Wednesday, November 11, 2020

November 27 is Black Friday and November 30 is Cyber ​​Monday

One of the strongest sales campaigns in shops and online sales recently established in Spain is Black Friday and Cyber ​​Monday. A tradition imported from the US where all physical stores and online businesses make numerous discounts on all their products for the Christmas season.

Black Friday Cyber Monday

It is a good time to catch a bargain ... If you are thinking of doing it in an online store, you should take into account a series of tips to avoid possible upsets and make your purchases 100% safely:

1. Activate a Card for Online Payments and Deactivate It When You Have Finished Your Purchases 💳

For the maximum security of your bank accounts, many entities enable free virtual cards to be able to make purchases online safely. We will activate and deactivate these cards only when we are going to make a purchase online.

2. Buy on Websites With Trusted Seals 📝

Cybercriminals can spoof websites to mislead consumers into believing that they are buying from a legitimate site. The website may appear almost identical to the real site; however, subtle changes may indicate that it is not. Take a good look at the URLs.

If you are visiting an e-commerce website for the first time, look to see if it has a trust seal such as Confianza Online or Trusted Shops. These seals guarantee that member companies are periodically subjected to complete quality, safety, and service evaluation.

3. Only Use Secure Sites With Certificates 🔒

The way to know if a web page has HTTPS is by looking at the browser. When accessing any website, you can see an indicator in the upper left part of the browser that indicates whether or not the page uses the HTTPS protocol. Depending on the browser, it will be seen in a different way but in all of them, it will be very clear if the web is secure or not. Certified web pages display a  lock next to the domain. When you click on the padlock, a message appears indicating that the connection is made safely.

4. Be Wary of Suspicious Bargains 🏷

On “Black Friday” and “Cyber ​​Monday” many cybercriminals take advantage of it by replicating and introducing many fake offers.

It can be difficult to tell the difference between a real offer and a fake, so it is best to make sure that a website is real. Shop at reputable and trustworthy stores that you know or have recommended to you. Avoid eCommerce that are unknown or that offer dubious discounts that are hard to believe.

5. Find Out About the  Ecommerce Where You Are Going to Buy 🔍

Check that the seller's contact information appears on the website and that the conditions of use are clearly explained: shipping costs, return policy, customer service ... If you have questions, try to contact them before making a buy or consult their social networks to read opinions of other users.

6. Be Careful With the Wifi Networks We Connect to 📶

Many public spaces such as cafeterias or train stations have free access to  WIFI networks. What we must ask ourselves is: Are they safe? Many cybercriminals simulate free Wi-Fi networks in order to access our devices. When in doubt, use your mobile's own internet.

9. Use Strong Passwords 🔐

It's always best to use a unique username and password for your various accounts, so in the unfortunate event of being the victim of an attack, cybercriminals won't have access to all of your accounts.

10. Beware of Fraudulent Emails or Phishing  📧

Phishing is a technique frequently used by hackers, with which forged emails are sent, with an aesthetic appearance very similar to the original, whose mission is to manipulate the user who receives it to steal confidential information.

You Can Identify a Phishing Email in Our Post.

Checking typographical errors, installing antivirus software on our computer, not sharing bank details by email or messaging, are other aspects to take into account when making your purchases online. Enjoy this Black Friday and Cyber ​​Monday in a 100% safe way! 🛍🛒

Tuesday, November 10, 2020

Tips to Secure Your E-commerce Site | Antivirus Software

Cybercrime evolving at the same rate as that of e-commerce sites which flourish a little more every day on the web, it has become essential to know how to secure your online store in order to protect it while reassuring the customers who will pass through your services.

Secure Your E-commerce Site

Safety Through Technology:

Know Your Host:

In the event of an infection, it is essential to be notified as quickly as possible, because otherwise your site is exposed to downgrading, or even banning from search engines and service providers. It is therefore important to know your host well and to know how often they will perform scans and the solutions they will offer you in case of trouble. Do you know if your host:

  • Provide you with a daily backup solution? How easy is it to restore your data?
  • Is equipped with a firewall, which protects against a large number of attacks, in particular DDOS attacks (denial of service attacks: infected computers all connect to your site simultaneously and bring down your server)?
  • Does it offer automatic update solutions (security updates)?
  • Does it require you to use strong passwords?
  • Are the machines that host you up to date against threats? The Meltdown & Specter vulnerabilities affecting the processors of all computers, including servers, require major updates on the host side.

Be in HTTPS:

Designating a secure HTTP version, https is essential to be correctly referenced, Google favoring secure sites, whether for an e-commerce site or not. Long reserved for transaction systems, it is now important to protect data exchanges between Internet users and websites, and therefore also in your contact and connection forms. You can recognize it by the little padlock icon in your browser's address bar.

Lock Unnecessary Access:

Your e-commerce site, by nature, is a computer system and therefore has many open passages. There are several ways to access it: back office, SSH, FTP, and others, so you must be aware of these various possibilities and take the time to check whether the accesses are open or not and, if they are. , who can access it.

Remember to change your passwords frequently, changing them once every 3 to 6 months is a way to best secure your access. Try to have a relatively long password, containing letters, numbers, and special characters.

If you are afraid of not remembering your passwords, applications, available on all systems, and on your mobiles, take care of doing it in a secure manner (like Dashlane, 1Password). They allow you to remember only one password to unlock them, and retain all the others for you.

Back-Up Your Site to Be Able to Reinstall It:

The best way to continue to provide your services in the event of possible security concerns is to be able to put a secure version of your e-commerce site back online as quickly as possible. So remember to make daily backups of your site in order to have a recent version available in case of problems.

To remember to do it: automate this task.

Secure the Payment System:

Almost all online payments are made through a payment system managed by a bank or other financial bodies. This provides you (or directs you to) a technical solution that allows you to legally and technically secure the various payments.

In terms of choosing the payment service provider, we recommend that you choose one that allows you to have the "3-D Secure" protocol which will ensure that the bank card used during payment is that of the user. We highly recommend that you opt for this option, especially for the delivery of valuable goods.

The 3D Secure functionality makes it possible to transfer the responsibility for payment to the bank, which therefore takes care of any subsequent payment problem. Without 3D Secure, the merchant is responsible for payment.

The risk is to receive payment, send the goods, and then have the payment amount withdrawn from their account because the card has been subsequently declared stolen. Your sale is lost, and so is your merchandise.

Legal Security:

Your Domain Name:

First, it is necessary to ensure that the chosen domain name is indeed the property of the company. Indeed, it is possible that the real owner is actually a provider. Thanks to the Whois.com or Afnic.fr site, you can access information related to the desired domain name. You must appear in the Owner (or Registrant in English) field.

If your e-commerce site is exported internationally, it is preferable to buy your domain name with local endings. While the process can be a bit expensive, it helps prevent cyber squatters from taking over your customers and dirtying your image.

If your domain name is a brand, we advise you to contact the INPI to register and secure it, especially if a logo is attached to it.

Never Forget Your Legal Notices and CGV:

Mandatory on any website, the legal notices make it possible to identify its owner, but also its host and its manager, and offer the possibility of contacting the latter if necessary.

If your e-commerce site is geared towards selling to individuals, it must also contain the General Conditions of Sale (GTC) adapted to online sales and its specificities: the e-commerce GTC. The general conditions of e-commerce sales are a kind of site regulation, they provide protection to customers as well as to merchants. In the event of a dispute, these make it possible to determine what is planned following a purchase and what the customer, who must validate the GTC before his purchase, is supposed to know.

It is very important to write the T & Cs of your e-commerce site with the greatest attention, without looking for models that are often too general, nor to copy those of another e-commerce (which, moreover, is liable to a fine).

An e-commerce site without legal notices or CGV may be in default before a court and outstanding fines, the amount of which may be very significant.

Pay Attention to the Properties or Rights of Use of the Content:

The owner of a site is considered responsible for the content it contains and everything that is on the internet is not free of rights. Therefore, to use the content found on the net (image, text, music, video, etc.), you must ensure that it is copyright free. In the event that it is not free, you will need to ask the owner for permission before adding it to your website.

If you own content, declare your ownership as such and feel free to verify that no one is using it without your permission.

