Tips to avoid being scared to death by cyber criminals this spooky season

The spooky season is in full swing – the summer is over, and the temperatures have dropped. As the day gets shorter, the leafy streets and the smell of pumpkin spice latte are slowly telling everyone that the fall has arrived. However, the spooky season is not all about pumpkin patches and Halloween decorations. 

We may not be sure how helpful are the scary costumes when it comes to warding off evil spirits, but we may know a thing or two when it comes to spooking cyber criminals. Evil spirits don’t aim to drain your bank account, steal your identity, ruin your business, and destroy your life. 

Still, most online bad actors’ primary goal is to exploit cyber loopholes and swindle anyone who is unprotected or unwise enough to fall for their scams. Here are our five tips on spooking criminals away from you and your loved ones.

Freeze your credit

There have been so many data leaks over the years that your SSN and other sensitive information are very likely dangling around on the dark web.

When hackers steal credit card numbers, banks issue new ones with different numbers – but the government makes it extremely hard for people should they want to change SSNs.

You likely don’t get to buy a new car or a house or do transactions that require SSN often, so freezing your credit is arguably one of the best ways to spook the crooks. Keep it frozen and unfreeze it only when necessary.  

Don’t click on links in emails and text messages

There are a variety of scams that could reach you. All of them have one thing in common – they exploit a weakness. 

Users would accidentally (or on purpose) click on a suspicious link in a phishing email. Others might feel lonely enough to reply to a random person starting an online conversation and lose their lifetime savings in a pig butchering scam.

Whatever the weakness, try to hide it and show strength instead – that certainly is a way to shoo off the fraudsters. 

Antivirus software

Indeed, one of the best ways to scare off crooks is by having a proper defense system. Some antivirus software solutions are so good that they destroy any hacking attempts.

They hide your information when necessary; they help you stay untraced while browsing online; they prevent phishing emails from reaching you and block you from being able to visit suspicious websites.

The systems also run scans on your connected device and quarantine suspicious files.

Change your passwords frequently

Cybercriminals love to take advantage of old stolen password databases. You will be safe if you maintain good password hygiene and change passcodes every three months. Passwords that are twelve characters or more and contain numbers, letters, and special symbols are preferable. 

Fraudsters get less motivated if they deal with a long and strong password. Activating two-factor authentication also helps as it stops hackers from forcing their way into a bank account or a profile. 

Shop wisely

The spooky season also marks the beginning of the shopping season.

Apart from shopping only at recognizable online stores, an excellent way to spook bad actors is using credit cards instead of debit cards. Credit cards often have insurance, so you will likely get refunded even if you fall for a scam. 

However, if you’ve purchased stuff with your debit card and hackers somehow have managed to steal your card info, they could potentially drain your bank account, and the bank won’t be able to do much to restore the stolen funds. 

Make the spooky season even spookier for fraudsters by following the above tips. Keeping the bad actors away would give you more time to enjoy the fall festivities and prepare for the holidays.  

The post How do you spook cyber criminals? appeared first on Panda Security Mediacenter.

Casino and hotel giant Caesars Entertainment reports compromised driver’s license and social security numbers of loyalty program customers.

Caesars Entertainment, the company operating more than fifty properties, including some of Las Vegas’ most significant landmarks, such as Caesars Palace and Paris Las Vegas, has been hit by a cyber-attack that compromised the sensitive personal information of many loyalty program customers. The incident resulted from a social engineering attack on a third-party IT support vendor hired by the resort giant.

The stolen information includes full names, driver’s licenses, social security numbers, addresses, and other personal information that fraudsters could exploit. According to a report by the Wall Street Journal, Caesars Entertainment paid a big chunk of $30 million ransom to the hackers after they threatened to release the stolen information. There is no evidence that the stolen data has been used to commit crimes, and the number of affected individuals remains unknown.

Caesars Entertainment discovered the attack on September 7th, 2023, and is currently cooperating with authorities to establish the identity of the perpetrators. The resort giant also stated that they have started notifying individuals who might have been affected by the cyber security attack. The victims are being offered credit monitoring and identity theft protection services.

Those caught in the spider’s web

Caesars Entertainment and all its high-profile properties on the Las Vegas Strip are not the only ones affected by hackers. Sin City generated interest among cybercriminals as another entertainment giant reported a similar incident. Bad actors also crippled MGM.

The cybercriminals responsible for the incident are either from ALPHV, also often referred to as Black Cat, or an organization called Scattered Spider. The attack was noticed by MDM on September 10th after doors and elevators in MGM facilities became unusable, as well as slot machines and ATMs.

MGM was forced to shut down computer systems for days, causing inconvenience to both employees and customers. Currently, there is no information on how the attack happened and if it is related to the attack on Caesars Entertainment.

The FBI is investigating the incident, and CISA is working with MGM to understand the impact of the cyber security breach, as currently, it is unknown what the hackers managed to steal from the entertainment giant. MGM’s official website was not operational for days.

Hackers might go after other high-profile players in Las Vegas, including Hard Rock International and Vici Properties, the organizations behind other Las Vegas landmarks, such as The Mirage, Luxor, and Hard Rock Hotel and Casino. However, neither Vici Properties nor Hard Rock International reported any recent cyber incidents.

The post Scattered Spider “bites” in Las Vegas appeared first on Panda Security Mediacenter.

Hackers compromise Vitalik Buretin’s X account stealing $800k+ worth of crypto.

Hackers managed to hijack Vitalik Buretin’s X (formerly known as Twitter) account and tweeted a link that directed his nearly five million followers to a malicious link.

The founder of Ethereum is one of the most followed people in the crypto world, but even X’s tight security could not stop the hackers who managed to run away with almost $1 million worth of digital funds.

The now-deleted tweet stated that Vitalik invites everyone to celebrate Proto-Danksharding’s coming to Ethereum. This feature supposedly aims to significantly reduce the cost of transactions in the ETH ecosystem. Instead of getting access to a free commemorative NFT called “Proto” Vitalik’s hacked account forwarded the victims to a malicious site, inviting the victims to connect their wallets to claim the “free” NFT. This was obviously a scam, as crypto funds worth hundreds of thousands of dollars were drained. 

