A group of security researchers has uncovered a concerning security flaw in certain hotel keycard systems. Nicknamed ‘Unsaflok’, their technique uses vulnerabilities in a specific brand of RFID-based keycard locks commonly used in hotels worldwide to ‘trick’ a smartlock into opening for an unauthorized user. Exploiting this security weakness means that anyone with the right equipment could break in and rob hotel guests.

How does the hack work?

The Unsaflok technique exploits weaknesses in encryption protocols and RFID technology used by these keycard systems. By obtaining any keycard from a target hotel and using a relatively affordable RFID read-write device, hackers create two keycards. Tapping the first card overwrites certain settings stored in the target lock itself. The second then unlocks the door, allowing the hacker to gain access. Shockingly, this process takes less than 30 seconds.

Even more concerning is that the compromised cards will also unlock the door’s deadbolt.

Am I in danger?

Clearly this is a serious problem, particularly when you realize that the affected locks are installed on millions of hotel room doors across the world. The security of guest rooms, hotel property, and guest safety could be threatened. And all it takes is two taps of compromised keycards.

The hacking group who ‘discovered’ this technique have chosen not to publicly disclose full details of the exploit. Instead they have worked with the manufacturer of the affected door locks to develop a fix which has proven to be effective.

There is one potential problem however – every single door lock must be visited and updated. Each affected hotel will also need to upgrade their keycard management system software.

While the manufacturer is actively working on mitigating these vulnerabilities, only a fraction of installed systems have been updated. Hotels and their guests continue to be at risk until the updates have been rolled out.

How can I protect myself against Unsaflok?

Whenever you check into a hotel for the first time, take a look at the lock on your door. If there is a wavy line across the round RFID reader, the lock may be vulnerable. You may also consider using a security tool like the NFC Taginfo app which can “read” your keycard and identify if it is still vulnerable to Unsaflok-like attacks. 

You should also follow the usual precautionary measures such as securing valuables in the hotel safe. When you are inside your room, use any additional door locks and chains if they are provided. And if your keycard is lost or stolen, report the incident to hotel reception as soon as possible.

The Unsaflok revelation serves as a reminder of the evolving nature of cybersecurity threats. It should also remind travelers of the importance of remaining vigilant to avoid becoming the victim of crime.

Read also: Data Privacy: A Guide for Individuals & Families

The post Hackers outsmart smart locks appeared first on Panda Security Mediacenter.

A British cybersecurity expert has called for a ban on ransomware payments to hackers. In an article for The Times, Ciaran Martin, former CEO of the UK’s National Cyber Security Centre (NCSC), has called for the government to outlaw the practice.

Under Martin’s proposal, ransom payments would be made illegal. Any businesses making a payment to ransomware scammers would be prosecuted.

Why should ransom payments be made illegal?

Ransomware is one of the most significant cybersecurity threats today. According to one report, more than $1bn was paid in ransoms in 2023 – and they expect that figure to rise again this year. For hackers, ransomware is a cheap, easy way to generate a lot of money – fast.

Seeing so many ransoms being paid encourages other cybercriminals to launch their own digital extortion campaigns. But Martin believes that if businesses are banned from making payments, financially-motivated ransomware attacks will stop because criminals will no longer be able to receive payment.

As one threat analyst commented, “For as long as ransomware payments remain lawful, cybercriminals will do whatever it takes to collect them. The only solution is to financially disincentivize attacks by completely prohibiting the payment of demands. At this point, a ban is the only approach that is likely to work.”

With no way to pay, and no prospect of receiving payment, criminals will stop using ransomware.

Does everyone agree?

Official UK government advice already states that victims should not pay any ransoms. But the reality is that many businesses could collapse if they are unable to access their IT systems. There is an implicit understanding that in some cases, paying a ransom is the only way out of the situation.

Experts believe that making it illegal to pay ransoms will simply accelerate this trend, bankrupting victims who have no other way of recovering their data. It will take time for new laws to take effect. And ransomware attacks are likely to continue for some time afterwards.

Other sources suggest that victims will simply continue to pay ransoms illegally. Should this happen, both victim and attacker become criminals. Any company paying an illegal ransom also opens themselves to becoming a target for blackmail.

Will anything change?

For the moment, no. Facing pressure from those for and against banning ransom payments, the UK government does not currently have any plans to address the situation in law. It is also worth noting that any such ban would only apply to British companies. Leaving ransomware criminals to target organizations anywhere else.

However, should one nation take a step towards banning ransom payments, it is likely that others follow. Stamping out cybercrime will take coordinated cooperation, but we have seen in the recent past that it can be made to work.

Whether ransom payments are outlawed or not, our advice remains the same. Always ensure that all your devices are properly protected with an antimalware solution like Panda Dome.

The post Is the UK about to ban ransomware payments? appeared first on Panda Security Mediacenter.

Consumers in the U.S. will soon see IoT devices sold with a strange little logo on the box called the U.S. Cyber Trust Mark. The label will be the equivalent of the Energy Star logo but for cybersecurity-conscious customers. It will be in the shape of a midlevel shield with a string of connected squares on it.  

While the Energy Star logo gives confidence to buyers who care about the environment, the U.S. Cyber Trust Mark will aim to provide the same peace of mind for tech junkies who want to make sure that the products they buy are built to the highest cyber security standards. 

The need for trustworthy products

Differentiating trustworthy products in the marketplace has never been more critical. As experts believe there will be approximately 30 billion connected devices globally by the end of this decade.

Implementation and standards

The first logo appearances will be on wireless consumer IoT products that meet the program’s cybersecurity standards. Also will be accompanied by a QR code explaining the details of the security of the product they are purchasing. 

Connected devices that have met the robust FCC cyber security standards will proudly display the U.S. Cyber Trust Mark on their packaging, with the first logo sightings expected this year. The government hopes this will protect hard-working families from buying products that are not cyber-secure enough. 

Government initiatives and industry participation

The new label program encourages large manufacturers of connected devices, retailers, and federal partners to take advantage of the new logo and proudly display it on products that meet FCC’s cyber security standards. The logo display is voluntary. But the FCC hopes that with time, more and more consumers will demand it from manufacturers. And the program will get mass adoption. Compliance testing, which would allow manufacturers to legally include the cyber security logo on products, will be done by accredited labs.