Ownership of Rights to Use the Container:

The container, which includes the tree structure of your site, structural, ergonomic, and design developments, must be secure with regard to their right of acquisition and their ownership. Also, you must have a license for antivirus software used for your site, unless these are free software.

Monday, November 9, 2020

Cybersecurity: Types of Attacks and What They Consist of

Cyberattacks hit businesses every day. John Chambers, CEO of the multinational Cisco said: "There are two types of companies: those that have been hacked and those that have been hacked but do not know it. To combat a world where computer security has become one of the pillars of organizations, in this article we explain the different types of cybersecurity attacks and what they consist of. Keep reading!

Types of Cybersecurity Attacks


Types of Cybersecurity Attacks: What is a Cyber Attack?

For starters, what is a cyber attack? A cyber attack is a set of offensive actions against information systems. These can be databases, computer networks, etc. The objective is to damage, alter, or destroy organizations or people. In addition, they can take down the services they provide, steal data, or use it to spy.

We live in a digital age. Today most people use a computer with the Internet. Therefore, due to the dependence on digital tools, illegal computer activity grows without stopping and seeks new and more effective forms of crime.

We can classify the types of cybersecurity attacks into three categories:

  • Phishing attacks
  • Malware attacks
  • Web attacks

PHISHING

Phishing is a type of social engineering that is used, generally, to steal user data. They can be credit card numbers or passwords, for example. It occurs when a criminal poses as a trusted person. Then it tricks the victim into opening a text, email, or SMS message using a malicious link. This link can cause a ransomware system to freeze, reveal confidential information, or install malware.

It is simple and very easy to use the technique, which is why it is one of the most dangerous. It can have disastrous results. For an individual, it can lead to identity theft, funds theft, or unauthorized purchases.

SPEAR PHISHING

On the other hand, spear phishing is computer attacks that target a specific person or employee of a specific company. To carry out these types of attacks, criminals meticulously collect information about the victim to gain their trust. Falling for these attacks is usually very common, since a well-prepared email, either with a malicious link or attachment, is very difficult to distinguish from a legitimate one.

This technique is widely used to attack companies, banks, or influencers.

WHALING

In third place on the list of types of cybersecurity attacks, we find whaling attacks. These attacks target a senior manager profile, such as CEOs or CFOs. The objective, like the previous ones, is to steal vital information, since those who occupy high positions in a company usually have unlimited access to confidential information. In most of these so-called "whaling" scams, the offender manipulates the victim to allow high-value wire transfers.

The phrase "whaling" refers to the size of the attack, as the whales are attacked depending on their position within the organization. These types of attacks are easier to detect compared to standard phishing. A company's IT security officers can reduce the effectiveness of this hack.

Malware or Malicious Software

Second, among the types of cybersecurity attacks are malware. Malware is code created to stealthily corrupt a computer system. It is a broad term that describes any malicious program or code that is harmful to systems. Intrusive malware invades, damages, or disables computers, computer systems, mobiles, etc. assuming control of operations.

The goal of malware is usually to get money from the user illegally. Although it generally cannot damage the hardware of the systems, it can steal, encrypt, erase data, or hijack the basic functions of a computer, as well as spy on its activity without anyone noticing.

Malware includes many types of malicious software, such as spyware, ransomware, Trojans, etc.

RANSOMWARE OR DATA HIJACKING

Ransomware is malicious software that, by penetrating our computer, gives the hacker the ability to block a device from a remote location. Also to encrypt the files, removing the user control of all the information and data stored.

In terms of its method of spread, ransomware is usually transmitted as a Trojan. That is, infecting the operating system. For example, downloading a file or exploiting a software vulnerability. The cybercriminal, who has encrypted the operating system files rendering the device unusable, usually asks for a ransom in exchange for removing the restriction on the documents.

AUTOMATIC DOWNLOADS

Automatic downloads to spread malware are one of the most common methods among types of cybersecurity attacks. Cybercriminals search for insecure web pages and plant a malicious script in the HTTP or PHP code on one of them. This script can install malware directly on the device of the user visiting the site. It can also take the form of an iframe that redirects the victim to a site controlled by the attackers. These attacks are called "automatic downloads" because they require no action on the part of the victim. You just have to visit that website.

TROJAN

A Trojan is a malicious software program that tries to disguise itself as a useful tool. They apparently spread software and persuade a victim to install it. Trojans are considered among the most dangerous types of cybersecurity attacks, often designed to steal financial information.

Users are tricked by some form of social engineering into loading and running Trojans on their systems. U activated nice, they allow cybercriminals to spy or steal your confidential information. Unlike viruses and worms, Trojans cannot replicate themselves.

For malware to be a Trojan, it only has to access and control the host machine without warning, under an innocuous appearance.

Attacks on a website

SQL INJECTION

Among the most popular types of cybersecurity attacks is SQL Injection. It is a method of infiltration of an intruder code that takes advantage of a computer vulnerability present in an application. That is, they take advantage of common design errors on web pages. The threat of SQL injections is a serious security problem related to databases. They are used to manipulate, steal, or destroy data.

Cybercriminals are capable of injecting malicious SQL queries into a website's input field, tricking the application into using the commands they want, and accessing the database they want.

An SQL injection attack can slow down the operation of a website, theft, loss or corruption of data, denial of access by any company, or even take full control of the server.

XSS OR CROSS SITE SCRIPTING

XSS attacks use third-party web resources to run scripts in the victim's web browser or programmable application.

They are a kind of injection in which the attacker sends malicious scripts to the content of web pages to discredit them. This occurs when a dubious source can attach its own code in web applications. This is sent in the form of Javascript code snippets executed by the victim's browser.

Exploits can include malicious executable scripts in many languages, including Flash, HTML, Java, and Ajax. XSS attacks can be very devastating. However, alleviating the vulnerabilities that these attacks allow is relatively simple.

What did you think of this article about the types of cybersecurity attacks? Leave us your comments and share! Also, do not forget to install total security software to protect your data from cybersecurity attacks.

Sunday, November 8, 2020

Is Changing Passwords Periodically Positive or Negative | Antivirus

Network administrators and security experts recommend changing passwords periodically. However, in some situations, it can be detrimental to safety. One of the problems generated by changing most of the passwords we use with some assiduity is that in the end, we tend to use weaker passwords so that they are easier to remember each time we change them. If we use a password for a long time, we can always put a more complex one that is more difficult to crack, although logically the ideal would be to use complex passwords that are changed periodically.

Secure Password

Changing passwords with certain periodicity is a waste of time, and if it is not done well, we deteriorate security. In case you don't know, a strong password or password must contain the following elements:

  • Capital letters.
  • Lowercase.
  • Numbers.
  • Symbols such as @, &, or $.
  • The recommended length would be a minimum of 12 characters.

Positive Aspects of Changing Passwords Periodically

Changing passwords periodically is a good idea because it makes it difficult for someone to obtain our password by brute force or dictionary, since, before it can be cracked, we will have already changed it and you will not be able to do anything to enter with our credentials.

A periodic password change means that in the event that they steal our email password or any other service, they could never log into their account and have access to our data because during the time it takes to crack the password, we already we will have changed it. The same could happen with social media accounts and bank accounts.

We must bear in mind that the less time between password changes, the probability that a cybercriminal will crack the password is lower since they will have less time to discover our password and use it for their own benefit.

Drawbacks of Changing Passwords Regularly

Password changes are something that we should take seriously, however, that does not mean that changing passwords is an additional effort for people quite important. The problem is that people have limited time and memory, which means that changing passwords periodically involves a significant effort, especially the latter, remembering the last password.

In an ideal world where we had a perfect memory and time to design our password, there would be no problems. One of the most important security problems is human error, and if you change your password often, you will be more likely to use weak passwords to make them easier to remember. Therefore, if we are forced to change it periodically, it will be more difficult to remember and create good passwords. For this reason, it is not surprising that users who are forced to change them end up adding a number to their password, such as "password1" and then "password2".

Another issue to keep in mind is that the problem is compounded by making so many changes. The reason is none other than that we have to handle many passwords. In that sense, to alleviate the problem we recommend using a password manager such as KeePass, Password, or any other.

