Tips to avoid being scared to death by cyber criminals this spooky season

The spooky season is in full swing – the summer is over, and the temperatures have dropped. As the day gets shorter, the leafy streets and the smell of pumpkin spice latte are slowly telling everyone that the fall has arrived. However, the spooky season is not all about pumpkin patches and Halloween decorations. 

We may not be sure how helpful are the scary costumes when it comes to warding off evil spirits, but we may know a thing or two when it comes to spooking cyber criminals. Evil spirits don’t aim to drain your bank account, steal your identity, ruin your business, and destroy your life. 

Still, most online bad actors’ primary goal is to exploit cyber loopholes and swindle anyone who is unprotected or unwise enough to fall for their scams. Here are our five tips on spooking criminals away from you and your loved ones.

Freeze your credit

There have been so many data leaks over the years that your SSN and other sensitive information are very likely dangling around on the dark web.

When hackers steal credit card numbers, banks issue new ones with different numbers – but the government makes it extremely hard for people should they want to change SSNs.

You likely don’t get to buy a new car or a house or do transactions that require SSN often, so freezing your credit is arguably one of the best ways to spook the crooks. Keep it frozen and unfreeze it only when necessary.  

Don’t click on links in emails and text messages

There are a variety of scams that could reach you. All of them have one thing in common – they exploit a weakness. 

Users would accidentally (or on purpose) click on a suspicious link in a phishing email. Others might feel lonely enough to reply to a random person starting an online conversation and lose their lifetime savings in a pig butchering scam.

Whatever the weakness, try to hide it and show strength instead – that certainly is a way to shoo off the fraudsters. 

Antivirus software

Indeed, one of the best ways to scare off crooks is by having a proper defense system. Some antivirus software solutions are so good that they destroy any hacking attempts.

They hide your information when necessary; they help you stay untraced while browsing online; they prevent phishing emails from reaching you and block you from being able to visit suspicious websites.

The systems also run scans on your connected device and quarantine suspicious files.

Change your passwords frequently

Cybercriminals love to take advantage of old stolen password databases. You will be safe if you maintain good password hygiene and change passcodes every three months. Passwords that are twelve characters or more and contain numbers, letters, and special symbols are preferable. 

Fraudsters get less motivated if they deal with a long and strong password. Activating two-factor authentication also helps as it stops hackers from forcing their way into a bank account or a profile. 

Shop wisely

The spooky season also marks the beginning of the shopping season.

Apart from shopping only at recognizable online stores, an excellent way to spook bad actors is using credit cards instead of debit cards. Credit cards often have insurance, so you will likely get refunded even if you fall for a scam. 

However, if you’ve purchased stuff with your debit card and hackers somehow have managed to steal your card info, they could potentially drain your bank account, and the bank won’t be able to do much to restore the stolen funds. 

Make the spooky season even spookier for fraudsters by following the above tips. Keeping the bad actors away would give you more time to enjoy the fall festivities and prepare for the holidays.  

The post How do you spook cyber criminals? appeared first on Panda Security Mediacenter.

Casino and hotel giant Caesars Entertainment reports compromised driver’s license and social security numbers of loyalty program customers.

Caesars Entertainment, the company operating more than fifty properties, including some of Las Vegas’ most significant landmarks, such as Caesars Palace and Paris Las Vegas, has been hit by a cyber-attack that compromised the sensitive personal information of many loyalty program customers. The incident resulted from a social engineering attack on a third-party IT support vendor hired by the resort giant.

The stolen information includes full names, driver’s licenses, social security numbers, addresses, and other personal information that fraudsters could exploit. According to a report by the Wall Street Journal, Caesars Entertainment paid a big chunk of $30 million ransom to the hackers after they threatened to release the stolen information. There is no evidence that the stolen data has been used to commit crimes, and the number of affected individuals remains unknown.

Caesars Entertainment discovered the attack on September 7th, 2023, and is currently cooperating with authorities to establish the identity of the perpetrators. The resort giant also stated that they have started notifying individuals who might have been affected by the cyber security attack. The victims are being offered credit monitoring and identity theft protection services.

Those caught in the spider’s web

Caesars Entertainment and all its high-profile properties on the Las Vegas Strip are not the only ones affected by hackers. Sin City generated interest among cybercriminals as another entertainment giant reported a similar incident. Bad actors also crippled MGM.