Combatting Cyber Threats

Over the last few years, many high-profile attacks have come from armies of unsecured IoT devices. Mainly consisting of compromised home security cameras, WiFi routers, fitness trackers, and other connected devices released to consumers with cyber security holes and inadequate tech support. 

Hackers use IoT botnets of infected devices to launch DDoS attacks that often disrupt federal and private business organizations. In most cases, consumers don’t even know that the products they use at home or work are infected.  And part of bot armies terrorizing different targets worldwide. 

The U.S. government hopes that the new logo and companies’ efforts to obtain it will tackle botnets and decrease the number of devices with weak cyber security reaching the hands of U.S. consumers.

Read also: Cybersecurity survey: 36% of Europeans don’t even have an IoT device

The post What is the U.S. Cyber Trust Mark? appeared first on Panda Security Mediacenter.

Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC of malware. 

If you think your PC or Mac has a malware infection, follow the steps below to remove it.

Table of contents:

• How to Remove Malware From a Mac
• How to Remove Malware From a PC
• What Is Malware?
• How Your Devices Become Infected With Malware
• What If Malware Removal Doesn’t Work?
• How to Protect Your Devices From Malware
• Malware Removal FAQ

How to Remove Malware From a Mac 

Step 1: Disconnect From Wi-Fi 

Before you do anything else on your Mac, you must disconnect from Wi-Fi to keep it from transmitting any of your information back to the malware server or infecting other devices. 

To do so, click the Wi-Fi symbol in the top right corner of the screen and toggle the Wi-Fi switch to off.

If you need to go online to download a tool, immediately disconnect once it finishes and stay offline from that point forward. It may help to print these instructions before disconnecting. 

Step 2: Engage Safe Mode 

Isolate any issues with your Mac by entering safe mode. Do this by starting or restarting your device, then immediately hold the shift key. The Apple logo should appear on your screen. If this doesn’t work, defer to Apple support. 

Step 3: Refrain From Logging Into Accounts 

Many forms of malware aim to access your sensitive information. They do this by poaching your login credentials after tracking your keystrokes or lifting your password from your screen or clipboard. Prevent losing any login info by avoiding logging in at all. 

Step 4: Delete Temporary Files

Before you erase temporary files that may have been installed by malware, close any apps you have open by right-clicking them and selecting “Quit.”

Step 1: Open Finder from the dock.

Step 2: From Finder, select Go in the top bar, then Go to Folder.

Step 3: In the Go to Folder box, type or copy and paste ~/Library/ and open the Library.

Step 4: Go to the Caches folder.

Step 5: Select all cache files by pressing Command + A, then right-click and Move to Trash.

Step 6: Empty the trash.

Step 5: Check Your Activity Monitor 

If you think you have malicious software on your Mac, then you must find it in the Activity Monitor and stop it. Through the Activity Monitor, you can see all the applications running on your computer and how each one affects its performance. Locate the malicious software and delete it through the Finder. 

Step 1: In Finder, select Applications.

Step 2: Select Utilities. 

Step 3: Go to the Activity Monitor.

Step 4: Double-click suspicious or unknown applications and then click Quit.

Step 6: Run a Malware Scanner

Now you’re ready to actually cure your Mac of its malware infection. Luckily, running a malware scanner is usually enough to get rid of most standard infections. If you already have an antivirus program on your device, you should download an on-demand malware scanner that’s different from what you’re using for antivirus. 

Download a scanner from a reliable source, such as Panda’s Cloud Cleaner, run it and then install security software that works constantly in the background to protect you from existing and emerging security threats. Programs like Panda’s Antivirus for Mac work great for this. 

Step 7: Fix Your Web Browser 

In many cases, malware will modify the homepage of your internet browser so that it can reinfect your device, show you lots of ads and slow down your browsing. Verify that the homepage address is legitimate and then move on to check your browser for malicious extensions. We cover this in our guide to removing the Chromium Virus, but you can review the basics below. 

Fix your web browser on Safari 

Step 1: In the Safari dropdown menu at the top left of your screen, select Settings.

Step 2: Select Extensions.

Step 3: Find recent suspicious extensions and click Uninstall.

Fix your web browser on Chrome

Step 1: Click the menu icon on Chrome (three little dots in the top right-hand corner).

Step 2: Hover over Extensions and select Manage Extensions.

Step 3: Locate unknown or suspicious browser extensions and select Remove.

Step 8: Clear Your Cache

After you’ve checked your browser’s homepage and removed any suspicious extensions, clear your cache of any downloads that may have infected your computer in the first place. 

Clear your cache on Safari 

Step 1: Open Safari Settings.

Step 2: Click Privacy. 

Step 3: Select Manage Website Data. 

Step 4: Select Remove All.

How to clear your cache on Chrome

Step 1: Go to the menu dropdown on Chrome and click History.

Step 2: Click Clear Browsing Data.

Step 3: In Time Range check All Time. 

Step 4: Select Clear Data.

How to Remove Malware From a PC

Step 1: Disconnect Your PC From the Internet

Before you do anything else, disconnect your PC from the internet so your computer can communicate with the malware server that might be controlling it, and so it can’t transmit any of your personal information it may have collected. If you have to download a tool to help remove the malware, do it quickly and immediately disconnect from the internet when it’s finished. Do your best to stay offline.

Step 2: Enter Safe Mode 

Isolate any issues with your PC by rebooting it in safe mode. This allows your computer to perform checks while it runs on the minimum number of programs it needs to operate. 

Step 1: Restart your PC.

Step 2: When you see the sign-in screen, hold down the Shift key and select Power → Restart.

Step 3: After your PC restarts, go to the Choose an option screen and select Troubleshoot, then Advanced Options and then Startup Settings.

Step 4: On the next screen, click Restart and wait for the next screen to load.

Step 5: A menu will appear with numbered startup options. Select number 4 or F4 to start your PC in safe mode.

Step 3: Refrain From Logging Into Accounts 

The goal of many forms of malware is to gain access to your sensitive information. They do this by poaching your login credentials by tracking your keystrokes or lifting your password from your screen or clipboard. Prevent the loss of any login info by avoiding logging in at all. 

Step 4: Delete Temporary Files

Speed up your scan for viruses and free up some disc space by deleting temporary files. 

Step 1: Search for the Disk Cleanup app and run it.

