guarantees the removal of viruses and malware. You will have to reinstall all programs, but it can save your computer from further infiltration and destruction due to viruses
6. Install antivirus software: Make sure to install an antivirus system that also protects against ransomware, as programs with both can detect things an antivirus program alone does not recognize.

While viruses can be scary, they can also be removed. Cleaning up your device may take some time, but Panda Security offers users a variety of tools to help simplify the process and get your personal devices running again.

The post How to Get Rid of a Computer Virus [Mac and PC] appeared first on Panda Security Mediacenter.

There are always risks when connecting to unknown public WiFi networks. Scammers will sometimes create ‘fake’ hotspots that capture and steal sensitive data from their unsuspecting victims. However, these scams only work when the hackers have complete control of the WiFi network. 

Microsoft discovers a new variation

Microsoft recently identified a new vulnerability that could be exploited to compromise machines on any public WiFi network. The vulnerability (CVE-2024-30078) allows hackers to send a malicious packet to devices on the same Wi-Fi networks in locations such as airports, coffee shops, hotels, or workplaces. 

Once the magic packet has been received by an unprotected computer, the hacker can remotely execute commands and access the system. Worse still, the whole process is invisible – there are no prompts or alerts that show something is wrong. 

Fortunately, Microsoft has developed a fix. The patch for CVE-2024-30078 was included in the monthly update for June. Although Microsoft classifies this vulnerability as “Important” (the second highest rating), it still presents a significant risk to anyone who uses public WiFi networks.

Patch today

Like any security patch, we strongly recommending installing the upgrade as soon as possible – even if you have no plans to use a public WiFi network. Why? Because if they can get connected, hackers can use the magic packet technique on your own home network too.

Microsoft release new software updates every month to address vulnerabilities. By installing patches as soon as they are released, you greatly reduce the risk of becoming a victim of cybercrime. 

Additional protection

The only problem with security updates is that there tends to be a lag between vulnerability discovery and the patch being released. And it is during that gap when cybercriminals are most likely to strike.

The good news is that you can close that gap with a robust antimalware tool like Panda Dome. Panda Dome monitors your devices for suspicious activity, blocking anything that may indicate a hacking attempt. In this way, you can protect yourself against magic packet attacks – even those which have not yet been identified.

Get yourself protected today. Make sure you apply the June Microsoft update then download a free trial of Panda Dome to ensure you’re protected against the next unidentified vulnerability!

The post PSA: This Microsoft Update is essential appeared first on Panda Security Mediacenter.

The soccer fever of the UEFA EURO 2024 and Copa America CONMEBOL tournaments rages through Europe and the Americas. Fox Sports, the sports programming division of the Fox Corporation, has most of the rights to stream Euros and Copa America in the USA. Still, Fox is unavailable on standard streaming services such as Netflix and Disney+, making the events inaccessible for many.

With only a handful of streamers, millions of people scramble for options when they want to watch a soccer match. Apart from live broadcasters, such as Fox, a few other options provide viewing access to the matches, such as Sling, Fubo, and even YouTube TV, but all of those come at a price.

Understandably, while striving to avoid the steep fees set by streamers, viewers have been looking for ways to watch the matches for free or a fraction of the cost.

However, there is no such thing as a free lunch, as cybercriminals often set traps for all the people who try to bend the rules and avoid the steep prices. Not paying usually results in thousands of people watching sports content on questionable websites. Such places often require a small payment or are infected with malicious code that aims to get into the viewer’s system and possibly even steal credit card details.

Read also: 14 Types of Malware and How to Prevent Them

So, how do you stay safe and watch the games? There are a few ways.

Ways to stay safe and watch the games

• Attend in person

Check if there are tournament matches nearby. There is no better way to enjoy the game’s beauty than watching it in person. If this is an option, head to Ticketmaster, book tickets, and stop reading. 

• Sports bar

If attending in person is not an option, soccer fanatics will likely not have a better excuse to head to the pub. All sports bars cover major events such as the Euros and Copa America, and watching them at a bar means that folks can enjoy a cold beverage instead of browsing websites or filling out online forms to start a trial.

• Free trial

Most streamers offer free trials. FuboTV has the longest free trial—it is one week and provides access to many games completely free of charge and free of viruses. FuboTV sometimes offers matches even in Spanish.

• VPN

Soccer clashes are often available for free on national TV in other countries. Viewers can use a VPN to hop over the virtual wall and access a game. If a user gets a reliable VPN and has access to high-speed internet, watching in real-time could work well. 

• Free streaming

Getting free access to live soccer games on murky mirror websites could be tempting and sometimes could work, but we suggest folks avoid being on those. If this is the last resort, users should ensure they don’t share card details and have antivirus installed on all smart devices. 

In the USA, soccer has been trying to dethrone baseball and ice hockey for years and may eventually succeed. It could potentially become the third most popular team sport in the US, especially with the upcoming 2026 FIFA World Cup planned to take place right here in North America. Whatever sport you watch, ensuring you do it on a protected device is a must, as sometimes even big corporations get hit by cyber-attacks and unintentionally expose customer info. 