The problem that we acquire when changing passwords periodically is that we will end up using the weakest ones, and probably, we will reuse the same key in different accounts, so we will be even more vulnerable for reusing the passwords in different services. In this regard, it is much more important to use strong and unique passwords everywhere than to change the password regularly.

This is How Cybercriminals Act When They Obtain a Key

By periodically changing passwords, if done right, you improve security, but the problem is, if done wrong, you can make security worse.

Another important issue is when our password falls into the wrong hands. In that case, cybercriminals try to take advantage of it as soon as possible. For example, if in a phishing attack they obtain the password from your email, they will try to make the most of it and will try to reset the passwords of other accounts with it. Thus, for example, they could gain access to your Facebook account to send spam or scam your acquaintances.

In summary, even if you had changed your password the day before, being victims of a phishing attack where you enter your current password, this measure will be of little use. Therefore, for certain types of attacks, the change is not so beneficial.

When Should We Change Passwords?

In the event that we have had to share, out of necessity, the key of an account of any type such as Netflix or Amazon Prime, the change may be beneficial, immediately or when the agreed time for using an account expires. streaming is convenient to change it. In this way, we avoid spying on our data, or services that are ours from being used without permission.

It should also be noted that password changes can be positive for some jobs. In this sense, IT administrators should not force workers to change passwords unless there is a good reason. In this case, it is best to use a password manager to avoid using an increasingly weak password. Therefore, do not forget that regular and indiscriminate password changes can in the long run be a problem.

As we have seen, periodically changing passwords is not always good advice. In addition, in case our password is stolen, if we have activated two-factor authentication from Google, Facebook, etc. they will not be able to access our account. Therefore, for accounts that support this two-step verification, it can be very beneficial for our security to have it activated.

But using a strong password is not enough to protect data. The best antivirus software will be a good choice to secure your data from external threatening.

Friday, November 6, 2020

How to Choose Your Company's Antivirus | Antivirus Software

Currently, the most valuable asset of companies is information. But, how to protect it? With antiviruses, they are responsible for preserving digital security. In this post, you will receive tips and know-how to choose your company's antivirus.

Choose Your Company's Antivirus

The Importance of Choosing a Quality Antivirus for Your Company

 With technology most companies use cloud devices, or any other digital medium, to transmit and archive their information.

The demand for information exchange in companies is different. Companies are great targets for hackers and viruses, and the need for protection becomes proportional, after all, we do not always deal only with company data, but together with customer information.

In view of this, in order to guarantee the confidentiality of your company's internal processes and even to be able to transmit it to your customers, the perfect combination of protection measures with a quality antivirus and the company's demands is extremely important.

Follow the tips to choose your company's antivirus software and avoid irreparable losses to your business.

Tip 1 # Before Antivirus

Before purchasing an antivirus it is advisable to:

Do Back-Ups: Have a device to back up safely and steadily, ensuring first of all, that your files will not be lost. That way there is no risk of disrupting the company's internal processes, and it also guarantees the reliability of its customers' data.

Use a Firewall: Using a firewall is extremely important, it will protect your network from unauthorized external attacks, and in your company's internet browsing, with a firewall, you can have content filters to control the internet and even an antivirus directly on the firewall.

Leave Piracy: It is still common in Brazil to use pirated operating systems, such as the pirated version of windows. Even with quality antivirus, a hacked system leaves your machine vulnerable.

Organize a network of permissions: There is no point in installing an efficient antivirus if your employees can install whatever they want on their systems. There is no need for extreme rigidity in this context, just a few filters to improve security.

Tip 2 # Find Out

Do not think that software used at home has the same efficiency for the corporate environment. An IT consultant will be able to instruct and conduct the best for your company for the best cost-benefit.

Keep your budget in hand: paid software is more efficient for the corporate environment, in addition to ensuring technical support and daily software updates.

Perfectly combine your machines and programs with the antivirus software to be installed. Tablets and notebooks may have their functionality damaged after certain corporate antivirus is installed, compromising the durability of their batteries and the slowness of programs.

Keep up to date: it is recommended that continuous control be made in the company's systems and procedures so that if necessary, innovate the software.

Look for an antivirus that manages you on your endpoints, an administrative panel is essential where you can have an overview of your devices and do the management, in addition, corporate antivirus can be configured for groups of users with different permissions, it is also It is important to set up the e-mail alert so that you can be notified when any equipment is in trouble.

Tip 3 #: Use Testing Sites

There are companies that are ready to test and deepen the operation of the software, so before purchasing and deploying in your company, it is possible to know the metrics and their efficiencies. There are sites to make comparisons of features, with grades rated up to 6 for each type of service.

Knowing more about each software you will see what fits best with the technical knowledge of your employees, as a very sophisticated system would lose its effectiveness, causing "errors on the part of the operator", leaving the system vulnerable.

Tip 4 #: Reassess

Before renewing your antivirus, or even before purchasing a new one, evaluate its performance rating.

There are websites that offer comparative data for choosing the best antivirus. On these sites it is possible to carry out tests, selecting the type of machine and system used, and they have helped you to find the best digital security device for your company's scenario.

It is important that this assessment is carried out constantly so that the company will be able to control the efficiency of the antivirus and remain safe.

Thursday, November 5, 2020

DDoS Attacks: How to Protect Yourself | Antivirus Solution

More recent data shows that DDoS attacks are getting bigger and more frequent. The biggest of them, in 2016, was at least  73% bigger than the worst attack experienced in 2015 and, although they are not new, their current scale is scary since they are difficult to block and can cause great losses. But what is it and why is it so worrying?

Distributed Denial of Service

In today's article, you will better understand how they happen, what their consequences are, and what kind of strategies can protect your company.

What is a DDoS Attack?

A Distributed Denial of Service (DDoS) attack is an attempt to exhaust the resources available to a network, app, or service so that genuine users cannot gain access. A variety of techniques are used to send requests to a website, which increases its traffic to the point of overloading it, making it virtually inaccessible.

Since 2010, driven largely by the rise of hacker activism, we have seen a revival of the DDoS attack that has led to several innovations in terms of tools, targets, and techniques. Today, it has evolved into attacks that are difficult to detect, targeting applications, bypass corporate security infrastructure, and bypass firewalls to achieve their goal.

How Does a DDoS Attack Occur?

Each DDoS attack happens in a different way and there are countless ways to put them into practice. However, attack vectors generally fall into the following categories: volumetric attacks, exhaustion attacks, and application-layer attacks. More sophisticated hackers combine volumetric, exhaustion, and application layer efforts into a single sustained attack, making it even more difficult to combat and highly effective.

Volumetric attacks attempt to consume the bandwidth of the target service or between a specific network and the rest of the internet. They are generally responsible for congestion and are the most common type of DDoS attack. According to Arbor, they represent about  65% of the total reported.

Exhaustion or protocol attacks, in turn, are those that segment the network connection with firewalls, application servers, and other components of your infrastructure in search of a  vulnerability. Probably the most common type of attack of this nature is the ping of death, which sends a large packet of bytes to the destination in order to overload the server. The more the target tries to respond to the pings, the more bandwidth is consumed until the entire system fails.

Application layer attacks target some aspects of an application or service and can be highly effective even from a single machine. Its purpose is to interrupt data transmission between hosts and the most common way to do this is with an HTTP flood.

What Are the Consequences of a DDoS Attack?

A DDoS attack is a threat to business continuity. As organizations have become more dependent on the internet and web-based applications and services, their availability has become as essential as electricity.

Therefore, DDoS is not only a threat to retailers, financial services, and gaming companies that have a high demand for availability. They are also intended for business-critical applications your organization relies on to manage daily operations -  email, sales automation tools, and CRMs can be affected by them.

When successful, the DDoS attack can lead to angry customers, loss of revenue, and damage to your brand. On the other hand, if the apps you use are unavailable, your company's operations and your team's productivity are compromised. Internal sites, for example, that are important to many of your partners, when offline, affect the supply chain and can lead to production disruption.

When these attacks are successful it means that your organization is vulnerable and is probably just the first of many. As long as a robust antivirus solution is not implemented, hackers will continue to victimize your business.