Step 2: Select the drive you want to clean up.

Step 3: Click Clean up system files to select the file types you want to delete.

Step 5: Check Your Task Manager 

If you think you have malicious software on your PC, then you need to find it in the Activity Monitor and stop it from running. Through the Activity Monitor, you can see all of the applications running on your computer and how each one affects its performance.

Step 1: Go to your search bar and type in Task Manager to find the app.

Step 2: Locate unknown or suspicious apps under Processes.

Step 3: Right-click on the apps you want to close and select End task.

Step 6: Run a Malware Scanner

Now you’re ready to actually cure your PC of its malware infection. Luckily, running a malware scanner is usually enough to rid your computer of standard infections. If you already have an antivirus program on your device, you should download an on-demand malware scanner on top of what you’re using for antivirus. 

Download a scanner from a reliable source, such as Panda’s Cloud Cleaner, run it, and then install security software that works constantly in the background and protects you against existing and emerging security threats. Programs like Panda’s Antivirus for PC work great for this. 

Step 7: Fix Your Web Browser 

If you’ve been infected with malware, it may try to modify your internet browser so that it can reinfect your device, show you pop-up ads and slow down your browsing. Check that the homepage address is the right one, and then move on to check your internet browser for malicious extensions. We covered this before in our guide to removing the Chromium Virus, but you can review the basics below:

How to fix your web browser on Google Chrome

Step 1: In the Chrome menu, select Manage Extensions.

Step 2: Remove suspicious or unknown extensions. 

Step 3: Locate unknown or suspicious browser extensions suspicious and select Remove.

Step 8: Clear Your Cache

How to clear your cache on Chrome

Step 1: Go to the menu dropdown on Chrome and click History.

Step 2: Click Clear Browsing Data.

Step 3: In Time Range check All Time.

Step 4: Select Clear Data.

What Is Malware?

Malware (short for malicious software) can manifest in various forms: spyware, legitimate programs bundled with viruses, backdoors, worms, adware, ransomware, trojans and more. No matter what form it takes, malware aims to profit from your misfortune, either by stealing your personal information and selling it on the dark web or by encrypting your data, locking you out until you pay a ransom to regain access. 

Malware can find its way onto your devices — both PCs and Macs are vulnerable — in several ways, potentially exposing your social security numbers, debit and credit card information, login information, and bank account data. This is why being able to recognize the symptoms of an infected device is vital to protecting your personally identifiable information and fending off identity theft. 

How Your Devices Become Infected With Malware

So how does malware infect a computer? There are plenty of ways to fall victim to a malware infection. Sometimes it can be as simple as visiting a malicious website or clicking a fake link in an email scam. Oftentimes, these infection attempts will try to instill a sense of urgency to install software or download a file containing a hidden virus. Be sure to exercise caution online and be wary of clicking any unfamiliar links or emails. 

Malware can infect both Macs and PCs. Although PCs are more commonly known for this vulnerability, Macs can be just as susceptible. No matter which type of device you have, it’s important to be aware of the threat of malware.

If your Mac or PC has malware, it may show symptoms such as:

• Slower than usual performance
• A tool or plug-in in your browser that you didn’t install 
• Pop-up ads that are hard to close, contain offensive content, or are generally annoying, even outside your internet browser
• General out-of-the-ordinary function 

What If Malware Removal Doesn’t Work?

Sometimes malware infections can be present even after all these steps. If you believe your device is still infected, you’ll need to completely wipe your hard drive and reinstall your operating system. Before doing this, it’s a good idea to consult the Apple or Microsoft support teams to ensure you take the correct steps. 

How to Protect Your Devices From Malware

Developing a keen eye for suspicious activity online is the best way to protect yourself and your devices from a malware infection or other viruses. There are already plenty of ways that malware can find its way onto your computer, and there are more types of malware being created all the time. Some best practices to defend your computer and your information against a breach are:

• Create stronger passwords 
• Delete files from your downloads and trash often 
• Update your operating system and applications when prompted 
• Avoid suspicious emails, links and websites
• Upgrade your antivirus 

Malware is a threat to any device connected to the internet and hackers are getting more creative with how they infect them. Exercising your best judgment online, knowing the signs of a malware infection and acting quickly when you think your device is infected are some of the best ways to protect your information online — in addition to strong malware detection and antivirus software. Be sure to check out how Panda Security helps protect your devices and your information online with great tools like free antivirus software.  

Malware Removal FAQ

Still have questions about how to tackle a malware infection? Keep reading for answers to common questions.

What Is the Best Way to Remove Malware for Free?

To remove malware for free, start by downloading and running a free malware scanner. If it can’t detect a virus, you’ll have to remove it yourself. To do so, delete suspicious applications and extensions, clear your cache and erase temporary files from your device. 

Can Malware Be Deleted?

If malware can be detected, it can often be deleted using the steps listed in this article. In rare cases, you may need to wipe your hard drive and reinstall your operating system to rid your device of viruses. 

What Should Be Used to Remove Malware?

Malware can be removed by deleting suspicious programs, files, extensions or applications that may have infected your computer. You can also use a malware scanner to locate and remove certain viruses. 

How Do I Check for Malware?

To check for malware, disconnect from the internet and search your computer for any programs, applications or browser extensions you don’t recognize. If nothing turns up, install and run a safe, reliable malware scanner. 

Sources:

PC Mag I PC World I MalwareTips I Apple

The post How to Remove Malware From a Mac or PC appeared first on Panda Security Mediacenter.

Research conducted by Channel 4 News, a UK nightly news show, has uncovered a massive explosion in deepfake pornography. According to the program, more than 4000 celebrities have had their likenesses used to create pornographic images and videos.

With generative artificial intelligence (AI) tools users are able to ‘map’ faces of well-known celebrities onto existing pornographic videos. This then gives the impression that the celebrity has participated willingly in the films.

What is going on?

As with all new technologies, someone, somewhere is always looking for a way to exploit it. Deepfake videos have been used to recreate concerts by music legends or resurrect long-dead movie stars. But the same technology can be used to create and share illegal content online – such as deepfake pornography.

Channel 4’s investigation into the five most popular deepfake websites discovered that more than 4000 individuals had had their likenesses stolen and reused in fabricated nude images. Of these, 252 were identified as coming from the UK, including female actors, TV stars, musicians and YouTubers.