The post Avoid malware while streaming UEFA EURO 2024 and Copa America CONMEBOL appeared first on Panda Security Mediacenter.

The performance of your computer is affected by several factors. But one of the most important is RAM. Generally, the more RAM your device has, the faster it should ‘work’ – particularly when playing graphics intensive games or editing large photos and videos*.

So how can you check how much RAM your computer has? Fortunately, the process is quite simple.

Windows PC

Finding how much RAM is installed in your Windows PC takes just a few clicks:

• Click the Windows icon in the bottom left corner of your screen, then select Settings
• In the window that appears, click System (on the left) then About (bottom right)
• Look for Installed RAM in the Device Specifications section (e.g. 64.0 GB)

Apple Mac

Finding the basic specifications of your Mac is simple:

• Click the Apple icon () in the top left corner of your screen
• Select About This Mac from the top of the menu
• In the popup screen that appears, your RAM count is listed next to Memory e.g. 8 GB

Why would you need to check how much RAM your computer has?

Some apps, particularly games, have a minimum RAM requirement. If your computer does not have enough memory, these apps may not run correctly. Some will not even install. So you will need to check how much RAM you have before buying new software.

But that’s not the only reason. Have you ever seen a pop-up warning you that your computer is running low on memory? Or had your computer freeze entirely until it is restarted?

These are common signs that your computer has run out of RAM – there is not enough ‘free’ memory to complete a task. This is a relatively common problem on older computers that do not have enough RAM to cope with modern computing tasks.

But if your computer is newer, or you are seeing these messages when completing basic tasks, it may be a sign of something more sinister. Malware, will often consume all of your available RAM, causing your computer to crash. Others, such as cryptominers, will divert your memory and CPU resources to other malicious activities that prevent your device from working correctly.

Whenever see a popup about insufficient RAM (or similar), you should immediately complete an antimalware scan. The same is true if your computer crashes, freezes or reboots for no apparent reason. Only once you are sure that your computer has not been infected should you consider upgrading RAM (or replacing your computer).

Click here to download a free trial of Panda Dome and ensure your computer is “clean”.

* Note: There are other factors that will affect your computer’s performance including CPU speed and cores, unused disk space, storage type and network speed. Whenever you encounter speed issues, an antimalware scan should always be one of your first troubleshooting tasks to try and identify the cause.

The post How to check how much RAM my computer has? appeared first on Panda Security Mediacenter.

The National Security Agency (NSA) has issued a mobile device best practice advisory with one often overlooked recommendation. The intelligence agency wants smartphone and tablet users to turn devices off and on at least once a week. According to the government pamphlet, the recommendation could prevent hackers from infecting the devices with malware or making the most of already installed malicious code. NSA says that the practice could also help avoid zero-click exploits.  

How does turning smartphones on and off help users avoid malware and zero-click exploits?

NSA researchers have a reason to believe that restarting a device can affect the operations of some types of malicious codes running on a smartphone or tablet. Apple and Android users who turn the smart devices on and off at least once a week are more likely to interrupt the action on any malware that might already be present on the device. Rebooting the devices, a simple process that clears the memory, could sometimes result in preventing the malicious codes from continuing to operate. 

Weekly rebooting is a common practice for computers and Macs. Operations systems like Windows often integrate weekly reboots into their security systems. The reboot gives computers a chance to install any pending software or driver updates. Turning a device on and off helps it maintain a healthy computing environment. Smartphones and tablets are also computing devices. So knowing that those must be turned off from time to time should not be a shock.

A simple restart does not solve all the problems, but the practice appears to be helpful. However, not all device restarts are the same. It is essential to learn how to restart a device correctly, as often turning it on and off isn’t enough, as some device components remain on even while the device seemingly appears to be off. 

How to perform a soft reset

If users want to be sure they get the most out of our smartphone or tablet, they should perform a soft reset. The last few generations of Apple products can be fully rebooted by quickly pressing the volume up button, followed by rapid press of the volume down button. And then finishing the soft reset by holding the power button until the white Apple logo appears on the black screen.

The procedure for soft reboot of Android devices varies but it often is just holding the power button for a long time until the device turns off. These soft power cycle actions, known for their effectiveness and safety, are healthy for mobile systems and do not erase any data from a phone or the settings and apps. 

Powering a smartphone on and off is certainly helpful, but it’s important to install antivirus software. This additional step can significantly enhance your device’s security. Making it more hostile to hackers and malicious files that may be lurking around, trying to infiltrate your digital life.  

The post NSA Recommends users restart mobile devices weekly appeared first on Panda Security Mediacenter.

Cyber attackers are increasingly targeting developing nations, businesses in Africa, Asia, and South America with their latest ransomware variants, using these regions to test how well they work. If the malware works successfully, they will then strike wealthier nations that are protected by more sophisticated security systems. 

Adopting this approach allows them to refine their malicious programs in less secure environments. Because developing nations tend to be behind the curve in relation to cybersecurity. Recent victims of these ransomware tests include a bank in Senegal, a financial services company in Chile, a tax firm in Colombia, and a government economic agency in Argentina. These practice runs help cybercrime gangs perfect their methods before attacking high-value, better-defended targets.