The cybercriminals responsible for the incident are either from ALPHV, also often referred to as Black Cat, or an organization called Scattered Spider. The attack was noticed by MDM on September 10th after doors and elevators in MGM facilities became unusable, as well as slot machines and ATMs.

MGM was forced to shut down computer systems for days, causing inconvenience to both employees and customers. Currently, there is no information on how the attack happened and if it is related to the attack on Caesars Entertainment.

The FBI is investigating the incident, and CISA is working with MGM to understand the impact of the cyber security breach, as currently, it is unknown what the hackers managed to steal from the entertainment giant. MGM’s official website was not operational for days.

Hackers might go after other high-profile players in Las Vegas, including Hard Rock International and Vici Properties, the organizations behind other Las Vegas landmarks, such as The Mirage, Luxor, and Hard Rock Hotel and Casino. However, neither Vici Properties nor Hard Rock International reported any recent cyber incidents.

The post Scattered Spider “bites” in Las Vegas appeared first on Panda Security Mediacenter.

Hackers compromise Vitalik Buretin’s X account stealing $800k+ worth of crypto.

Hackers managed to hijack Vitalik Buretin’s X (formerly known as Twitter) account and tweeted a link that directed his nearly five million followers to a malicious link.

The founder of Ethereum is one of the most followed people in the crypto world, but even X’s tight security could not stop the hackers who managed to run away with almost $1 million worth of digital funds.

The now-deleted tweet stated that Vitalik invites everyone to celebrate Proto-Danksharding’s coming to Ethereum. This feature supposedly aims to significantly reduce the cost of transactions in the ETH ecosystem. Instead of getting access to a free commemorative NFT called “Proto” Vitalik’s hacked account forwarded the victims to a malicious site, inviting the victims to connect their wallets to claim the “free” NFT. This was obviously a scam, as crypto funds worth hundreds of thousands of dollars were drained. 

One of the first people to notice the abnormality in Vitalik’s Twitter account was his father, who tweeted that people should disregard the post as Vitalik was working on restoring access to his hacked account. Many others followed after realizing that the link was malicious and ingenuine.

Read also: Cryptocurrency Scams: What to Know and How to Avoid Them

The hackers likely managed to access Buretin’s Twitter account by SIM swap or using an inside person at X. The investigation is ongoing. Luckily, the social media account was restored only a few hours after publishing the fraudulent tweet. Many are now asking Vitalik to reimburse the victims. Vitalik Buretin has not confirmed whether he plans to find a way somehow to take care of the victims of the scam. X has not published a comment either. The price of ETH briefly dipped after the cyber incident. 

Being a public figure does not mean not suffering cyberattacks

Even the most knowledgeable tech people in the world are in danger of hacking. Vitalik Buretin did not register any monetary losses from this cyber-attack, but his reputation certainly took a hit. The fact that he is one of the most influential figures in the crypto industry does not insure him from cyber-attacks. On the contrary, it makes him a more attractive target to eager cyber criminals.

Vitalik Buretin is not the only high-profile person temporarily losing control of a social media account. Hackers often target celebrities to push scams. Phishing messages can come from everywhere and on different platforms. Proper antivirus software installed on all connected devices prevents users from ending up on malicious websites, even if the links come from public figures.

The post Vitalik Buretin’s X account: hacked appeared first on Panda Security Mediacenter.

We analysed the results of our Europe-wide survey on cybersecurity, focusing on the safety of children on the Internet and how parents act in certain situations in order to prevent and address the various dangers that can arise for their children.

• Of the total number of respondents, 1511 people have children under the age of 18 and answered our cybersecurity-related questions.
• Almost 8 out of 10 Europeans are very or fairly concerned about what their children might be doing when they go online.
• Almost 2 out of 3 Europeans (64.26%) have some form of parental controls installed on the computer or mobile phone that their children use.

Is cybersecurity unfinished business for adults?

With the return to school, children and teenagers are once again immersed in the digital world, where education and entertainment are intertwined online. Although the Internet offers countless opportunities for learning and fun, it also presents dangers that can significantly affect youngsters. 

In this article, Panda Security wants to highlight the risks that children can face online and provide advice on how to protect them while navigating the Internet, based on the results of a survey of European parents.