The program also recounts how in 2016 there was just one deepfake pornography video posted online. In the first three-quarters of 2023, 143,733 new deepfake porn videos were uploaded to the 40 most used deepfake pornography sites – more than in all the previous years combined.

Are deepfakes legal?

Most experts agree that being a victim of deepfake pornography is deeply distressing, humiliating and dehumanizing. Unsurprisingly, governments across the world are working to better combat deepfakes and protect victims. 

In the UK, sharing deepfake porn without the permission of the person depicted is now illegal under the Online Safety Act. However, no one has yet been arrested or prosecuted for doing so. Notably, it is not illegal to create deepfake imagery – it is sharing that content which is banned.

What are the web giants doing about deepfakes?

Most web content hosts are still struggling to meet their obligations regarding detecting and removing deepfake content, but it seems that Google is leading the way. Speaking to Channel 4, a spokesperson said;

“Under our policies, people can have pages that feature this content and include their likeness removed from search. And while this is a technical challenge for search engines, we’re actively developing additional safeguards on Google search – including tools to help people protect themselves at scale, along with ranking improvements to address this content broadly.”

This offers victims some level of protection – but only after the deepfake content has begun circulate online. 

The battle against deepfake content continues to evolve, as does generative artificial intelligence. Legal frameworks like the Online Safety Act do provide some safeguards – and should help to deter some would be pornographers. But with so many different legal standards across the globe, it will remain difficult for service providers to properly police the content being uploaded and viewed by their users.

The post Deepfake pornography explosion appeared first on Panda Security Mediacenter.

When a virtual private network (VPN) works properly, it prevents your online activity from being tracked. To do this, it connects your devices to remote servers and encrypts your data streams, preventing your internet service provider (ISP) from reading your online activity. However, VPNs don’t always work perfectly, and a failed VPN can open the door to a number of security issues.

Even if your VPN app says you’re connected, there could still be a leak. This may leave you wondering, “Is my VPN working?” Luckily, you can perform several quick tests to check if your VPN is working properly and spot any potential vulnerabilities that may be causing issues.

Table of Contents: 

• How Do I Know if My VPN Is Working?
• How to Check Your IP Address for Leaks
• How to Check for DNS Leaks
• How to Check for WebRTC Leaks
• How to Check if Your VPN Connection Is Blocked
• Common Types of VPN Leaks
• What to Do if Your VPN Is Not Working
• Tips to Protect Your VPN Software

How Do I Know if My VPN Is Working?

When a device is properly connected to a VPN, its IP address should reflect the location of the VPN server it’s connected to. If your IP address shows your device’s actual IP while connected to a VPN, you may have a leak.

If you’re not sure whether or not your VPN is working properly, there are a few things you can do to check for potential vulnerabilities. To start, we’ll walk through how to check different types of VPN leaks and explain how to test for each one.

How to Check Your IP Address for Leaks

One of a VPN’s primary functions is to keep your IP address hidden, and a simple manual IP leak test can reveal whether your IP address is secure or not. Follow the steps below to test your VPN for an IP leak: 

Step 1: Go to Google, type “What is my IP?” and write down your IP address.

Step 2: Open your VPN application and activate your VPN. 

Step 3: Look up your IP address again on Google. You can confirm your changed IP address by comparing your original IP address (before you connected to the VPN) to the new IP address (after connecting to the VPN.) 

Step 4: If your IP address remains the same even after connecting to the VPN, you have a VPN leak.  

How to Fix an IP Leak

If your true IP address leaks through the VPN, here is what you can try to fix it:

• Restart your VPN application and device. This can sometimes resolve temporary glitches.
• Ensure you’re properly connected to the VPN server.

• Temporarily disable your firewall or antivirus to see if it fixes the leak. If it does, consult your software documentation or firewall settings to adjust them for VPN compatibility.

How to Check for DNS Leaks

Checking for DNS leaks is similar to testing your VPN for a protected IP address. They’re easy to spot manually by searching geo-restricted sites with your server set in a different location. Use the manual DNS leak test to uncover an unarmed VPN.

Step 1: Access and sign in to your VPN account. This will change your original IP address. 

Step 2: Head over to a geo-restricted website. For example, Netflix.com is available in over 190 countries but the content differs depending on your location. If you are unable to access the website with content exclusively available in some other country, you likely have a DNS leak.

To catch any vulnerabilities that might have slipped through the cracks, it’s a good idea to go a step further and test with a tool like DNSLeakTest.

Step 3: With your VPN turned off, head to DNSLeakTest.com, which will show your IP address and general location. Select the “Standard Test” option.

Step 4: Check the IP addresses of the domains that show up. Take a photo or write them down.

Step 5: Turn your VPN on and run a new test. The IP addresses displayed should be different from those that appeared in the first step. If they’re not, you likely have a DNS leak.

How to Fix a DNS Leak

If you think you have a DNS leak, secure your connection with these steps:

• Check your VPN settings: If you discover a DNS leak, the first step is to check your VPN settings. Many VPNs offer built-in DNS leak protection. Ensure this feature is enabled. You might also be able to configure your VPN to use its own private DNS servers, further improving security.
• Update or reinstall your VPN: Outdated VPN software can sometimes lead to leaks. Make sure you’re using the latest version of your VPN application. If the problem persists after updating, try reinstalling the VPN entirely. This can fix internal software problems that might be causing the leak.
• Contact your VPN provider: If neither of the above solutions work, contact your VPN provider’s customer support. They may have specific troubleshooting steps for your situation or offer alternative configurations to prevent DNS leaks.

You might also consider switching to a more secure VPN provider — you’ll want to find one with its own encrypted DNS servers. This ensures your VPN won’t reveal your DNS information to third parties.

How to Check for WebRTC Leaks

A WebRTC leak occurs when your browser displays your actual IP address, even when your VPN is enabled. Follow the three WebRTC leak test steps to find out if you have this type of leak.

Step 1: Turn your VPN off and head to BrowserLeaks.com. You should see your actual IP address under Public IP Address.

Step 2: Connect to your VPN and refresh the page. Under Public IP Address, you should see a different IP address listed, which would be the masked IP address of your VPN.

If you still see your actual IP address after the WebRTC test, your VPN is leaking your IP address when your browser makes WebRTC requests.