One of the first people to notice the abnormality in Vitalik’s Twitter account was his father, who tweeted that people should disregard the post as Vitalik was working on restoring access to his hacked account. Many others followed after realizing that the link was malicious and ingenuine.

Read also: Cryptocurrency Scams: What to Know and How to Avoid Them

The hackers likely managed to access Buretin’s Twitter account by SIM swap or using an inside person at X. The investigation is ongoing. Luckily, the social media account was restored only a few hours after publishing the fraudulent tweet. Many are now asking Vitalik to reimburse the victims. Vitalik Buretin has not confirmed whether he plans to find a way somehow to take care of the victims of the scam. X has not published a comment either. The price of ETH briefly dipped after the cyber incident. 

Being a public figure does not mean not suffering cyberattacks

Even the most knowledgeable tech people in the world are in danger of hacking. Vitalik Buretin did not register any monetary losses from this cyber-attack, but his reputation certainly took a hit. The fact that he is one of the most influential figures in the crypto industry does not insure him from cyber-attacks. On the contrary, it makes him a more attractive target to eager cyber criminals.

Vitalik Buretin is not the only high-profile person temporarily losing control of a social media account. Hackers often target celebrities to push scams. Phishing messages can come from everywhere and on different platforms. Proper antivirus software installed on all connected devices prevents users from ending up on malicious websites, even if the links come from public figures.

The post Vitalik Buretin’s X account: hacked appeared first on Panda Security Mediacenter.

Technology has evolved rapidly in the last two decades, bringing about new innovations and tools to help us navigate our tech-driven world. While much of this technological evolution has resulted in tools that help us work, live and navigate modern life with more ease, technology has also opened a widening window of security vulnerabilities that cybercriminals love to exploit.

Hackers — and the malware they use in their crimes — have also evolved, and the methods they use to carry out their attacks have become increasingly sophisticated. Today’s modern-day hackers are nothing short of skilled professionals, and they fall into a few different categories based on their motives and how they perform their attacks.

In fact, not all hackers are criminals — some are actually hired to stop criminals in their tracks. Read on for a breakdown of 14 types of hackers to watch out for.

1. Black Hat: Criminal Hackers

A black hat hacker is a cybercriminal who breaks into computer systems with malicious or criminal intent. Black hat hackers are probably what you think of when you picture a typical hacker or cybercriminal. Their advanced technical knowledge and ability to navigate the cybersecurity landscape is what makes them so skilled in carrying out their attacks. They go out of their way to find vulnerabilities in computer systems and software, which they exploit for financial gain or other malicious purposes.

These hackers can do serious harm to individuals and organizations alike by stealing sensitive or personal data, compromising entire computer systems, or altering critical networks.

Motives: to profit from data breaches

Most at risk: organizations, which hackers typically target to steal sensitive data that can compromise a business financially.

2. White Hat: Authorized Hackers

Similar to black hat hackers, white hat hackers are cybersecurity experts who use their skills to find vulnerabilities in organizational networks and computer systems. The key difference between them, however, is that white hat hackers are authorized to hack these systems to spot security vulnerabilities before a criminal hacker can.

Typically hired by governments or large businesses, white hat hackers identify and fix loopholes or weaknesses found in organizational security systems to help prevent an external attack or data breach.

Motives: help businesses prevent cybersecurity attacks

Most at risk: criminal hackers

3. Gray Hat: “Just for Fun” Hackers

A gray hat hacker is a cybersecurity expert who finds ways to hack into computer networks and systems but without the malicious intent of a black hat hacker. Typically, they engage in hacking activities for the pure enjoyment of finding gaps in computer systems, and they might even let the owner know if they find any weak points. However, they don’t always take the most ethical route when doing so — they may penetrate systems or networks without the owner’s permission (even though they aren’t trying to cause any harm).

Motives: personal enjoyment

Most at risk: anyone who doesn’t want unauthorized access to their systems and networks

4. Green Hat: Hackers in Training

A green hat hacker is someone who is new to the hacking world but is intently focused on increasing their cyberattack skills. They primarily focus on gaining knowledge of how to perform cyberattacks on the same level as their black hat counterparts. Their main intent is to eventually evolve into a full-fledged hacker, so they spend their time looking for learning opportunities from more experienced hackers.

Motives: to learn how to become an experienced hacker

Most at risk: no one (yet)

5. Blue Hat: Authorized Software Hackers

Blue hat hackers are hired by organizations to bug-test a new software or system network before it’s released. Their role is to find loopholes or security vulnerabilities in the new software and remedy them before it launches.

Motives: to identify vulnerabilities in new organizational software before it’s released

Most at risk: criminal hackers

6. Red Hat: Government-Hired Hackers

Red hat hackers are hired by government agencies to spot vulnerabilities in security systems, with a specific focus on finding and disarming black hat hackers. They’re known to be particularly ruthless in their hunt for black hat criminals, and typically use any means possible to take them down. This often looks like using the same tactics as black hat hackers and using those methods against them — using the same malware, viruses and other strategies to compromise their machines from the inside out.

Motives: to find and destroy black hat hackers

Most at risk: black hat hackers

7. Script Kiddies: Ametuer Hackers

Script kiddies are amateur hackers who don’t possess the same level of skill or expertise as more advanced hackers in the field. To make up for this, they turn to existing malware created by other hackers to carry out their attacks. Unlike green hat hackers who are eager to learn hacking techniques, script kiddies are more interested in buying or downloading existing tools for hacking.

Motives: to cause disruption

Most at risk: organizations with unsecured networks and systems

8. State/Nation Sponsored Hackers: International Threat Prevention Hackers

State/nation sponsored hackers are appointed by a country’s government to gain access to another nation’s computer systems. They use their cybersecurity skills are used to retrieve confidential information from other countries in preparation for a potential upcoming threat or attack and to keep a pulse on sensitive situations that could pose a threat in the future. These types of hackers are hired solely by government agencies.