How Do I Protect Myself From DDoS Attacks?

There are some strategies you can implement right now to protect yourself from DDoS attacks. Check out some of them below:

Invest in bandwidth

Probably the easiest way to protect yourself from DDoS attacks is to make sure that there is enough bandwidth in your company's connection to the internet. With a high bandwidth to handle larger traffic requests, it is possible to prevent attacks on a small scale.

Have a backup connection

Maintain a backup connection with a separate set of IP addresses for your critical users. This gives your business an alternate path if the primary circuit is overloaded with malicious requests.

Learn to identify an attack

If you run your own servers, you should be able to identify that you are under attack. After all, the sooner you realize there are problems with your website, the sooner you can resolve them.

Familiarize yourself with the analysis of incoming traffic on your networks, so you can easily spot anomalies. Sharp spikes or a sudden surge in visitors are signs of the start of a DDoS attack.

Purchase intrusion detection systems

Install an intrusion detection system. Most of them have solutions to protect their systems in case of DDoS attacks, such as connection verification, which prevents certain requests from reaching their pages and networks.

Use a remote DDoS protection service

Use a remote DDoS protection service. Several vendors offer the feature and they have prevention devices specifically designed to detect and stop ongoing DDoS attacks.

How Does DDoS Remote Protection Work?

Remote proxy protection provides an extra layer to prevent hackers from reaching your network or services. This type of solution hides your real IP and sends all traffic that reaches your website through a mitigation network. The whole process takes place without your visitors noticing and without compromising the responsiveness of your page.

Remote protection is a layered approach to proactive and reactive security. Your proxy provider continually monitors the security of the site and identifies risks before they become a reality. The solutions may or may not be based on the cloud and have firewalls and intrusion prevention systems that mitigate the main threats, be they volumetric attacks or brute force invasion attempts.

One of the biggest reasons for choosing the alternative is that DDoS remote protection increases both the security and the performance of your HTTP applications. In addition, the cost-benefit ratio and the convenience of the preventive solution help to protect your business and prevent unforeseen events.

Wednesday, November 4, 2020

Coronavirus Vs Computer Virus | Antivirus Software

To counter cybercrime, HD Latin America recommends installing a firewall. Faced with COVID-19, he advises to stay at home and take action against online threats.

They are both viruses!

Coronavirus Vs Computer Virus

The definition of the word is simple. In the biological field, it is a microorganism composed of genetic material protected by a protein envelope that causes various diseases by introducing itself as a parasite into a cell to reproduce in it.

In the computer field, it is a computer program made in anonymity that has the ability to reproduce and be transmitted independently of the will of the operator and that causes more or less serious alterations in the operation of the computer.

At first glance and brief analysis of the previous reading, anyone would say that they are similar and personally I see that they are identical. The first similarity is that both enter the body and the computer without permission, thus taking advantage of the vulnerabilities of both.

In the case of living organisms, they detect that the body is weak in its defenses, and in the case of computers they take advantage of flaws in the programming of the codes; both propagate and reproduce within the attacked system and progress if there is no resistance, and in both scenarios, the objective is the same: to seize the living organism and the computer or file server in question. But the most important thing about the case is that both contain information that is data that directs them towards their objective, information that gives them a pattern of behavior ... data ... data and more data, that is, very prevalent if it is not a reality that both have the same origin: a superior or at least outstanding intelligence.

Protect yourself as if you were a computer, yes, even if it sounds ridiculous or weird, this will save your life or a family member and, above all, I know the new generations will understand it easier and easier because they were already born immersed in technology and depend on her for almost everything.

How to Protect Yourself if You Were a Computer?

Let's just see, what is done with a computer, the first thing ... pause ... you answer, what is the first thing that is done with a computer before launching it into cyberspace? The same as a baby is thrown (metaphorically) into the polluted and different environment of its placental bag. Yes, he thought about it, an antivirus is installed, but in our unfortunate case, that coronavirus vaccine does not exist yet!

Did you know that the same thing happens when a new virus appears in the computer field? If there is no vaccine, the sample is sent to the laboratories and there are dozens of code specialists who will guess if they analyze, they think, analyze ... and make prototypes that will fight the new virus, identical to what Chinese, Korean, and German scientists are doing. … The entire scientific community because there is no vaccine against this terrible virus called COVID-19, more commonly called coronavirus.

Once Contextualized, Let's Go-to Protection:

Did you know that more than a system deficiency, it is human failure that causes computers to become infected and lose a lot of money and data? This is how you read it in computer science. Let's talk about Mario, who has his savings account at Banco Azteca and suddenly he gets a notice from Banorte and what do you think he's doing? This is how you thought it badly! Mario opens it and then thinks ah ... but if I don't have an account in that bank and in a little voice he tells him (maybe you don't remember anymore) ... the reality is that Mario has never had an account in Banorte in his life and now, By now he is infected with a low-end virus at best and ransomware at worst.

Let's learn the computer lesson: if you do not know the person who is next to you, do not greet him, it is more or turn to see him, capable and with a glance, he fills you with viruses (I exaggerated), but it is reality, this virus does not give indications which is, but the carrier is already spreading it like a piñata in an inn all around and that's not all, the new carriers do the same in a chain as if they were nuclear fission. To end this analogy we would say: if it is not you, do not touch it and if it is not your bank, do not open it.

The coronavirus, being so tiny, today has the entire planet in check and neither powerful nor artists, nobody is safe unless they take a healthy distance from the possible sources of infection that are our fellow men; Since like computer viruses when you realize it is that you already have it and in that context what we do in computing is to install a firewall that does not allow the virus to enter, in this case, dear reader the firewall is your house and home It is the safest site in the world because viruses are lurking and at the moment there is no antivirus, but surely there will be.

What is a Computer Virus and How to Remove It | Free Antivirus

A virus is a type of malware - a harmful program created by hackers that can infect your computer or device in various ways. They can be really difficult to remove and can spread from one device to another. Fortunately, we can take some steps to protect your devices, and we have some suggestions on how to remove a virus.

Computer Virus

How does a computer virus work? Programmers are the ones who write a virus to place, overwrite, or replace another program on your computer to reproduce itself without your knowing it.

A virus can cause various problems on an infected device. This can quickly consume all of your computer's available memory, slowing or stopping your system. Viruses can damage data, destroy files, format hard drives, or make drives unreadable. A virus can enter your computer as an email attachment, in a downloaded file, or hidden on a zip drive or CD. In general, the presence of a virus is not evident on a website, in an email, or in another item.

Common Symptoms of Computer Viruses

Your computer may have a virus if you have any of these problems:

  • Suspension or blocking
  • Lost or damaged files
  • Problems saving files
  • The computer restarts unexpectedly
  • Programs open randomly
  • Task manager won't open
  • Constant pop-up boxes
  • Much more spam than usual in email
  • Windows updates won't install
  • Cannot open files and folders
  • Passwords changed
  • Problems installing new software
  • Considerable slowness in switching on and/or off
  • Unexpected errors such as low memory and missing system files
  • Hardware issues such as an unresponsive keyboard or printer

How to Avoid Having a Computer Virus?

We have some precautions you can take to take care of your devices:

Install a recognized antivirus. Even if you don't take any other preventive measures, using antivirus will offer your devices basic protection and monitoring against viruses. This ensures that if you do become infected, you will be warned quickly and can address the problem before the virus has a chance to do irreparable damage to your computer. All CenturyLink High-Speed ​​Internet customers can download Protegent Free Antivirus at no additional charge. Learn more about Protegent360. 

Keep your virus definitions up to date. To be effective, antivirus software must be kept up to date. It is important that you download the latest virus definitions when your antivirus software tells you to. You can automate this task so you don't forget to run it. Protegent360 security is cloud protection that offers continuous updates and monitoring, so you don't have to worry about updates.

Run your antivirus software routinely. Again, if you find this to be heavy (or just forget to do it), you can automate the task.

Be proactive. Analyze your files and programs. You can configure your antivirus software to automatically scan emails and files before opening / downloading them. It's good to scan ALL files, even if you trust the source.

Make backup copies of your files frequently. New malware is created daily. Having a backup of your data can save you if a virus bypasses your protection measures.