How to Fix a WebRTC Leak

WebRTC leaks can expose your true IP address, even when using a VPN. Here are a few ways to fix it:

• Disable WebRTC in your browser: This method requires some technical knowledge and also varies by browser. Keep in mind that disabling WebRTC in your browser may disable features like video calls.
• Use a VPN with WebRTC protection: If you consider switching to a new VPN, look for a service that specifically advertises WebRTC leak protection. Many popular VPN providers offer this feature.

How to Check if Your VPN Connection Is Blocked

Sometimes websites restrict access for VPN users, forcing you to disconnect to view their content. This can be frustrating, especially when you’re traveling and want to access geo-restricted content from home.

Here’s a quick way to check if your VPN is blocked:

• Try accessing a website: Connect to your VPN and attempt to access a website you suspect might be blocking VPN users.
• Check for access denied: If the website displays an error message about VPN usage or restricts access, your VPN might be blocked.

Here’s what you can do if your VPN is blocked:

• Switch servers: Some VPNs offer obfuscated servers specifically designed to bypass website restrictions. Try connecting to one of these servers and revisit the website.
• Use a dedicated IP address: Another option is to use a dedicated IP address from your VPN provider. This assigns a unique IP address only to you, making it less likely to be flagged as a VPN.

If switching servers or using a dedicated IP grants you access to the website, your VPN is functioning properly. It’s just the website itself that’s restricting VPN connections.

How to Run a Speed Test

A VPN adds some security overhead, which can slightly slow down your internet connection. Here’s how to measure the impact on your internet speed:

Step 1: Disconnect your VPN: Temporarily disconnect from your VPN. This establishes a baseline for your internet speed without the VPN affecting it.

Step 2: Run a speed test: Visit a website like Speedtest.net. Click the “GO” button and wait for the test to finish. This will measure your download speed, upload speed and ping (latency).

Step 3: Reconnect your VPN: Connect to your VPN server of choice.

Step 4: Run another speed test: Repeat the speed test, then compare the results to your baseline test from before.

Common Types of VPN Leaks

Users typically subscribe to VPN providers thinking that the service they pay for will protect their online privacy. A VPN test that points to your information being leaked can be unsettling. There are three types of VPN leaks that can occur, and being able to identify them helps users be prepared to fix any leaks they find.

IP Leak

An Internet Protocol (IP) address is a unique string of numbers assigned to any device connected to the internet. As you browse the internet, your IP address is linked to your searches, clicks, visits and geographical location. Masking IP addresses is one of the most popular reasons for using a VPN, and when a leak occurs, your IP address becomes vulnerable.

DNS Leak

A Domain Name System (DNS) server functions like a translator. Its job is to translate a request for a website into a specific IP number, allowing users to navigate the internet with ease. This system is in place so you don’t have to memorize an IP address every time you visit a website — all you need to do is remember a website’s name.

When you browse the internet, DNS requests are sent to fetch the IP addresses of the domains you want to visit. Without a VPN, these requests go through the unsecured tunnel of your ISP, giving your ISP a detailed browsing history of every DNS request you send. If your VPN has a DNS leak, your browsing history, IP address, and ISP location will be revealed.

WebRTC Leak

Web Real-Time Communication (WebRTC) essentially allows for instantaneous video, voice and message sharing within the browser. In other words, it’s a technology that lets web browsers directly communicate with each other online.

This is very helpful for peer-to-peer, browser-based communication, but users have found that WebRTC opens up vulnerabilities in VPNs. A WebRTC leak occurs when your browser reveals your IP address when making WebRTC requests, even while connected to a VPN. With just a few lines of code, any site can expose your IP address and location.

If the IP addresses didn’t change after you turned your back VPN on, you might have a DNS leak.

What to Do if Your VPN Is Not Working 

If you’ve performed the VPN tests above and you’re still having issues, there are a handful of other reasons why your VPN isn’t working properly. Before you give up, try these tips: 

• Ensure a stable internet connection: Make sure your internet connection is working and that you’ve entered the correct username and password for your VPN. A simple restart of your device and the VPN application can often resolve connection glitches.
• Verify server status: The VPN server you’re trying to connect to might be experiencing downtime. Check your VPN provider’s website for information on server status.
• Reset settings: Try switching to a different VPN protocol (e.g., OpenVPN, IKEv2) or port number. You can find these options within your VPN application settings, or consult your provider’s guide for available options.
• Update and reinstall: Ensure you’re using the latest version of the VPN application. Outdated software can cause connection problems. If the issue persists, try reinstalling the VPN application entirely. This can fix internal software problems.
• Run a leak test: Leaks can expose your true IP address or location even when connected to a VPN. Use a free online leak test to see if your VPN is working properly.
• Seek support: If none of these tips work, contact your VPN provider’s customer support for further assistance. They may have specific troubleshooting steps or offer alternative configurations to get your VPN working smoothly.

Tips to Protect Your VPN Software 

Ideally, your VPN software runs automatically and won’t require much manual attention from you. However, periodically checking that your software is running properly can help you catch any vulnerabilities ahead of time. Use the tips below to ensure your VPN is working to the best of its ability.

• Frequently check your VPN by running the manual tests outlined above.
• Verify that your VPN provider supports IPv6 addresses so that IP leaks will not happen.
• Check whether your VPN provider automatically blocks DNS leaks. Some do and some don’t — if yours doesn’t, you might want to switch to a provider that provides this service for more security.
• Disable WebRTC in your browser or add an extension to prevent WebRTC leaks.

Whether you’re seeking more control over your online privacy or you would like to watch video content from other countries, a free VPN service is a great tool for quickly and effectively securing your location and online activity. To keep your browsing history leak-free and protected, ask yourself, “Is my VPN working?” and be sure to check your connections frequently.

Sources: Global Sign | PC Mag | Secure Thoughts | Life Hacker

The post Is My VPN Working? How to Test for VPN Leaks appeared first on Panda Security Mediacenter.

Rewards For Justice (RFJ), a U.S. government interagency rewards program. Offers up to $10 million reward for any information that could lead to the identification or location of any person from the ALPHV cyber gang, also known as BlackCat, who attacks U.S. critical infrastructure.

The reward offered by the intelligence-driven law enforcement government program is similar to what the RFJ provides for information about high-profile Yemeni and Saudi terrorist elements and al-Qa’ida members.