Digitization in the developing world outpaces cybersecurity

Businesses in developing countries often lack cybersecurity awareness, making them easy targets. For example, a cyber gang might first try out a new malware attack in countries like Senegal or Brazil. Where banks have similar IT infrastructure to their western counterparts. This tactic works because these regions generally have lower cybersecurity defenses.

One cyber gang, Medusa, began attacking businesses in 2023 in South Africa, Senegal, and Tonga, stealing and encrypting companies’ data. Medusa went on to carry out 99 breaches in the US, UK, Canada, Italy, and France following the success of their trial runs in Africa. During these tests, users only become aware of an attack only when they are locked out of their systems and instructed to negotiate a ransom on the dark web. If victims refuse, the stolen data is published.

Local cybercriminals want to get in on the game

However, not all cyber gangs are so methodical or have long term goals. Some gangs are opportunistic. Targeting developing countries because local hackers can cheaply acquire ransomware and conduct smaller attacks without needing deep IT security knowledge and experience. Gangs like Medusa will often sell their tools to less sophisticated hackers, who use them against ‘easier’ targets. 

Expanding their reach

Cyber gangs often perfect their methods locally before exporting them to regions with similar languages, such as Brazil to Portugal. Rapid digital adoption in Africa is outpacing the development of robust cybersecurity measures, creating a gap that cybercriminals exploit. This highlights the need for businesses and individuals worldwide to stay vigilant and invest in strong cybersecurity measures, including antimalware tools like Panda Dome, to protect against these evolving threats.

As cyber attackers continue to test and refine their techniques in developing countries, everyone must prioritize cybersecurity to safeguard against increasingly sophisticated threats.

The post Ransomware gangs testing in developing nations before striking richer countries appeared first on Panda Security Mediacenter.

In a significant move towards bolstering cybersecurity, the UK has introduced the Product Security and Telecommunications Infrastructure Act (PSTI). This new legislation sets stringent new standards for internet-connected devices. From the beginning of June, manufacturers are required to ensure that tech gadgets come with unique default passwords or allow users to set their own. 

This groundbreaking legislation aims to curb the security vulnerabilities that plague many consumer electronics by making it much harder for hackers to break into smart devices. 

Tackling the Password Problem

Default passwords have long been a weak link in the security chain. Often, these passwords are easy to guess (“password”). They are also widely known – most manufacturers publish default passwords online in their help documentation. Both of these factors making devices more susceptible to hacking. 

Under the new PSTI Act, each device must have a unique default password when it is shipped. Or the user must be prompted to create a secure one during initial setup. This change targets a wide array of internet of things (IoT) devices. Such as smart TVs, WiFI plugs, and smart speakers. Which have become integral to modern living but are frequently targeted due to poor security practices.

Once compromised, smart home devices can be used to attack other devices inside the home network, or to join a zombie botnet for other cybercriminal activities.

Reporting and Accountability

The updated law also mandates that manufacturers make it easy for device owners to report security issues. Companies must now provide clear guidelines on how consumers can report vulnerabilities and what they can expect the manufacturer to do. This should help create a more transparent and responsive ecosystem. Where the company promptly addresses security issues and informs users when patches and fixes become available.

Stiff Penalties for Non-Compliance

The PSTI imposes severe penalties for companies that fail to comply with the new law. They could face fines up to £10 million (approximately $12.5 million USD). Or 4% of their global revenue, whichever is higher. The designers of these hefty fines aim to incentivize manufacturers to prioritize security and invest in robust protections for their devices that better protect their users.

The Bigger Picture: IoT Security

While the new law targets all internet-connected devices, IoT gadgets are a primary focus. These devices, especially the cheapest white-label options, have historically been easy targets for cyber-attacks. The infamous Mirai botnet attack, which used compromised IoT devices to launch a massive Distributed Denial of Service (DDoS) attack, highlighted the catastrophic potential of unsecured devices. 

By eliminating default passwords, the UK hopes to somewhat reduce such risks and enhance overall cybersecurity.

A Global Effort

The UK’s proactive stance on device security is part of a broader global effort. In the United States, the Federal Communications Commission (FCC) is introducing the Cyber Trust Mark program. Similar to the well-known Energy Star program. This initiative will provide products that meet stringent security standards, including strong default passwords, with a new label designed to help consumers make informed choices.

Challenges Ahead

Despite these legislative efforts, challenges remain. Unlike Energy Star, which offers clear benefits like reduced utility bills. The advantages of enhanced cybersecurity are less tangible for the average consumer. Many people may not immediately see how a secure smart bulb is essential to protecting the rest of their home network. This lack of awareness could impact the effectiveness of programs like the Cyber Trust Mark which are entirely voluntary for manufacturers to join.

A step in the right direction

The PSTI Act is a crucial step forward in the battle against cyber threats. By eliminating default passwords and promoting transparency in security reporting, the law will create a safer digital environment – at home and across the wider internet. As technology continues to evolve, such measures are essential in safeguarding the vast network of connected devices that form the backbone of our modern lives.

The post UK Strengthens Cybersecurity with New Law Targeting Default Passwords appeared first on Panda Security Mediacenter.