Keep your programs and operating system updated. This may seem like a challenge, but updates are essential to keep your computer virus-free. Updates often include patches to fix security vulnerabilities that could be exploited, and if you don't update your software, you could miss the latest update. You can also automate this task in your computer settings.

Protect your WiFi network. Enabling a WPA password on your home Wi-Fi will help prevent unwanted users from entering your wireless network. If you need to provide the Internet to friends, most routers allow you to set up a guest network that allows them to use the Internet without giving them access to your main network, thus protecting you from potentially infected devices. Certain CenturyLink leased modems also offer Secure WiFi, which has Prortegent360 built-in.

How to Remove a Computer Virus

If you think your device is infected, the first step is to run a full antivirus scan. 

If you use CenturyLink Security powered by Protegent360, there is no need to do anything else. The program runs continuously and automatically quarantines any threats it detects.

If your antivirus cannot remove the virus, these are the steps you should follow:

Try doing an online search to find out how to remove the virus. You are likely to get the most accurate results if you know the name or source of the virus you suspect or can describe the specific symptoms.

Call a professional. If you can't find a solution online, call an IT professional right away, before it gets worse.

Tuesday, November 3, 2020

Malicious Codes: How to Detect, Prevent, and Eliminate Them | Antivirus

When programming experts use their coveted knowledge for crime, malicious code is born. We tell you everything you need to know to be forewarned!

Technology has changed the world dramatically and no one can deny it. Few remember what life was like without a cell phone, without means of instant communication, without online files for data storage, without home banking, without Wi-Fi. But, all these comforts of today's life also have certain risks, such as malicious code, that we have to know so as not to be easy victims.

Malicious Codes

It is not that technology is bad, the problem is that criminals evolve along with the rest of economic activities and, therefore, companies have a greater demand to be at the forefront and beat cybercriminals.

As the name implies, malicious codes are pieces of web script developed to create vulnerabilities in systems. In a crude analogy, we could say that it is as if someone made a hole in the perimeter fence of your software to take the information, files and even boycott the operation of your equipment.

Unlike other computer attacks that a system can suffer, the malicious code includes website scripts that take advantage of vulnerabilities to load malware through new entry doors, many times an updated antivirus is not enough to stop its action, it is essential to perform specialized scans and leave systems development in the hands of trained professionals.

How Does Malicious Code Work on My Computer?

The malicious code is a self - executable application that produces gateways to information from a computer with different costumes that can be Java applets, solutions HTML, accessories, scripting languages, and other languages predesigned web pages or emails.

Downloading the code gives the cybercriminal access to the victim's computer and allows sensitive data to be exposed. In this way, cybercriminals can even delete valuable and irrecoverable information, as well as install spyware.

Visiting infected websites or clicking a malicious email link or attachment are the primary avenues for malicious code to penetrate systems.

How Can Malicious Code Be Detected?

The renowned international domain and web hosting provider, Godaddy, offers the following recommendations so that users can know if they are being threatened by malicious code :

  • Review the malicious code inventoried on the Stop Badware and antiphishing.org log pages, to know the most well-known cases and to be alert.
  • Take into account safe browsing certifications when browsing different websites
  • Enable the view of file extensions, and scan all files with extensions such as .exe, .bat, .cmd, .scr, or .pif through an antivirus software.
  • Use link analysis software to scan all links in your own code, especially in advertisements.
  • Search for possible virtually invisible frames, in general, harmful scripts are placed in the code with iframe tags with height = "0" width = "0".
  • Search your own code with the search for unknown lines. It is very common for malicious code to be encoded with hexadecimal or Unicode / wide character. Look for strips of percent signs (%) followed by two characters (eg% ww% xx% yy) and/or lines followed by 4 characters (like \ u9900 \ u1212 \ u8879).
  • Download the files from the website into a virtual machine where you can scan them and avoid infecting the computer itself.

How Can I Prevent Malicious Code in My Business System?

As always, in terms of computer security, prevention is vital to avoid serious problems resulting from the criminal attack. The main tool to avoid being a victim of malicious codes is website protection scanners.

Through periodic scans of your website, you will be able to detect vulnerabilities to correct them and not be easy prey for hackers.

In addition, it is important to:

  • Review all software before including it in your systems
  • Evaluate the use of web security certificates for your site
  • Include ad providers that do not contain malicious code and scan them regularly.
  • Give greater vigilance to areas of your company's software that are available for user-dependent data generation.
  • Implement high-security passwords.
  • Install the latest versions of the patches available for third-party software on the site.

How Do I Remove Malicious Code?

In case of detecting the attack of a malicious code in your business software, it is necessary to follow the following action guidelines:

  • Put the site down to avoid the spread of cybercrime and that your customers and visitors are not at risk.
  • Remove all malicious code that you have detected through scans and script reading.
  • Repair the vulnerabilities for which you believe the malicious code has entered, to prevent future attacks.
  • Conduct an investigation of the case and possible spread of the cyber attack to determine the scope and alert other potential victims.

People who invest time and energy to get hold of other people's resources have always existed in the history of humanity, and the best option that remains for us to respond to the development of new forms of crime is information and prevention.

Monday, November 2, 2020

6 Tips to Protect Against Phishing Attacks | Total Security

With the growing popularity of social media websites like Facebook and Twitter, it should come as no surprise that cybercriminals are trying to take advantage of flaws in security applications and inadequate protection protocols more often. Twitter, in particular, seems to be a favorite target of malware authors and hackers, judging by some of the latest news in the internet circle.

Protect Against Phishing Attacks

History of Attacks on Twitter

In May, a French hacker calling himself "Hacker Croll" easily managed to access the email account of the administrative assistant, and there, take the information that allowed him to access the application program to the Google employee account. Apparently, people who work at Twitter used the corporate version of this application to share documents and other information within the company. From this, the Hacker Croll was able to steal over 300 private company documents and leak them to the public.

In August, a pro-Georgian blogger nicknamed "Cyxymu" was the target of a denial of service (DDoS) attack, which affected not only his Twitter account - causing a multi-hour outage of the entire site, as well as many other problems. - but also to Facebook and LiveJournal, sites where he also had accounts. Whether Cyxymu's accusations that Russia is responsible for the attack are true or not remains to be seen, but the ease with which this assault was orchestrated has made much wiser.

In September, a Twitter worm was able to spread via direct messages. Hackers who developed the software to generate Twitter accounts can circumvent CAPTCHA technology. The fake Twitter accounts posted messages related to popular topics to trick computer users into clicking the link in the fake message. When the message produced by the machine is clicked, the user is directed to a site that distributes rogue antivirus applications.

Attacks and infiltration of cybercriminals into social network accounts leading to the theft of personal and financial information are not the only problem that many users face. Malware authors have also been very busy.

The biggest danger to social sites today is the Koobface worm. This deadly little parasite attacks users of websites like Facebook, MySpace, hi5, Bebo, Friendster, and Twitter. The Koobface spreads through particularly harmless-looking messages delivered to friends, accompanied by a link. Accessing this link will cause the Koobface worm to be downloaded onto the user's computer. If the infection is successful, the Koobface tries to collect important information from the victims, such as credit card numbers.

These attacks have shown many people that on the web, we are no longer as safe as we were in the past. In July, Los Angeles officials raised concerns about a multi-million dollar proposal to pass emails and other government documents to a Google-sponsored service, the Google Apps service, attacked by hackers Croll the previous month, and this is just the beginning.

Right now, it's difficult to be totally impervious to penetration attacks, but there are ways we can help protect our computers, Internet accounts, and personal and financial information.

6 Crucial Tips to Keep Your PC Safe From Malware Attacks

Here are 6 essential tips to avoid and/or minimize the risk of malware, worms, or infections through websites like Twitter:

1: Keep Your User Profile Short and Do Not Visit User Profiles During Twitter Attacks

Keep your user profile short and never give out your personal information. This includes, but is not limited to, full name, email address, physical address, and telephone numbers. Do not disclose this information to anyone via Twitter, if you can avoid it. If someone accesses your account, this information will be easily discovered. Note that others can and will read your profile and your tweets and that they have the option of forwarding your messages, which means strangers can see your tweets. Remember, once something is posted online, it never goes away, regardless of whether or not the posting is deleted.