Targeting critical infrastructure and the change healthcare attack

The U.S. government takes attacks on critical infrastructure very seriously. As such activities violate the Computer Fraud and Abuse Act (CFAA). RFJ’s sudden attention to the cyber gang is likely a response to the recent cyberattack on UnitedHealth’s sub-company Change Healthcare. Affiliates of the hacker organization stole approximately six terabytes of data during a security incident earlier this year.

Change Healthcare operates the largest financial and administrative information exchange in the United States and was hit by bad actors in February 2024. The attack was massive and disruptive, with some partner healthcare providers claiming to lose upwards of $100 million per day because of the breach. Even though many believe UnitedHealth paid a $22 million ransom to the hackers, the health insurance company is still dealing with the fallout after the attack and is working on processing over $14 billion in claims.

BlackCat: A RaaS gang behind major attacks

BlackCat, also known as ALPHV and Noberus, is a ransomware-as-a-service (RaaS) cyber gang. And it has been somehow connected to some of the most significant ransomware attacks over the last few years. The popular cyber gang provides its ransomware malicious code to affiliates, who then attack organizations for monetary gain. Affiliates of the popular cyber gang were behind the attack on Reddit and the breaches of MGM Resorts International and Caesars Entertainment.

In an eyebrow-raising twist, the affiliates responsible for the UnitedHealth heist might have been scammed out of the money themselves. As soon after BlackCat confirmed receipt of the $22 million ransom, decided to pull an exit scam and run away with the digital funds, as the group now displays a fake banner saying that the FBI and other criminal agencies have seized the server. Usually, after a victim pays a ransom, the BlackCat gang splits the money with the affiliates who executed the attack. But in this case, the BlackCat decided not to split the payment and move on with their lives. Essentially scamming the people who pulled out the heist.

Read also: FBI makes a move against ALPHV/Blackcat, the cybergang fights back

Unmasking BlackCat: RFJ seeks information

The location of the gang leaders and the affiliates associated with the attack remains unknown. U.S. government agencies hope that the $10 million reward offered by RFJ will help law enforcement agencies finally have a breakthrough on the criminal organization. Organization that has been torturing both government and private organizations in the U.S. and abroad for years.

The scope of the hacker organization’s attacks is so massive and sophisticated. Because of that, RFJ believes the RaaS organization is likely acting under the direction or control of a foreign government. However, the RFJ reward notice does not name specific countries that could be supporting the ALPHV BlackCat hacker group.

The post Rewards For Justice offers up to $10 million reward for info on ALPHV BlackCat hacker group leaders appeared first on Panda Security Mediacenter.

A new smart home security standard is due to launch in the second half of this year. That’s according to a recent announcement by the Connectivity Standards Alliance (CSA), the organization behind the cross-platform “Matter” smart home technology.

This new, voluntary framework will allow smart home/IoT manufacturers to have their devices tested and certified for compliance against a common security standard. Devices that pass the certification testing will then be awarded the Product Security Verified (PSV) Mark.

Building trust in IoT

Security professionals have been warning about the potential risks associated with insecure smart home devices for several years. Indeed, the Panda Security blog has covered the issue of weak smart home security several times in the past.

This announcement from the Connectivity Standards Alliance is welcome news. Although the standard remains voluntary, it shows a willingness from manufacturers to take the issue of household security seriously. It also means that consumers will find it much easier to choose products that have been certified as meeting a certain standard of security.

What does the new standard mean?

In the US, there is already a ‘Cyber Trust Mark’ security standard that manufacturers can apply for. The new PSV mark seeks to go further by taking the US guidelines and combining similar requirements from other countries, such as Singapore and Europe.

In this way the CSA hopes to deliver a single security specification that can be quickly adopted and endorsed by governments across the world. Should this happen, manufacturers will have to complete only one certification process to sell their devices into multiple markets.

Encouragingly, the PSV mark has already been recognized by the government of Singapore. And the CSA has also announced they are in talks with authorities in the USA, EU and UK about endorsing the mark. Some reports suggest that these agreements are already almost complete.

What does the PSV Mark require?

Most of the basic PSV certification requirements are sensible – and much needed. To earn the mark, certified devices must: 

• Have a unique identity for each IoT Device
• Not use hardcoded default passwords
• Ensure the device securely stores any sensitive data
• Security-relevant information communications must also secure/encrypt
• Throughout the support period, the provider must supply secure software updates
• Organizations must secure development processes against supply chain attacks, including vulnerability management
• Documentation regarding security and the manufacturer support period must be published publicly. 

Most reputable vendors should already adhere to most of these requirements. However, the PSV Mark enables consumers to know exactly what they are getting when buying a new smart device.

As vocal advocates of increased privacy and security, Panda Security welcomes the new PSV Mark and look forward to its imminent release.

The post A new smart home security standard is coming appeared first on Panda Security Mediacenter.

The UK’s National Centre for Cyber Security (NCSC) is warning that Artificial Intelligence tools are set to power a new wave of cybercrime. According to their predictions, AI tools will allow hackers of all abilities to ‘do’ more. Which will create a surge in attacks in the near term.

Experienced hackers get smarter with AI

Building on their existing knowledge of AI and cybersecurity, experienced hackers are expected to use artificial intelligence in most of their criminal enterprises. Perhaps more worrying is the prediction that there will be increased activity in virtually every cybersecurity threat area – particularly social engineering, new malware development and data theft.

The NCSC is also warning that well-resourced criminal gangs will be able to build their own AI models to generate malware that can evade detection by current security filters. However, because this requires access to quality exploit data and samples of existing malware to ‘train’ the system. These activities will likely be restricted to major players, like nation states engaging in cyber warfare.

Novice hackers get started with AI

One of the most useful aspects of generative AI and large language models (LLM) like ChatGPT and DALL-E is that anyone can use them to produce good quality content. However, the same applies to malicious AI – virtually anyone can use them to create effective cybersecurity exploits.

The NCSC warning suggests that low-skill hackers, opportunists and hacktivists may begin using AI tools to engage in cybercrime. Of particular concern is the use of AI for social engineering attacks. Designed to steal passwords and other sensitive personal data. Experts caution that tools like ChatGPT can generate text for phishing emails for instance, allowing virtually anyone to launch a moderately effective campaign for minimal cost.