Things have changed quite a lot: children used to come with a loaf of bread under their arm, but now it could be said that they come with an electronic device. Our little ones have grown up with the Internet, while those of us who are not so little have had to learn about it “by force”, as it has crept into our jobs, our homes and our children’s education.

Although it is true that in the face of this situation adults have largely adopted an “adapt or die” attitude, now may be a good time with the beginning of a new academic year to go over those pending subjects which will help them to further improve their online skills.

Are we aware of the dangers that children can encounter when surfing the Internet?

From inappropriate content, to sharing personal information or suffering cyberbullying. Our little ones are just that, little, and if there is one thing that characterises them, it is their innocence and genuine ignorance of the dangers they can encounter on the Internet.

For them, the Internet is their playground and somewhere where they feel safe, as they not only play on it at home, but they also use it at school as a learning tool.  

And it is at this point that we adults come into play. You could say that our children are a football team and we are the coaches, and as coaches we have the mission to guide and get the best out of our players on the pitch, i.e. on the Internet.

Nearly 8 out of 10 Europeans surveyed with children under the age of 18 admit to being very or somewhat concerned about what their children might be doing when they go online (78.69%), with 13.5% are not very or somewhat concerned, and 7.81% not very or not at all concerned. Italy is the country whose citizens are the most concerned (87.72%), followed by Spain (83.63%). In Germany there is a higher percentage of respondents who are neither very or slightly concerned (23.01%), or not very or not at all concerned (15.03%).

We would like to recommend this post with some cybersecurity tips.

Cyberbullying and measures on how to deal with it

As we mentioned before, our children’s playground is now the Internet, and as bullying goes digital, a new term has entered our online dictionary: cyberbullying.

Cyberbullying consists of harassing, intimidating or humiliating another person through social networks, messaging applications or online gaming platforms.

In fact, 11% of Europeans say that their children have been cyberbullied at some point. Germany is the country with the highest percentage of respondents indicating that their children have been cyberbullied (15.95%), followed by France (11.96%), while Italian citizens are the ones who mostly deny it being a problem (73.35%). In the case of Spain, respondents indicate to a greater extent than other countries that they do not know if their children have been cyberbullied, and therefore cannot say for sure (23.79%).

“Talking to the person involved, going to the school to talk to the teachers, addressing the issue with the parents of the person doing the bullying, or bringing the case to the attention of the authorities are some of the most common reactions of parents when they learn that their children have been cyberbullied”.

In terms of the actions taken by respondents to deal with such a situation, we found different reactions.

The reaction of 38% of respondents who have children who have been cyberbullied was to talk directly to the person involved (38.15%). This was followed by talking to the teachers at school (31.21%), finding out who was behind it and talking to their parents (30.06%), leaving their child to fend for themselves (24.86%), reporting it to the police (22.54%), and ignoring the issue and putting it down as a child or adolescent issue (3.47%). 

Breaking it down by country, the French (47.27%) and Italians (36.11%) indicate that when faced with cyberbullying they spoke directly to the person, while Germans preferred to speak with the parents (40.38%), and in the case of Spaniards, they let their child defend for themselves (36.67%) or reported it to the police (36.67%).

Apart from implementing the previously mentioned measures, something we must not forget about is to talk to the victim, let them know that they are not alone in this situation and provide them with the necessary solutions, such as going to psychological therapy. Cyberbullying can be very hard for our children to deal with emotionally and it is our duty to help them to move past it.

Parental control tools to face up to the dangers of the Internet

It is clear that the aforementioned measures that parents adopt once they are aware of the dangers on the Internet are good, but this security can be further strengthened if we use parental control tools such as those we provide at Panda Security.

We offer online security solutions specifically designed to protect children in the digital age. These tools include content filtering, parental controls and online activity monitoring, which can be useful in maintaining a safe online environment.

It is crucial for parents to use parental control tools and to be aware of their children’s online activities. With 9 out of 10 Europeans typically monitoring their children’s online use, what if that 9 became 10 out of 10? This may seem like a small increase, but it could help to significantly reduce the levels of cyberbullying.

In addition to this, ongoing education about the dangers of the Internet and how to surf safely is essential for children to make informed choices.