During the period of a Twitter attack, it is best to avoid visiting suspicious user profiles that may be infected with a worm or other type of online threat. The Web is a good source for the latest news on Twitter attacks and the accounts involved. A red flag for suspicious activity is displayed when a Twitter user repeats the same message over and over about a product or web page. Please do not click on the links provided by those messages and do not forward them.

2: Practice a Strong Password

Never (and I mean never) give your Twitter password to anyone, this includes friends and family. Make sure the password you are using is not easy to guess. Try using a combination of numbers, letters, and symbols to create a strong password. It is always a good practice to change it periodically or after an alleged attack against Twitter or other social networks. If you are a member of more than one social network, it is suggested that you use a different password for each account. Because if a hacker obtained the password for one of your accounts, he could use it to access your other social accounts.

3: Be Careful What You Download or Link to From Twitter or Other Social Sites

On Twitter, in fact, on many social websites, there are literally hundreds of new apps to use on your profile. Do your research, as many of them may ask for your username and password. Make sure what you send and who you send it to. It is best to ask others about specific applications or test them before using them. Clicking on a short URL such as Bit.ly or Tinyurl are risky practices. The services of a short URL puts you at risk of being redirected to a malicious site that can infect your system with malware. Some shorter URL services such as TinyURL and Bit.ly allow you to preview the link before clicking on it. This is a great feature to take advantage of and avoid visiting an unwanted website. As with spam in email messages,

4: if You See Something, Say It

If you suspect something is wrong, if you are being harassed, or suspect that another user's system is infected by a parasite, it is best to report it to Twitter. Because Twitter has been hit with a number of attacks lately, we all need to be involved in reporting malicious activity. If you receive a message from a user who is clearly trying to spread malware, it is best to send a direct message to Twitter's “spam account” page.

5: Follow General Safety Practices for Social Sites

It is important to always follow the general safety rules when visiting social websites like Twitter or Facebook. The main safety rules to follow are:

Trust no one. Be suspicious of all users, even if they claim to be your friends.

Always be on the lookout for fake social media sites and profiles.

Don't sacrifice your security for popularity by adding unknown users.

It is recommended only to follow people you know in real life. Don't reply to users you don't know. Keep your Twitter information private and only allow people you know to see it. Once you put a Twitter message on someone else's Twitter page, it can be seen by all Twitter users who follow your friend. Never assume that your Twitter message is private. The vast majority of users of social sites are teenagers and do not realize the consequences of posting private information. Users should always inform the appropriate authorities about threats or negative tweets or messages they receive.

6: Keep Your Antivirus, Antispyware, and Other Security Tools Up to Date

Probably the most important and basic line of defense is to make sure your computer has the latest antivirus software. Make sure to update your antivirus program and the operating system often. There are many attractive links browsing Twitter, but there is no way to know which one contains malware waiting to infect your system.

Remember that Twitter is still new, and even with its growing popularity, it can be difficult for developers to include sufficient processes and security settings. There is nothing wrong with trying Twitter and following your friends or favorite bands online, you just have to be smart about using it.

How to Save Your Twitter Account and PC After a Worm or Malware Infection

To prevent the spread of malware through Twitter messages, you need to avoid forwarding them. If you detect any suspicious activity in a profile, for example, tweets that contain the word "Mikeyy", you must take steps to eliminate the threat. To eliminate a common threat, such as "Mikeyy" you must follow the following process:

  • Clear your browser's cache and disable JavaScript with the options.
  • Then go to Twitter to delete all messages on your profile that have the word "Mikeyy" or any other obviously corrupt.
  • Upon completion, you can enable JavaScript again and change your bio, URL, and color scheme for your profile. You can also take this time to change your password for added protection.
  • Download and install a security application like Total Security that scans your system for malicious files that may have infected your system through the message sent from the corrupt Twitter profile.
  • Additionally, you can use a Firefox add-on such as "NoScript" that blocks XSS (cross-site scripting) defects, a common method of worm infections to infiltrate computers via Twitter. No computer user is safe from messages that take advantage of social networks like Facebook and Twitter.

Do you have horror stories to share (experiences on Twitter), or on other social sites like Facebook and MySpace? Do you have tips not mentioned here that you can give people to help them stay safe? Please leave a message and give us an answer.

Saturday, October 31, 2020

9 Tips to Choose the Best Antivirus | Free Antivirus

Are you looking for the best antivirus or the best security solution for the IT maintenance of your SME? There are so many options on the market that you may not know what to choose. Surely you have heard thousands of times how important it is to have an antivirus, but you may not know what criteria it has to meet to achieve the best security for your company.

Choose the Best Antivirus

On some occasions, we have talked about the importance of making backup copies as the safest method to protect your company's information.

Today we are going to guide you in the most important aspects that you

Today we are going to guide you in the most important aspects that you have to take into account to choose the best antivirus option for your SME.

With more than a quarter of a million new malicious programs being detected every day, it is clear that everyone needs the protection of a good antivirus product. Having it will not guarantee us to be free from threats, but we will make it more difficult.

It doesn't matter if you work on Windows, Android, or macOS: there is malware that makes its way to your computer. But what kind of antivirus software should you get? Will you have to pay for it, or is the free antivirus good enough? Is anti-malware software the same as anti-virus software? Why are there so many different types of antivirus software, even from just one brand? And does the use of antivirus software pose a risk to computer equipment?

The answers to all these questions are complicated, but we are going to try to give you some basic advice while you decide on the best protection for your SME IT.

1. A Free Antivirus That Offers Good Protection, but Pay Offers More Features

Some free antivirus products will protect your computer systems extremely well from malware. But paid products tend to have a lot more extra features, especially on Windows. You just have to keep in mind that in most cases you will have to spend an annual subscription. Most people tend to go for less expensive products, and while this is a good general approach, it is not always the best. In the case of security products, that means looking for the cheapest product that meets your needs and offers the protection you need. That product might not be the least expensive on the market. On the other hand, imagine how much it will cost you if you buy a bargain security product that cannot protect your personal files against ransomware threats.

2. Look for a Light System Load

It is true that any antivirus program will use up some of your computer's resources, but a good antivirus program should keep your system free of malware without significantly slowing down your system's performance. In testing, the best antivirus software is hardly a drag on performance.

3. A Near-perfect Detection Rate

Since the role of antivirus software is to detect threats, it should do so flawlessly. Seek certification from a respected third-party testing organization.

You will need to ensure that your antivirus software stops more than 95% of malware, whether it is common malware or new malware. But make sure that the detection rate is not accompanied by a high rate of false positives, which are benign files mistakenly identified as malware.

4. An Intuitive Interface

Because antivirus software can be customized, it is important that the interface guides users through the various settings.

5. Daily Updates

Provide up-to-date protection. An antivirus solution that uses old and outdated malware definitions is a weak product. Viruses continually evolve, they never stop, so antivirus must do that too. A good antivirus is a product that is constantly updated, several times a day.

6. Consider the Reputation

This may seem a bit conservative, but in the IT security market, reputation matters. Buying and using a security product from a reputable company is usually a safer bet than jumping in with a security product from an unknown company. Good security solutions tend to stay good as time goes on.

7. Antivirus Alone or Security Suite?

Antivirus software comes as a standalone program, but you can also purchase it as part of a comprehensive security suite. Security suites, covered in our separate report on Internet security software, are more expensive, but include a range of protections, with antivirus, antispyware and antispam programs, identity theft protection, firewalls, and parental controls. 

8. Check the System Requirements

Make sure the antivirus program you choose works with your Windows or Mac operating system. If you have an older computer, a large antivirus software program can consume a large percentage of your computing power and may have compatibility issues.

9. Avoid Conflicts

Antivirus software rarely works very well with similar products from different vendors. Before installing third-party software, completely uninstall any pre-existing security software.

Friday, October 30, 2020

An Overview of the Most Dangerous Ransomware Viruses in 2020 | Cloud Antivirus

For decades, cybercriminals have successfully exploited flaws and vulnerabilities on the World Wide Web. However, in recent years, there has been a clear increase in the number of attacks, as well as an increase in their rate - attackers are becoming more dangerous and malware is spreading at a rate never seen before.