It is at this low-end of the scale where there is likely to be the greatest uplift in criminal activity between now and the end of 2025.

What about AI safeguards?

Most generative AI systems include safeguards to prevent users from generating malicious code or the like. You cannot use ChatGPT to write a ransomware exploit for instance.

However, free and Open Source artificial intelligence engines do exist. And highly skilled, well-funded hacking groups have already built their own safeguard-free AI models. With access to the ‘right’ training data, these models are more than capable of creating malware and the like.

It is important to realize that AI will not bring about a cybercrime apocalypse on its own. The tools used by hackers are unable to develop entirely new exploits. They can only use their training to refine and improve existing techniques. Most AI “powered” attacks in the coming months will simply be updates to exploits we already encounter every day. Humans are still an integral part of identifying and building new threats.

Be prepared

There is likely to be a surge in attacks in the next year, so it pays to be prepared. Download a free trial of Panda Dome and ensure that your devices are protected against current and future threats today.

The post UK Cybercrime agency warns AI will turbocharge hacking appeared first on Panda Security Mediacenter.

From deceptive emails and fake websites to social engineering tactics, there are numerous types of phishing attacks you can fall prey to. 

By familiarizing yourself with the types of phishing attacks, you can better recognize and avoid falling victim to these scams, protecting your personal and sensitive information from getting into the wrong hands. 

In this post, we’ll cover the different types of phishing attacks with examples and learn tips to prevent phishing attacks and stay secure in this ever-evolving digital landscape.

1. Email Phishing

Email phishing is a malicious technique cybercriminals use to trick individuals into revealing sensitive information or clicking on malicious links by impersonating legitimate entities via email. These deceptive emails often appear to be from trusted sources, such as government agencies or reputable companies.

These emails are often written with a sense of urgency, informing the recipient that a personal account has been compromised and they must respond immediately. 

Their objective is to elicit a certain action from the victim, such as clicking a malicious link that leads to a fake login page. After entering their credentials, victims unfortunately deliver their personal information straight into the scammer’s hands. 

Example of Email Phishing 

You receive an email appearing to be from Gmail customer care that ends with “@Gm@il.com” requesting urgent action to update your account information due to a security breach. The email contains a link that redirects you to a fake website resembling the legitimate Gmail login page. Upon entering your credentials, the scammers capture your sensitive information for fraudulent purposes.

2. Spear Phishing

Spear phishing involves sending malicious emails to specific individuals within an organization. Rather than sending out mass emails to thousands of recipients, this method targets certain employees at specifically chosen companies. These types of emails are often more personalized in order to make the victim believe they have a relationship with the sender. 

Example of Spear Phishing 

A group called Star Blizzard, linked to the Russian FSB, is using spear-phishing attacks to target specific individuals and organizations, including government agencies and defense companies in the U.S. and the U.K. They trick people into revealing sensitive information by sending deceptive emails. 

The U.S. National Security Agency and the U.K.’s NCSC have issued a warning to raise awareness and provide guidelines on how to protect against these attacks. Some of the recommended measures include using strong passwords, enabling multi-factor authentication, updating network and device security, being cautious of suspicious emails and links and using email scanning features to detect phishing attempts.

3. Whaling

Whaling is a type of cyberattack that targets high-profile individuals or executives within an organization, often referred to as “whales” due to their significance within the company. Unlike traditional phishing attacks that cast a wide net to lure in victims, whaling attacks are highly targeted and personalized.

This includes the CEO, CFO or any high-level executive with access to more sensitive data than lower-level employees. 

Oftentimes, these emails use a high-pressure situation to hook their victims, such as relaying a statement of the company being sued. This entices recipients to click the malicious link or attachment for more information. 

Example of Whaling

The CEO of a large corporation receives an urgent email from what appears to be the CFO, requesting sensitive financial information for an upcoming merger. Believing it’s a legitimate request from a trusted colleague, the CEO provides the information. However, the email was a whaling attack orchestrated by a cybercriminal who impersonated the CFO to gain access to sensitive company data.

4. Smishing

SMS phishing, or smishing, leverages text messages rather than email to carry out a phishing attack. They operate much in the same way as email-based phishing attacks: Attackers send texts from what seem to be legitimate sources (like trusted businesses) that contain malicious links. Links might be disguised as a coupon code (20% off your next order!) or an offer for a chance to win something like concert tickets. 

Example of Smishing

Researchers discovered a new phishing tool called SNS Sender, which uses Amazon Web Services to send scam texts pretending to be from USPS about failed deliveries. The suspected author of SNS Sender is known by the alias “ARDUINO_DAS.” 

The SNS Sender tool inserts links to fake USPS websites that collect victims’ personal information, like names, addresses, phone numbers, emails and credit card numbers. This technique of using cloud services for phishing attacks is a new and previously unseen method.

5. Vishing

Vishing, short for “voice phishing,” is a type of cyberattack where fraudsters use phone calls to deceive individuals into providing sensitive information or performing certain actions.

In a vishing attack, scammers pretend to contact on behalf of a bank, government agencies or tech support, using social engineering tactics to manipulate victims into disclosing personal or financial information, such as account numbers, passwords or verification codes. These attacks often exploit fear or urgency to pressure victims into compliance and can result in identity theft, financial loss or unauthorized access to sensitive accounts.

Example of Vishing 

You receive a phone call from a person claiming to be a representative from your bank’s fraud department. They inform you of suspicious activity on your account and advise you to provide your account details to verify your identity and prevent any fraudulent transactions.

Believing it to be a legitimate call, you comply and provide the requested information. However, the call was a vishing attack, and the caller was a cybercriminal who now has access to your sensitive financial data.

6. Business Email Compromise (CEO Fraud)

Business email compromise (BEC), also known as CEO fraud or email account compromise, is a form of phishing in which the attacker obtains access to the business email account of a high-ranking executive (like the CEO). 

With the compromised account at their disposal, they send emails to employees within the organization impersonating the CEO to initiate a fraudulent wire transfer or obtain money through fake invoices. 

Example of CEO Fraud

A finance department employee receives an email appearing to be from the CEO, requesting an urgent wire transfer to a vendor. Believing it’s legitimate, the employee initiates the transfer, but the email was part of a BEC attack. Cybercriminals had compromised the CEO’s email account, resulting in a significant financial loss for the company.