Motives: to monitor and prevent international threats

Most at risk: international hackers and criminals

9. Malicious Insider: Whistleblower Hackers

Malicious insider hackers are individuals who employ a cyberattack from within the organization they work for. Also known as whistleblowers, their motivation for attack can vary from acting on a personal grudge they have against someone they work for to finding and exposing illegal activity within the organization.

Motives: to expose or exploit an organization’s confidential information

Most at risk: internal executives and business leaders

10. Hacktivists: Politically Motivated Hackers

A hacktivist is someone who hacks into government networks and systems to draw attention to a political or social cause—hence why the name “hacktivist” is a play on the word “activist.” They use hacking as a form of protest, retrieving sensitive government information and using it for political or social purposes.

Motives: to shed light on an alarming social or political cause (or to make a political or ideological statement)

Most at risk: government agencies

11. Cryptojackers: Cryptocurrency Mining Hackers

Cryptojackers are known to exploit network vulnerabilities and steal computer resources as a way to mine for cryptocurrencies. They spread malware in a variety of ways, often by planting infectious viruses across the web. These viruses and ransomware-like tactics help them deploy malicious code on victims’ systems, which work quietly in the background without the victims’ knowledge. Once the code is planted, it sends the results back to the hacker.

Cryptojackers are tough to spot, since the malicious code can go undetected for a long time. Since their motive isn’t to steal victims’ data, but rather to use their system as a vehicle for cryptocurrency mining, it’s difficult to trace the source of the infection once it’s discovered.

Motives: cryptocurrency mining

Most at risk: any individual or organization with unsecured networks

12. Gaming Hackers: Hackers of the Gaming World

A gaming hacker is someone who focuses their hacking efforts on competitors in the gaming world. With the gaming industry booming, it’s no surprise that its own specialized category of gaming hackers have emerged as a result. Professional gamers might spend thousands of dollars on high-performance hardware and gaming credits, and hackers typically carry out their attacks in an attempt to steal competitor’s credit caches or cause distributed denial-of-service (DDoS) attacks to take them out of the game.

Motives: to compromise gaming competitors

Most at risk: high-profile gamers

13. Botnets: Large-Scale Hackers

Botnet hackers are malware coders who create bots to perform high-volume attacks across as many devices as possible, typically targeting routers, cameras and other Internet of Things (IoT) devices. The bots operate by looking for unsecured devices (or devices that still have their default login credentials intact) to plant themselves in. Botnets can be used directly by the hacker who created them, but they’re also frequently available for purchase on the dark web for other hackers to take advantage of.

Motives: to compromise a high volume of network systems

Most at risk: individuals with unsecured routers and WiFi-connected devices

14. Elite Hackers: The Most Advanced Hackers

Elite hackers are the cream of the crop in the world of cybercriminals, and are considered to be the most skilled hackers in their field. They’re often the first ones to discover cutting-edge attack methods, and are known to be the experts and innovators in the hacking world. They can use their skills for black hat, white hat or any other type of hacking.

Motives: to perform advanced cyberattacks on organizations and individuals

Most at risk: high-revenue corporations

Types of Hackers FAQ

Still have questions about different types of hackers? We answer them below.

What Are the Three Main Types of Hackers?

The three main types of hackers are black hat hackers, white hat hackers and gray hat hackers.

What’s the Difference Between White, Black and Gray Hat Hackers?

The difference between white, black and gray hat hackers lies in their motives. White hat hackers use their hacking skills for good by proactively finding system vulnerabilities before cybercriminals exploit them. Black hat hackers use their skills for malicious purposes, usually for financial gain. As the name might suggest, gray hat hackers engage in hacking activities purely for fun — without good or bad intent.

How Does Hacking Work?

Hackers use various methods to carry out their goal of finding (and often exploiting) vulnerabilities in a computer system or network. They can: 

• Use social engineering tactics or brute force attacks to gain unauthorized access to personal information like usernames and passwords, which they can then exploit for financial or personal gain 
• Use malicious code or programs to infiltrate a user’s device and deploy malware
• Take advantage of open, unsecured networks to gain access to the devices on those networks
• Intercept emails to gain access to sensitive information 
• Install monitoring software to log keystrokes and capture login credentials, credit card numbers and other sensitive data

The constant evolution of today’s cyberscape means an ever-increasing amount of information is available online, and there are countless types of hackers looking to exploit it. While the intent of every hacker is different, the danger they pose to your data remains the same. One of the simplest steps you can take to keep hackers at bay and defend against a potential attack is to make sure you’re equipped with a reliable antivirus.

The post 14 Types of Hackers to Watch Out For appeared first on Panda Security Mediacenter.

We analysed the results of our Europe-wide survey on cybersecurity, focusing on the safety of children on the Internet and how parents act in certain situations in order to prevent and address the various dangers that can arise for their children.

• Of the total number of respondents, 1511 people have children under the age of 18 and answered our cybersecurity-related questions.
• Almost 8 out of 10 Europeans are very or fairly concerned about what their children might be doing when they go online.
• Almost 2 out of 3 Europeans (64.26%) have some form of parental controls installed on the computer or mobile phone that their children use.

Is cybersecurity unfinished business for adults?

With the return to school, children and teenagers are once again immersed in the digital world, where education and entertainment are intertwined online. Although the Internet offers countless opportunities for learning and fun, it also presents dangers that can significantly affect youngsters. 

In this article, Panda Security wants to highlight the risks that children can face online and provide advice on how to protect them while navigating the Internet, based on the results of a survey of European parents.

Things have changed quite a lot: children used to come with a loaf of bread under their arm, but now it could be said that they come with an electronic device. Our little ones have grown up with the Internet, while those of us who are not so little have had to learn about it “by force”, as it has crept into our jobs, our homes and our children’s education.

Although it is true that in the face of this situation adults have largely adopted an “adapt or die” attitude, now may be a good time with the beginning of a new academic year to go over those pending subjects which will help them to further improve their online skills.

Are we aware of the dangers that children can encounter when surfing the Internet?