Most Dangerous Ransomware

Introduction

We are talking about the ransomware that made an incredible leap in 2020, causing damage to thousands of organizations around the world. For example, in Australia, ransomware attacks such as WannaCry and NotPetya have even raised government concerns. To summarize the ransomware “successes” this year, we will look at the 10 most dangerous and most damaging organizations. Hopefully next year we will learn lessons and prevent this kind of problem from entering our networks.

1. NotPetya

The ransomware attack began with the Ukrainian accounting software MEDoc, which replaced 1C, which was banned in Ukraine. In just a few days, NotPetya infected hundreds of thousands of computers in over 100 countries. This malware is a variant of the older Petya ransomware, except that the NotPetya attacks used the same exploit as the WannaCry attacks. As it spread, NotPetya affected several organizations in Australia, such as the Cadbury chocolate factory in Tasmania, which had to temporarily shut down their entire IT system. The ransomware also managed to infiltrate the world's largest container ship, owned by Maersk, which reportedly lost up to $ 300 million in revenue.

2. WannaCry

This ransomware, terrible in scale, has practically taken over the entire world. Its attacks used the infamous EternalBlue exploit, which exploits a vulnerability in the Microsoft Server Message Block (SMB) protocol. WannaCry infected victims in 150 countries and over 200,000 machines on the first day alone. We have published a personal file of this sensational malware.

3. Locky

Locky was the most popular ransomware in 2016, but it has not stopped operating in 2020. New variants of Locky, dubbed Diablo and Lukitus, emerged this year, using the same attack vector (phishing) to target exploits. Locky was behind the Australian Post email fraud scandal.

4. CrySis

This instance excelled in its masterful use of the Remote Desktop Protocol (RDP). RDP is one of the most popular ways to distribute ransomware, as cybercriminals can thus compromise machines that control entire organizations.

5. Nemucod

Nemucod is spread using a phishing email that looks like an invoice for shipping services. This ransomware downloads malicious files stored on compromised websites. In terms of phishing emails, Nemucod is second only to Locky.

6. Jaff

Jaff is similar to Locky and uses similar techniques. This ransomware is not remarkable for its original methods of distributing or encrypting files; on the contrary, it combines the most successful practices.

7. Spora

To distribute this type of ransomware, cybercriminals hack legitimate sites by adding JavaScript code to them. Users visiting such a site will receive a pop-up warning prompting them to update their Chrome browser to continue browsing the site. After downloading the so-called Chrome Font Pack, users became infected with Spora.

8. Cerber

One of the many attack vectors that Cerber uses is called RaaS (Ransomware-as-a-Service). According to this scheme, cybercriminals offer to pay for the distribution of the Trojan, promising a percentage of the money received for this. This “service” allows cybercriminals to send out ransomware and then provide other attackers with tools to distribute.

9. Cryptomix

It is one of the few ransomware that does not have a specific type of payment portal available within the dark web. Affected users must wait for cybercriminals to email them instructions. Cryptomix victims were users from 29 countries, they were forced to pay up to $ 3,000.

10. Jigsaw

Another malware from the list that started its activity in 2016. Jigsaw inserts an image of a clown from the Saw movie series into spam emails. As soon as the user clicks on the image, the ransomware not only encrypts but also deletes the files in case the user delays in paying the ransom, the size of which is $ 150.

Conclusions

As we can see, modern threats are using increasingly sophisticated exploits against well-protected networks. While increased employee awareness is helping to cope with the impact of infections, businesses need to go beyond basic cybersecurity standards to protect themselves. Defending against today's threats requires proactive approaches that leverage real-time analysis capabilities based on a learning engine that includes understanding the behavior and context of threats. You have to more depend on cloud antivirus rather than traditional antivirus so that your security protection will be totally cared for by the cloud server organization.

Wednesday, October 28, 2020

Cybersecurity Tips for Business | Use Cloud Antivirus Service

The Internet is constantly growing and improving, thanks to this we can now communicate freely with people all over the world. With the spread of Wi-Fi, we began to create devices that also connect to the Internet by transmitting data over the network. This is great, but the flip side of the coin is that every person connected to the Internet on the planet now has their own networks and their own data, which can become a victim of theft.

Prevent Cybercrime Against Small Business

We believe that raising awareness of these vulnerabilities and educating the public can make the internet a little safer. It will be useful for businesses to learn about such effective information security measures as employing hackers, simulating phishing for their employees, and cyber insurance policies.

Basic Rules to Prevent Cybercrime Against Small Business

1. Be Careful With What You Post About Yourself and Others

How you talk about others on the Internet reveals a lot about your own personality. In addition, you can get yourself in trouble with the law or even become vulnerable to theft or burglary. People can track what you say online - so if you said you were going on vacation for the week, it should be easy for a potential burglar to find your address. Caution should be exercised about violations of NDAs, employment contracts, and other agreements that you have signed. In addition, it may be a violation of the law to disclose someone else's personal information or publicly accuse a person without any evidence.

2. Understand What Data Your Company Collects - and Make Sure It is Protected

In order to keep your business data safe, you must audit and determine which of them is public information (and therefore should not be closely guarded), which are of medium importance, so that they will not greatly affect the business. in the event of a leak (some security measures should be established for them) and, finally, which data is most important and confidential. The last category of data will greatly affect the business in the event of theft - and it must be protected as reliably as possible with the strictest access rights for employees and partners.

3. Use Multiple Authentication Factors

Authentication is the act of confirming identity (whether a user, computer, or other devices) by comparing the provided credentials with an existing database of authorized users before allowing a given system or application to access the system. For example, entering a username and password to access your email account. But instead of relying only on passwords, which are becoming increasingly insecure, we recommend using multiple factors for authentication. These factors include some user secrets (for example, username/password, answer to a secret question), some of their physical property (for example, digital certificate, smart card), and some biometric factor (for example, fingerprint, face recognition).

4. Enable Https for Your Site

An SSL / TLS certificate is installed on the server to activate HTTPS. This certificate encrypts all data between the browser and the server, be it personal or financial information that is entered on a web page, or the content of pages. In this way, information is protected from outsiders (for example, from intruders and government surveillance). SSL certificates can also tie your brand to a website: this allows visitors to verify that your site really belongs to your company and not a scammer (in the case of a phishing site). The EV SSL certificate clearly demonstrates this by coloring your browser address bar green and showing your company name.

5. Use Strong and Unique Passwords

Many black hackers sell data that they managed to get after hacking. This includes information about thousands, if not millions, of users and their passwords. If you use the same password on every account, then it becomes a trivial task for a hacker to gain access to all of your systems. Or a hacker can brute force the password. It is much more difficult if the password is long, composed of a variety of characters, and does not contain words from the dictionary. Use a password manager to ensure you don't forget unique passwords for each service.

6. Update All Software

Hackers are always looking for new vulnerabilities in the software your business is using. Finding them is as easy as finding a path on your Windows network. At the same time, the software companies themselves are working hard to release patches to fix these vulnerabilities, so it is very important to update the software as soon as an update is released.

7. Back Up All Data

Backups ensure that files can be recovered in the event of data loss. You should always store your data in different locations, physically separated, so that hackers cannot access everything at once. And the backups need to be updated regularly.

8. Install a Firewall on the Internet Gateway

Firewalls are designed to prevent unauthorized access to the private network. A set of rules can be established to determine which traffic is allowed and which is denied. A good firewall should monitor both inbound and outbound traffic.

9. Use the Cloud Antivirus

Cloud services are a useful tool, especially for small and medium-sized companies that want to place their data under the protection of a large company. When registering with a cloud antivirus provider, it is important to make sure you know everything about it. Where are the data centers, where exactly your data is stored, and how you can access it?

10. Security Training for Employees

From time to time security training should be arranged for employees to educate them about various cyber threats.