7. Clone Phishing

Clone phishing works by creating a malicious replica of a recent message you’ve received and re-sending it from a seemingly credible source. Any links or attachments from the original email are replaced with malicious ones. Attackers typically use the excuse of resending the message due to issues with the links or attachments in the previous email.

Examples of Clone Phishing 

Phishing scammers created fake websites that look like popular crypto media outlets Blockworks and Etherscan. They tricked people into connecting their crypto wallets by posting fake news about a supposed Uniswap exploit on Reddit. The fake Etherscan website had a tool claiming to check for approvals but instead drained wallets. 

The scammers hoped to steal at least 0.1 Ether (worth $180), but their setup didn’t work as planned. The fake websites were registered on October 25, 2023, and similar scams were seen on other crypto news sites like Decrypt.

8. Evil Twin Phishing

Evil twin phishing involves setting up what appears to be a legitimate Wi-Fi network that lures victims to a phishing site when they connect to it. Once they land on the site, they’re typically prompted to enter their personal data, such as login credentials, which then goes straight to the hacker. Once the hacker has these details, they can log into the network, take control of it, monitor unencrypted traffic and find ways to steal sensitive information and data. 

Example of Evil Twin Phishing 

You connect to what you believe is a cafe’s free Wi-Fi network, but it’s a rogue hotspot set up by cybercriminals, known as an “evil twin.” They intercept your online activity, including logging into your email account. Later, you receive a phishing email pretending to be from your email provider, prompting you to log in to verify your identity. Unknowingly, you enter your credentials on a fake website created by cybercriminals, giving them access to your email account.

9. Social Media Phishing

Social media phishing is when attackers use social networking sites like Facebook, Twitter and Instagram to obtain victims’ sensitive data or lure them into clicking on malicious links. Hackers may create fake accounts impersonating someone the victim knows to lead them into their trap, or they may even impersonate a well-known brand’s customer service account to prey on victims who reach out to the brand for support. 

Example of Social Media Phishing 

You receive a direct message on social media from a fake account that appears to be a friend or acquaintance asking you to click on a link to watch a video or view a photo. Without suspicion, you click the link, which leads you to a fake login page designed to steal your social media credentials. You enter your username and password, handing them over to cybercriminals who can now access your account and potentially exploit it for malicious purposes.

10. Search Engine Phishing

Search engine phishing involves hackers creating websites and getting them indexed on legitimate search engines. These websites often feature cheap products and incredible deals to lure unsuspecting online shoppers who see the website on a Google search result page. 

If they click on it, they’re usually prompted to register an account or enter their bank account information to complete a purchase. Of course, scammers then turn around and steal this personal data to be used for financial gain or identity theft. 

Example of Search Engine Phishing 

You search for a popular website, such as Amazon.com, on a search engine and click on one of the top results. However, instead of being directed to the legitimate website, you’re taken to a convincing but fake version (something like Am@zon.com) designed to mimic the original site. 

Unaware of the deception, you enter your login credentials or sensitive information, thinking it’s an authentic site. In reality, you’ve fallen victim to search engine phishing.

11. Pharming

Pharming — a combination of the words “phishing” and “farming” — involves hackers exploiting the mechanics of internet browsing to redirect users to malicious websites, often by targeting Domain Name System (DNS) servers. DNS servers exist to direct website requests to the correct IP address. 

Hackers who engage in pharming often target DNS servers to redirect victims to fraudulent websites with fake IP addresses. Victims’ personal data becomes vulnerable to theft by the hacker when they land on the website with a corrupted DNS server.

Example of Pharming

You type in the URL of your bank’s website into your web browser and hit enter. However, instead of being directed to the legitimate bank website, you’re redirected to a fake website that looks identical to the real one. 

Unbeknownst to you, your computer has been compromised by malware or your DNS settings have been tampered with, redirecting you to a fraudulent website controlled by cybercriminals. Thinking it’s the real site, you proceed to enter your login credentials and other sensitive information, unknowingly handing them over to the attackers.

Tips to Spot and Prevent Phishing Attacks

One of the best ways you can protect yourself from falling victim to a phishing attack is by studying examples of phishing in action. This guide by the Federal Trade Commission (FTC) is useful for understanding what to look for when trying to spot a phishing attack, as well as steps you can take to report an attack to the FTC and mitigate future data breaches. In general, keep these warning signs in mind to uncover a potential phishing attack: 

• An email asks you to confirm personal information: If you get an email that seems authentic but seems out of the blue, it’s a strong sign that it’s an untrustworthy source. 
• Poor grammar: Misspelled words, poor grammar or a strange turn of phrase is an immediate red flag of a phishing attempt. 

• Messages about a high-pressure situation: If a message seems like it was designed to make you panic and take action immediately, tread carefully — this is a common maneuver among cybercriminals. 

• Suspicious links or attachments: If you received an unexpected message asking you to open an unknown attachment, never do so unless you’re fully certain the sender is a legitimate contact. 
• Too-good-to-be-true offers: If you’re contacted about what appears to be a once-in-a-lifetime deal, it’s probably fake. 

Tips to Prevent Phishing Attacks

Let’s look at some tips to help you protect yourself from deceptive phishing attempts. 

• Be skeptical of unsolicited emails: Avoid clicking on links or downloading attachments in emails from unknown or unexpected sources. Verify the legitimacy of the email by contacting the sender through a trusted and official communication channel.
• Check URLs carefully: Hover over links to preview the actual URL before clicking. Ensure the website’s address matches the expected domain, especially when prompted to enter sensitive information.
• Use multi-factor authentication (MFA): Enable MFA whenever possible, as it boosts account security even if your credentials are compromised.
• Keep software and systems updated: Update your system applications and antivirus software to patch vulnerabilities that attackers may exploit.
• Educate and train: Make sure you and your family follow cybersecurity best practices. Encourage open communication with kids and make them aware of data privacy best practices. 

The next best line of defense against all types of phishing attacks and cyberattacks in general is to make sure you’re equipped with a reliable antivirus. At the very least, take advantage of free antivirus software to better protect yourself from online criminals and keep your personal data secure.

The post 11 Types of Phishing + Tips to Prevent Phishing Attacks appeared first on Panda Security Mediacenter.