From inappropriate content, to sharing personal information or suffering cyberbullying. Our little ones are just that, little, and if there is one thing that characterises them, it is their innocence and genuine ignorance of the dangers they can encounter on the Internet.

For them, the Internet is their playground and somewhere where they feel safe, as they not only play on it at home, but they also use it at school as a learning tool.  

And it is at this point that we adults come into play. You could say that our children are a football team and we are the coaches, and as coaches we have the mission to guide and get the best out of our players on the pitch, i.e. on the Internet.

Nearly 8 out of 10 Europeans surveyed with children under the age of 18 admit to being very or somewhat concerned about what their children might be doing when they go online (78.69%), with 13.5% are not very or somewhat concerned, and 7.81% not very or not at all concerned. Italy is the country whose citizens are the most concerned (87.72%), followed by Spain (83.63%). In Germany there is a higher percentage of respondents who are neither very or slightly concerned (23.01%), or not very or not at all concerned (15.03%).

We would like to recommend this post with some cybersecurity tips.

Cyberbullying and measures on how to deal with it

As we mentioned before, our children’s playground is now the Internet, and as bullying goes digital, a new term has entered our online dictionary: cyberbullying.

Cyberbullying consists of harassing, intimidating or humiliating another person through social networks, messaging applications or online gaming platforms.

In fact, 11% of Europeans say that their children have been cyberbullied at some point. Germany is the country with the highest percentage of respondents indicating that their children have been cyberbullied (15.95%), followed by France (11.96%), while Italian citizens are the ones who mostly deny it being a problem (73.35%). In the case of Spain, respondents indicate to a greater extent than other countries that they do not know if their children have been cyberbullied, and therefore cannot say for sure (23.79%).

“Talking to the person involved, going to the school to talk to the teachers, addressing the issue with the parents of the person doing the bullying, or bringing the case to the attention of the authorities are some of the most common reactions of parents when they learn that their children have been cyberbullied”.

In terms of the actions taken by respondents to deal with such a situation, we found different reactions.

The reaction of 38% of respondents who have children who have been cyberbullied was to talk directly to the person involved (38.15%). This was followed by talking to the teachers at school (31.21%), finding out who was behind it and talking to their parents (30.06%), leaving their child to fend for themselves (24.86%), reporting it to the police (22.54%), and ignoring the issue and putting it down as a child or adolescent issue (3.47%). 

Breaking it down by country, the French (47.27%) and Italians (36.11%) indicate that when faced with cyberbullying they spoke directly to the person, while Germans preferred to speak with the parents (40.38%), and in the case of Spaniards, they let their child defend for themselves (36.67%) or reported it to the police (36.67%).

Apart from implementing the previously mentioned measures, something we must not forget about is to talk to the victim, let them know that they are not alone in this situation and provide them with the necessary solutions, such as going to psychological therapy. Cyberbullying can be very hard for our children to deal with emotionally and it is our duty to help them to move past it.

Parental control tools to face up to the dangers of the Internet

It is clear that the aforementioned measures that parents adopt once they are aware of the dangers on the Internet are good, but this security can be further strengthened if we use parental control tools such as those we provide at Panda Security.

We offer online security solutions specifically designed to protect children in the digital age. These tools include content filtering, parental controls and online activity monitoring, which can be useful in maintaining a safe online environment.

It is crucial for parents to use parental control tools and to be aware of their children’s online activities. With 9 out of 10 Europeans typically monitoring their children’s online use, what if that 9 became 10 out of 10? This may seem like a small increase, but it could help to significantly reduce the levels of cyberbullying.

In addition to this, ongoing education about the dangers of the Internet and how to surf safely is essential for children to make informed choices.

Encourage responsible use

Something that should also be considered is the responsible use of the Internet, not only in terms of treating other Internet users with respect, but also in terms of the time children spend online. 

There are various WHO studies about the recommended maximum amount of time that children should spend on the Internet, and it is important to know how to disconnect in order to connect with the outside world. 

Encouraging responsible use can be done by setting time limits and as adults setting an example by limiting the amount of time we spend on our own electronic devices.

By educating children about online safety, setting boundaries and using parental control tools, we can help them make the most of the opportunities offered by technology while keeping them safe from online dangers. Together, we can create a safer and more positive online environment to accompany children on their educational journey.

The post Safety and the digital age, terms that should go hand in hand with our kids appeared first on Panda Security Mediacenter.

Like most people, you probably read customer reviews before you buy something online. In fact, 95% of people say that reviews are helpful when making purchasing decisions.

Realizing this, some sellers (and even major brands) have begun writing fake reviews – either to make their own products look better or to discredit their competitors. In fact, one study found that 31% of reviews left on Amazon, Walmart and BestBuy were fake.

So how can you spot these fake reviews?

Use a review checking service

Websites like ReviewMeta and FakeSpot use advanced language analysis to assess whether reviews are real or fake. Simply paste the URL for a product and click ‘Analyze’. Both of these sites provide a score indicating how many ‘suspicious’ reviews have been written. You will also see a warning if the product has received a high proportion of fake reviews.

ReviewMeta and FakeSpot are optimized for use with Amazon, but they can also grade many other popular shopping sites. Unfortunately this does mean that not every site or product can be analyzed in this way.

Don’t just rely on stars

You’ll notice that many products have been rated 4.5 stars or higher. Sometimes this indicates a truly great product – other times it is evidence of fakery. Take time to read some of the reviews, particularly those of average or lower scores to try and get a balanced cross-section of what people are saying.

Use your common sense

Very short reviews (‘Great!!’, ‘Excellent product’, ‘Love this item’) aren’t very helpful. There is also a high chance that these reviews are fake, used to boost the star rating of the product.

Again, take some time to read other, longer reviews that provide more information about the product and the customer’s experience.

Read professional reviews

Customer reviews can sometimes be limited by the writer’s lack of experience. Say you want to buy a camera; the customer reviews are usually written by someone with very limited experience of cameras – in fact they may have only ever used that one device. A camera expert will have worked with many cameras however, allowing them to give a more detailed description and to compare between devices to help you make a smarter choice.

Because of this, expert reviews are particularly important when making high value purchases.