  • Establish rules for using your own devices in the workplace
  • Create an incident response strategy
  • Training employees to work with passwords
  • Make sure employees check for the letter s in https when they search the web
  • Use secure email communications and provide training on the risks of phishing attacks
  • Leaders must spread a culture of cybersecurity
  • Simulation of phishing to keep employees in good shape - in a playful way for interest

What to Do if I Receive Fraudulent Emails | Antivirus Software

Please note, many fraudulent emails are currently circulating in order to recover your personal and banking data. This scam technique is called "phishing". How to recognize a phishing attempt? What steps should you take, especially with your bank, if you are a victim of phishing?

Receive Fraudulent Emails

What is Internet Phishing?

Phishing (or “phishing”)  is an Internet scam technique increasingly used by hackers to steal personal data such as:

  • your name and address,
  • your contact details (telephone, postal address, etc.),
  • your date of birth,
  • your bank account number,
  • your social security number,
  • your Internet connection details for banking or merchant sites ...
  • your e-mail username and password, etc. 

To obtain this information, the hackers send a  fraudulent e-mail that appears to come from the Administration  (tax service, health insurance, family allowance fund),  a bank, or a recognized company  (telephone operator, operator of energy, e-commerce site, etc.).

How to Recognize a Fraudulent Email?

The sender's email address includes the name of the organization or company whose identity has been spoofed but often contains anomalies (inconsistencies in the logo, text, spelling errors, etc.). It is one of the first things to look out for to prevent personal data theft.

The content of the email is not personalized (for example, it begins with "dear customer"). The body of the message can contain an image instead of the text to prevent the detection of the mail by the spam filters.

The email invites you in a short time:

  • to respond directly to the e-mail by providing personal data,
  • to click on a link to complete a form,
  • or open an attachment. 

In the typical fraudulent e-mail, the excuses often put forward are the following: an update of your personal data, the verification of a debt, a payment, the imminent deactivation of your account, a reward, or a discount (for example a tax reduction).

In general, the email may contain either a  link that refers to a fraudulent website strongly resembling the official website of the company or organization in question (site URL address, the home page, and logo almost identical), or an attachment (form to fill in, the program to run, etc.).

Either way, you risk giving information to crooks and infecting your computer with a virus that will pick up whatever you type on your keyboard and send it to the crook.

What Are the Precautions to Take After Receiving a Fraudulent Email?

If you have received a suspicious email  :

  • do not answer the email,
  • Report the fraudulent email and the offense of which you have been the victim to the competent authorities on the Internet platform
  • forward it to the address alert@securite.lcl.fr if this email mentions LCL
  • do not click on any link contained in the email / do not open the attachments,
  • destroy the email,
  • update your computer's protection system (antivirus software, firewall, anti-spyware). 

If you have any doubts, call the organization or company in question directly before answering the email.

If you have already replied to a fraudulent email  :

  • notify the organization whose identity has been spoofed and change inadvertently transmitted passwords;
  • check your bank statements and make sure that no amount has been withdrawn irregularly. If not, contact your bank immediately to object.

Tuesday, October 27, 2020

What is Phishing? And How to Avoid Scams Like That?

Phishing messages (or phishing scam ) are among the biggest dangers on the internet. These fraud attempts arrive via email, social networks, WhatsApp, and the like, and can result in serious consequences for victims, especially financial loss.

Phishing Scams

It is to help you protect yourself against this danger so often that this text was written: in it, you will understand what phishing is, you will know how this type of message tries to deceive you and you will see tips on how to prevent yourself.

What is Phishing?

The term phishing refers to the English word fishing, which means "Pescara", in free translation. The association with this activity is not a mere chance: phishing scam is an attempted fraud on the Internet that uses "baits", that is, devices to attract a person's attention and make him perform some action.

If the individual "takes the bait", he may end up informing strangers of bank details or other confidential information, only realizing late on that he was the victim of online fraud. In the same way, you can infect your computer or smartphone with a virus or other malware.

Phishing often arrives via email, but it can also exploit other means, such as SMS, social networks, and instant messaging services, such as WhatsApp, Telegram, and Facebook Messenger.

Typically, messages of this type are created to appear to be issued by well-known institutions, such as banks, telephone operators, government agencies (such as the IRS or some DMV), and credit card administrators, although they can also impersonate individuals.

This is one of the main features of phishing scams. Another is the arguments used to convince the user to click on a questionable link or file that accompanies the message.

Main Dangers of Phishing

Arroba - illustrative image a person receives a phishing scam message and does not realize that they are facing fraudulent content, they can take an action that will result in financial loss or other inconvenience.

An e-mail of the type that passes for bank notice, for example, can guide the user to click on a link to update a record. In doing so, the person will fall on a fake website, but very similar to that of the banking institution. If you do not notice that that page is not legitimate, it will provide sensitive data, such as the current account number and account access password.

This type of fraud is so common that, today, many banks use complementary protection measures, such as requiring an extra code sent by SMS or application or allowing the user to access the account only from registered cell phones or computers.

In a more sophisticated scheme, the message may contain an attachment or link that points to malware. If the user executes it, the plague will install on his computer or mobile device and will be able to perform a series of actions, such as recording typed data, capturing user files, or monitoring his activities on the web.

Another possible consequence of phishing is to confirm that the user's email or mobile number is active. After that, the person will start receiving other messages of the type of SPAM (unsolicited e-mails) and can still be classified as a "potential target": when executing the action of the first message, he told the scammers not to know how to identify misleading content.

Variations can affect the user in other ways. A person can, for example, accept an invitation to a supposed game on a social network. In doing so, the malicious application can automatically issue invitations to other users. These, upon realizing that the invitation came from an acquaintance, will be able to accept it, continuing the scheme.

It doesn't end there. Other examples of problems: the user's computer, if infected by malware, can emit SPAMs; accounts on online services can be hacked thanks to the capture of passwords and usernames; the person may make purchases on a fraudulent website and, for this reason, not receive the product; and so on.

What if the Phishing Has My Full Name or Social Security Number?

It may happen that phishing has your full name, social security number, or other personal information. The objective here is obvious: with this data, it is easier to convince you of something.

Fortunately, this type of message is unusual. What happens is that, in some way, the fraudster had access to a database with people records. This is possible, for example, when an online store is hacked or when an employee of a company improperly resells information.

Therefore, even when the message contains personal data, do not disregard the possibility of an attempted coup there.

Tips to Protect Yourself From Phishing

It is practically impossible to prevent scams from reaching you, but a few simple precautions help you get rid of the danger:

  • The first is to observe the characteristics of the message (visual, spelling errors, suspicious links, persuasive arguments, among others), as explained above;
  • Remember that debt notices, court summons, or registration requests, for example, are not usually made by email or social media, but by correspondence sent to your home or workplace. Do not be carried away by the threatening or alarmist tone of the message;
  • Be suspicious of very generous offers. Nobody will give you prizes for contests that you are not participating in or will offer a product with a price much lower than what is practiced by the market. If you are required to pay a fee or make a cash contribution, you can be sure that it is fraud;
  • Be careful with your curiosity and be wary of sensational news, conspiracy theories or news that cannot be confirmed in renowned vehicles;
  • If you have doubts about the legitimacy of a message, contact the mentioned company or institution by phone or official website to ask for clarification;
  • Use total security software and update your software, especially browsers. They can block inadvertent clicks on malicious files or links;
  • If you are sure that a message is phishing, delete it immediately. You can also mark it as spam when possible. This is because, depending on the service used, if a significant number of users mark a message as such, it can be automatically blocked in other people's accounts;
  • Pass these guidelines on to family, friends, co-workers and other close people to prevent them from falling victim to the problem.

I Fell Into Phishing. What to Do?

  • If you took any action due to the influence of phishing, you must act soon. If you have entered a fake bank website and entered your personal data, for example, you must immediately contact the bank to block your account and obtain a new password. If you have already passed your credit card details, it is important to contact the operator to cancel it and check for unrecognized entries.
  • If you've clicked on malware, it's a good idea to check your computer or mobile device with an up-to-date, reliable antivirus. In addition, it may also be a good idea to change passwords entered after contamination.
  • In the event of injury or any other considerable inconvenience, do not hesitate to seek guidance from law enforcement or judicial authorities.

November 27 is Black Friday and November 30 is Cyber ​​Monday

One of the strongest sales campaigns in shops and online sales recently established in Spain is Black Friday and Cyber ​​Monday. A tradition...