Check the reviewer

When considering reviews, take a moment to check out the reviewer themselves. Have they written many reviews? Have they written a lot of reviews in a very short period of time? Always be wary of accounts that have only ever written a single review. And reviewers who write lots of evaluations in a short period are very likely to be fake.

If you can’t trust the person writing the review, you can’t trust what they have written.

Just like when dealing with malware, your best protection against fake reviews is to keep your wits about you. These five tips will help you spot a fake review – and avoid falling victim to scammers.

The post How to spot a fake online review appeared first on Panda Security Mediacenter.

Google has been aggressively pushing its users to enable Enhanced Safe Browsing. Bleeping Computer reported that the message to enable the security feature appears even after users reject the invitation. Google insists that this will help users stay safe, and users with the feature enabled are 35% less likely to become victims of online scams. However, turning it on comes with a few drawbacks, including giving Alphabet more detailed access to user browsing habits, associated accounts, and overall online behavior.

READ ALSO: What Is HTTPS? A Guide to Secure Browsing and Sharing

What is Enhanced Safe Browsing, and how does it work?

The feature is not new. A version of it has been around for more than fifteen years. The tool had a facelift a few years ago, and Google had another push. Google stated that when users enable Enhanced Safe Browsing, Chrome activates a cyber security feature that allows live accurate threat assessment. In real-time, Google knows which sites users visit and checks whether the site is blacklisted or flagged for malicious activities. The feature also sends parts of downloaded files for investigation if Google thinks those files could be malicious. If the analysis determines possible threats, it starts preventing other users from being able to download them and warns others when entering the questionable websites hosting such files.

Why the concerns?

The fact that Alphabet’s Google is actively pushing its users to enable the feature raises some privacy concerns. The tech giant already collects vast amounts of data on its users, and many believe that by enabling this feature on Chrome, users might start sharing even more than before with the tech conglomerate. Google admits that the stored data is temporarily linked to an associated account, used for some time, and then anonymized. Hence, it is no longer connected to the profile that gathered it. However, cyber security experts confirm that the collected data could easily be connected to real persons only using information publicly available online.

Should you trust it?

Google, and its partners, already know a lot about you, so if privacy is of little importance to you, enabling the feature might be helpful. By allowing the tool to operate, you get some protection and help Google protect other users. Keeping the feature off might be your best option if you prefer not to share as much with big tech. Some people choose to enable the feature to stop receiving constant reminders to turn it on.

READ ALSO: Top 10 tips for safer, more secure web browsing

Is it enough? No, not really. Even though the feature could be helpful, having proper antivirus software installed on all connected devices is necessary. Antivirus software prevents users from being in the wrong place and time and often comes with features such as VPN that allow safe browsing without compromising privacy.

The post Google’s Enhanced Safe Browsing Explained appeared first on Panda Security Mediacenter.

In today’s world, where nearly everything is online, it’s all but guaranteed you will be affected by a data breach containing some of your sensitive personal information. IBM research indicates that between 2016 and 2018, more than 11.7 billion records and 11 terabytes of data were leaked or stolen in publicly reported incidents. To put that in perspective, 11 terabytes equals nearly a million phone books.

But what information is considered “sensitive” and how can you protect yourself from potential risks? The answers to these questions are not as complex as you might think.

Personal vs. Sensitive Personal Information: What’s the Difference?

Not all data is created equal. There’s a fine line between personal information and sensitive personal information, and understanding this distinction is crucial for both individuals and businesses.

• Personal information is any data used to identify an individual, like their name, address, email, photos, age or gender.
• Sensitive personal information (SPI) is a specific category of personal information that requires stricter protection due to the vulnerable nature of the data. Sensitive personal information includes a person’s race, ethnicity or cultural background, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health-related data, sexual orientation, criminal records and financial data.

By knowing these distinctions, you can better comprehend the nuances of data privacy laws and obligations to keep your information safe. Continue reading for a deeper exploration.

What Is Sensitive Personal Information?

Sensitive personal information is a particular category of personal information that is considered more critical and requires higher levels of protection. It includes details that, if exposed, could lead to serious consequences such as identity theft, cyberstalking or discrimination.

The range of what’s considered sensitive is broad and complex. However, if any of this information were to get into the wrong hands, it could have devastating impacts.

What Is Considered Sensitive Personal Information?

Sensitive personal information refers to data that reveals highly private or intimate details about an individual. Some examples include:

• Racial or ethnic origin: information about a person’s race, ethnicity or cultural background
• Political opinions: a person’s political affiliations, beliefs or opinions
• Religious or philosophical beliefs: information about an individual’s religious faith, spiritual beliefs or philosophical convictions
• Trade union membership: details about a person’s membership in labor unions or similar associations
• Genetic data: information related to an individual’s inherited or acquired genetic characteristics
• Biometric data: identifiable markers like fingerprints, facial recognition or other unique physical characteristics used for identification
• Health-related information: data about an individual’s physical or mental health, medical history or treatment records
• Sexual orientation: information related to a person’s sexual preferences or orientation
• Criminal record: details about a person’s criminal history, convictions or legal proceedings
• Financial information: sensitive financial data such as credit card numbers, bank account details or other financial status information

These categories of sensitive personal information are typically subject to stricter legal protections and require careful handling to prevent potential misuse or unauthorized disclosure.

What Is Not Considered Sensitive Personal Information?

While sensitive personal information requires heightened security measures, not all personal data falls into this category. Understanding what is not considered sensitive personal information helps differentiate between the data that requires extra protection and the information that, while still needing to be handled responsibly, doesn’t carry the same level of risk if exposed. Recognizing the difference can help you apply the appropriate level of care and protection and maintain a responsible approach to data privacy.

These are pieces of information that, while personal, are not classified as sensitive. They include:

• Name: your full name or initials
• Address: your residential or mailing address
• Contact information: phone numbers and email addresses
• Date of birth: although personal, it’s not considered sensitive
• Gender: male, female or other gender identities
• Business-related information: your job title or contact details related to your professional life
• Purchase history: records of what you have bought online or in stores
• Browsing history:: The websites you have visited (unless combined with other specific information that may reveal sensitive details)
• IP address: while unique to your device, it’s generally not considered sensitive

Both individuals and organizations should recognize this distinction. For individuals, it helps to know what rights and controls you have over your information. For organizations, it guides how different types of data should be handled, stored and shared, ensuring compliance with various privacy laws and regulations.

How Privacy Laws Address and Define Sensitive Information

The definition of sensitive information varies from law to law. Here are a few different definitions:

• General Data Protection Regulation (GDPR): deems sensitive information as data revealing political opinions, religious beliefs or data about a person’s sex life or sexual orientation
• California Consumer Protection Act (CCPA): defines sensitive information as certain government identifiers, login information, financial data, precise geolocation, personal communications, genetic data, biometric information, health, sex life or sexual orientation, racial or ethnic origin, religious or philosophical beliefs or union memberships
• California Online Privacy Protection Act (CalOPPA): does not distinguish sensitive information but describes personally identifiable information broadly
• Virginia Consumer Data Protection Act (VCDPA): information that includes data about racial or ethnic origin, religious beliefs, mental or physical health diagnoses, sexual orientation, citizenship or immigration status, genetic or biometric data and data from known children
• Personal Information Protection and Electronic Documents Act (PIPEDA): any data could be sensitive depending on the context; certain types of data, like health and financial data, are generally considered sensitive
• Personal Information Protection Law of the People’s Republic of China (PIPL): biometric identifiers, religious faith, particular identities, health and financial status, location tracking and data from minors under 14

While the definition of sensitive information varies, all laws indicate that organizations should only collect sensitive personal data if it’s essential to operations.

What Is Personal Information?

Personal information, often called personal data, is any information that can be used to identify a specific individual. It encompasses a wide range of data that could be linked to a particular person. Depending on the context, it can contain a wide range of data, such as names, addresses, phone numbers and more.

What Is Considered Personal Information?

The type and range of data classified as personal information can vary greatly, but generally includes the following: 

• Names: full names, nicknames or any other identifiers that can be used to recognize a person
• Contact information: phone numbers, email addresses and residential addresses
• Identification numbers: Social Security numbers, driver’s license numbers, passport numbers or any other government-issued identification numbers
• Financial information: bank account details, credit card numbers and other financial data
• Online identifiers: IP addresses, cookies or other digital markers that can be traced back to an individual
• Biometric data: information like fingerprints, facial recognition or other biological attributes used for identification
• Health and medical information: medical history, health conditions, treatments and other related data
• Employment details: information related to a person’s job, salary, employer and work history
• Personal preferences and behavior: shopping habits, hobbies, interests and other information that reflects individual preferences or behavior

How to Control Your Sensitive Personal Information

These days, controlling your sensitive personal information is more crucial than ever. With the rise of data breaches and other cyberthreats, it’s essential to take proactive steps to safeguard this valuable data.

Opt Out of Collection on Websites or Browsers

One effective way to manage your sensitive personal information is by opting out of data collection on websites or browsers.

Start by doing an online search for your name. Many data broker websites like Radaris, Pipl, Spokeo and Whitepages will have your information listed. To remove your data from these platforms, visit the opt-out pages or send an email request. 

The Privacy Rights Clearinghouse provides a comprehensive directory of such websites and their opt-out options. Scrutinize the privacy policies of your bank or other financial institutions since they often share data with brokers but typically allow you to opt out.

Submit a Data Subject Access Request (DSAR) Form

A data subject access request (DSAR) form can be instrumental in gaining control over your sensitive personal information. For instance, under the GDPR, an individual has the right to ask an organization whether or not it is processing their personal data. 

In practice, a DSAR allows users to access the stored information about them and understand its usage. They can then demand the rectification of incorrect data or its deletion. Companies must comply with DSARs within one calendar month for GDPR and 45 days for CCPA, upholding your right to control your personal data.

Use “Do Not Sell or Share My Personal Information” Links

The California Privacy Rights Act (CPRA) has expanded the “Do Not Sell My Information” option from the previous CCPA to “Do Not Sell or Share My Information.” 

This link, which must be visibly placed on a business’s homepage and Privacy Policy page, allows users to opt out of having their personal or sensitive personal information sold or shared with third parties. 

When a user selects this option, businesses are legally obligated to stop the sale or sharing of that user’s sensitive data, enhancing users’ control over their sensitive personal information.

Sensitive Personal Information FAQ

Navigating the world of sensitive personal information can be perplexing, especially with the ever-changing landscape of data privacy laws. Let’s look at some frequently asked questions about sensitive personal information.

Why Is Protecting Sensitive Personal Information Important?

Protecting sensitive personal information is vital for several reasons, including safeguarding individual privacy, preventing identity theft and ensuring legal compliance.

Is an Email Address, Nationality or Name Considered Sensitive Personal Data?

An email address, nationality or name alone is considered personal data but not sensitive personal data. However, they may be categorized as sensitive when combined with other specific information.

How Do I Know if My Sensitive Personal Data Is Collected?

You can determine if your sensitive personal data is collected by staying vigilant about your online interactions and doing the following.

• Review privacy policies: Reputable organizations will disclose what data they collect, how they use it and with whom they share it in their privacy policies.
• Use privacy tools: Various privacy tools and settings can help you control and monitor the collection of your sensitive personal information.
• Exercise legal rights: Laws like GDPR allow EU residents to inquire about collecting and processing their personal data, enabling them to have control and awareness.

Navigating the complex landscape of sensitive personal information can be challenging, but understanding its importance and how to protect it is crucial in today’s digital world. Whether you’re an individual seeking to safeguard your privacy or a business aiming to comply with data protection laws, being informed is the first step.

More than 30 million daily users trust Panda Security to protect their sensitive personal information. Consider our premium protection services to help keep your digital data secure.

The post Personal vs. Sensitive Personal Information: Differences & Examples appeared first on Panda Security Mediacenter.

In the realm of the digital age, data privacy has become an unsung protagonist. It’s the mysterious figure lurking behind every email sent, every transaction made and every site visited. Yet, for many, data privacy is a foreign concept often overlooked until it’s too late.

Data privacy is about keeping your personal information secure. Companies, governments and cybercriminals all seek this information for various reasons, making it vital to understand how to keep data protected. Luckily, our guide on data privacy provides the information you need to claim control of your digital footprint.

What Is Data Privacy?

Data privacy is the control an individual or organization has over sensitive information stored or collected about them. It is the ability to determine who has access to this data, how it’s used and the safeguards in place to protect it from unauthorized exposure. 

Personal data associated with data privacy includes sensitive information like names, addresses, Social Security numbers and financial data. It also extends to less overtly personal data like browsing history, location data, IP addresses and online purchases. Further, it may encompass biometric data, health care records and employment details.

The concept of data privacy traces its roots to the early days of computing, where personal information was stored electronically for various purposes. As the digital landscape expanded, concerns regarding data misuse and privacy breaches rapidly increased. 

The evolution of social media further compounded these concerns. With users freely sharing personal information on platforms like Facebook and Twitter, the amount of data being generated has reached unprecedented levels.

Why Is Data Privacy Important?

With technology advancing at breakneck speed, the importance of data protection and privacy is no longer optional — it’s a requirement. Data privacy hinges on allowing individuals to control their digital footprint.

Every time we connect to the internet, we generate an extensive amount of data. From simple social media likes to our shopping habits, this seemingly innocuous data paints a vivid picture of who we are. When this private data ends up in the wrong hands, repercussions can include:

• Identity theft: Personal data could fall into the wrong hands, leading to identity fraud, where individuals could face unauthorized transactions or criminal activity conducted under their name.
• Financial fraud: With access to sensitive financial information, cybercriminals could carry out fraudulent transactions, leading to serious monetary loss.
• Lack of trust: Companies could lose their customers’ trust, impacting customer loyalty and leading to business loss.
• Legal repercussions: Without adherence to data privacy laws and regulations, companies could face heavy fines and legal actions, damaging their reputation and finances.
• Increased cybercrime: The risk of cyberattacks could increase as more valuable data becomes easily accessible to hackers.
• Loss of privacy: Without data privacy, our personal lives could become an open book, accessible to anyone.
• Manipulation and exploitation: Data could be used to manipulate behavior and decisions, often without an individual’s knowledge or consent.

Data Protection vs. Data Privacy vs. Data Security

Data protection, data privacy and data security are three intertwined yet distinct concepts in the world of digital data.

Data protection is the overarching umbrella under which data privacy and data security find their shelter. It includes everything we do to keep information safe from things like data breaches, mishandling of information or misusing it. This wide-ranging concept includes regulations and policies to prevent data mishandling.

Nestled within this sphere is data privacy. It’s about the “right” use of data. It sets the rules for how and why businesses collect personal data, ensuring they use it in line with the individual’s consent and intended purpose. Data privacy is about respect and ethical treatment of information while maintaining user trust.

Finally, there is data security, the tech whiz of the group. It carries out protective digital measures, like firewalls, encryption, two-factor authentication and more. Data security is the buffer that protects against breaches and other cyberthreats.

In short, data protection, data privacy and data security work in harmony. Each has a distinct role, but together they create a secure digital environment.

Data Privacy Regulations

As technology advanced, so did the need for legal frameworks to govern the use and protection of personal data. These regulations include:

• The General Data Protection Regulation (GDPR), established in 2016, guarantees fundamental rights for EU residents, including the right to be informed, the right of access, the right to rectification, the right to deletion, the right to restrict processing, the right to data portability, the right to object and the right to opt out of automated decision making. These rights apply to EU citizens, regardless of their location outside the EU.
• The California Consumer Privacy Act (CCPA), California’s 2018 response to increasing concerns over data privacy, intends to provide consumers increased control over their personal data, irrespective of their location outside the state. To address certain shortcomings, the California Privacy Rights Act (CPRA) was introduced, modifying several elements of the CCPA, with enforcement beginning in 2023.
• The U.S. Health Insurance Portability and Accountability Act (HIPAA) was implemented in 1996 to set nationwide standards for health data. It clarifies the classification of sensitive health information, provides guidelines for data protection and outlines rules for compliant data releases.
• The Children’s Online Privacy Protection Act (COPPA), a U.S. law passed in 1998, concentrates on protecting the privacy of children under 13 years old. It sets stringent rules on the collection and usage of personal information related to children by websites and other online services.
• The Fair Credit Reporting Act (FCRA), enacted in the U.S. in 1970, assures individuals of their rights and protections concerning credit information. It imposes a legal obligation on credit reporting agencies for the accurate and fair management of this information, providing legal remedies for any violations. The FCRA also establishes restrictions on who can access a person’s credit information and the purposes for which it can be used.
• The Federal Information Security Management Act (FISMA) is a federal law introduced in the United States in 2002 seeking to fortify the security of government-operated computer and network systems. It requires every federal agency to develop a comprehensive program to ensure the security of information relevant to their operations and related assets.

How to Keep Your Data Safe

Safeguarding user privacy has become more important than ever before. Here are some examples of data privacy to make sure your personal information is secure:

• Create strong passwords: Your first line of defense is a robust password. Be creative and avoid common, predictable choices like “123456” or “password.” Using a password manager helps protect your password with encryption,  simplifies the login process and significantly enhances your online security
• Activate two-factor authentication (2FA): This adds an extra layer of security, making it difficult for unauthorized users to access your information.
• Beware of phishing attempts: Cybercriminals have become crafty, often disguising their attempts to steal your data as legitimate emails or messages. Be skeptical of any unexpected communications asking for sensitive data.
• Keep software up to date: These updates are not just fancy new features — they often include security patches to fix vulnerabilities, making it harder for hackers to access your data.
• Use a secure network: Don’t compromise user privacy by using public Wi-Fi for sensitive transactions. If it’s the only option, use a virtual private network (VPN) to encrypt your data, rendering it unreadable to outsiders.
• Limit social media sharing: Be careful of what you share on social media. Cybercriminals can use personal details for identity theft or to answer security questions.
• Encrypt your data: Encryption turns your data into unreadable text until it reaches its intended recipient. You can use encryption for emails, files and even your entire computer.

At Panda Security, we know nothing is more crucial than safeguarding your personal details. That’s why over 30 million daily users trust us to keep their data protected. Check out our premium protection services to see how we help keep your digital life secure.

The post What Is Data Privacy? The Secret to Safe Surfing appeared first on Panda Security Mediacenter.

You’ve probably heard of companies having massive data breaches and thought, “How did that happen?” or “What if I had been affected?” A data breach can be scary, as it’s a type of security violation where confidential data is exposed or stolen without authorization. They can also have serious outcomes like payment card fraud or even identity theft.

Here’s a deeper look into how data breaches can affect you, how they happen and how to prevent them.

What Is a Data Breach?

A data breach is a security incident where private, confidential or sensitive information is exposed or stolen by someone without authorization. They happen for various reasons, from human error to malicious attacks, and the consequences can be significant. Anyone is at risk of a data breach, especially if their accounts aren’t protected. 

Data breaches can result in: 

• Stolen credentials
• Identity theft
• Compromised assets
• Payment card fraud
• Third-party access to your accounts

Phases of a Data Breach

Unlike what your imagination may suggest, a malicious data breach looks less like someone dressed in all black sneaking into a building with a flash drive and more like people in a remote location scheming about how to hack into a database. 

However, not every data breach is malicious. Some are the result of human error or negligence, but we’ll go over that more in the next section. Here are the three stages of an intentional data breach.

1. Research

In the very beginning of a data breach, an attacker picks a target, usually a company or organization with access to personal data, and researches how they can infiltrate their target’s database. The attacker gathers information like employee information, financial records and security budgets. They also look for vulnerabilities like weak passwords, outdated software or unprotected network connections.

2. Attack

Taking what they’ve learned from their research, the attacker can now attack the data system. Here are some common ways attackers gain access to company systems or networks:

• Stolen credentials: Compromised usernames and passwords can be collected through the dark web, phishing, brute force attacks or even physical theft of devices to impersonate legitimate users and gain access to systems.

• Phishing emails: Attackers also use personal information from their research, like job titles or coworkers’ names, to trick their targets into providing credentials or clicking a malicious link that downloads malware onto their computer.

• Malware: Hackers use malicious software to secretly infect and take control of a victim’s computer or network to steal data. 

• Vulnerability exploitation: The attacker uses any vulnerabilities like weak passwords, misconfigurations or unpatched systems found within a company’s computer system to gain access.

• Denial of service (DoS) attacks: This attack overwhelms a website with excessive fake traffic until it’s unavailable to actual users. It’s a distraction from other security weaknesses so attackers can carry out data breaches.

3. Extract Data

Once the attackers have gained access to the target’s system or network, they can locate and extract valuable or sensitive data, including personal information, financial records or any other data that could be sold on the dark web. The extracted data is then copied or transferred to the attacker’s own servers where they can control and exploit it. Oftentimes a company won’t know its data has been stolen until a third party like law enforcement, service providers or customers report the breach.

How Data Breaches Happen

Data breaches can be a type of cybercrime if done maliciously, but it can also be an unintentional error from someone with authorized access to the data. Here are the causes of data breaches:

• Malicious insiders: People with access to the database intentionally misuse their access privileges to steal or leak sensitive information. 
• Malicious outsiders: Someone from outside the organization attacks a database via phishing, malware, vulnerability attacks or denial of service (DoS) attacks.
• Accidental insiders: Individuals with authorized data access accidentally expose data due to mistakes or lack of security measures. This is technically classified as a data leak since it’s an internal mistake; however, it still has the same consequences for those affected, and the company may still face legal ramifications.

Major Data Breaches and Their Consequences

Unfortunately, data breaches happen regularly, and every company without appropriate security measures in place is at risk. Check out these recently reported data breaches and their consequences: 

• T-Mobile: In 2023, T-Mobile was the victim of two data breaches. The first data breach affected over 37 million people, and the second affected over 800 people. Personal information including names, contact details, account PINs, Social Security numbers, birthdays and government IDs were compromised.
• ChatGPT: A vulnerability in ChatGPT’s open-source library caused a data breach in March of 2023. The breach exposed 1.2% of ChatGPT Plus subscribers’ names, payment addresses, email addresses, credit card expiration dates and the last four digits of credit card numbers during a nine-hour window.
• Roblox: Almost 4,000 attendees of the Roblox Developer Conference had personal data including physical addresses, names, email addresses, dates of birth and phone numbers breached in July of 2023.

Data Breach Prevention 

Companies with your personal data are responsible for safeguarding it, and you could still be a victim of a data breach even if you follow data security best practices. However, you can make it harder for attackers to use your devices or passwords to gain access to databases with these tips:

• Update software: Regularly updating your software ensures you have the latest security patches and fixes potential vulnerabilities attackers could exploit so you can avoid getting hacked.

• Encrypt data: Encryption converts your data into unreadable code so attackers have a harder time accessing or understanding your information. Some ways to encrypt your data include password managers, file encryption software or cloud storage.

• Upgrade devices: Keeping your devices up to date ensures you have the latest security features and protection against known vulnerabilities. You don’t always need the latest model, but you should upgrade when the manufacturer no longer supports your current software.

• Use strong passwords: Strong, unique passwords for each account makes it harder for attackers to guess or crack your credentials. Passwords should be at least eight characters (but the longer, the better) and have a combination of numbers, symbols and uppercase and lowercase letters.

• Implement multi-factor authentication: An additional verification step, like a unique code sent to your phone, is required for logging into your accounts with multi-factor authentication, making it more difficult for attackers to get into your account even if they have your password.

Data breaches can have serious consequences. Follow security best practices and use Panda Security’s antivirus software to further protect your accounts. 

Sources: IBM | The Verge | Open AI | PC Gamer

The post What Is a Data Breach + How Do You Prevent It? appeared first on Panda Security Mediacenter.