Encourage responsible use

Something that should also be considered is the responsible use of the Internet, not only in terms of treating other Internet users with respect, but also in terms of the time children spend online. 

There are various WHO studies about the recommended maximum amount of time that children should spend on the Internet, and it is important to know how to disconnect in order to connect with the outside world. 

Encouraging responsible use can be done by setting time limits and as adults setting an example by limiting the amount of time we spend on our own electronic devices.

By educating children about online safety, setting boundaries and using parental control tools, we can help them make the most of the opportunities offered by technology while keeping them safe from online dangers. Together, we can create a safer and more positive online environment to accompany children on their educational journey.

The post Safety and the digital age, terms that should go hand in hand with our kids appeared first on Panda Security Mediacenter.

No one wants to hop online to look for a new chocolate chip cookie recipe only to discover they’ve opened the door for hackers to find their personal information.

That’s why it’s so important to ensure the websites you browse are secure. 

There are a few ways that you can check this. One is by looking for the lock symbol. Another is heeding the warning on “your connection is not private” windows. If you ignore error messages like the “your connection is not private” error, you are putting your online information at risk. To help you stay safe online, we’ll explain the reasons the “your connection is not private” error may be appearing on your screen and how to fix it.

What Does the “Your Connection is Not Private” Error Mean?

The “your connection is not private” error message is exactly what it sounds like — it’s a message from your browser that informs you that the connection is not secure. This means that if you aren’t using an antivirus or encryption, your device and the personal information it contains are open to hackers. 

To access a website, your browser must run a check on the server’s digital certificates to make sure that the site is up to privacy standards and safe to proceed. If your browser finds something wrong with the certificate, it will stop you from accessing the site. This is when you’ll see the “your connection is not private” message. 

These certificates are also known as Secure Sockets Layer (SSL), public key infrastructure or identity certificates. They provide proof that a website is who it says it is and not just some clever developers imitating another website. Digital certificates help protect your personal information like passwords and payment information.

When your connection isn’t secure, it’s usually because there is an error in the SSL certificate.

What is an SSL Connection Error?

An SSL error connection occurs when there is no secure way for your browser to open what you have requested. This means your browser can’t verify a website’s identity and will automatically block you from accessing the website to protect your device and help you avoid malicious websites.

An SSL certificate serves websites over secure HTTPS connections. You probably recognize “HTTPS” from the beginning of any link you use to navigate online. HTTPS is a security barrier used to safely authorize connections and protect data. 

There are a few different reasons an SSL connection error occurs:

• The certificate is missing or expired
• Your browser isn’t updated
• Your antivirus settings or date and time settings are off
• There’s a server issue

If it’s a server problem, you will have to wait for the website owner to fix it.

What a “Your Connection is Not Private” Looks Like on Each Browser

When you receive this error message, it will take you to a new page. Some browsers use simple messages, while others use codes and warning signs. Let’s look at some examples of how this message appears on common browsers.

Google Chrome

When you receive this error message in Google Chrome, it will take you to a page titled privacy error. From there, it will show a large red exclamation point and a “Your connection is not private” message. It will caution you that attackers might be trying to steal your passwords, messages, or credit cards. The message will give you an option to go back to the previous page, go to advanced settings or attempt to continue to the site.

Additionally, the page will have an error code, here are some of the most common:

• NET::ERR_CERT_COMMON_NAME_INVALID
• NET::ERR_CERT_AUTHORITY_INVALID NTE::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED
• NET::ERR_CERT_DATE_INVALID
• NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM
• ERR_CERT_SYMANTEC_LEGACY
• SSL certificate error
• ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

Safari

For Safari users, you will get a message on a new page saying “This Connection is Not Private” and it will tell you that the website may be impersonating the site you wish to access to steal your personal or financial information.

Mozilla Firefox

On Mozilla Firefox the message is similar, but rather than “private,” the message appears as “Your connection is not secure” and informs you that the owner has configured their website improperly. It will then give you the option to go back or go to advanced settings. 

Common codes that you might see with Firefox:

• SEC_ERROR_EXPIRED_CERTIFICATE
• SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE 
• SEC_ERROR_UNKNOWN_ISSUER.
• SEC_ERROR_OCSP_INVALID_SIGNING_CERT 
• MOZILLA_PKIX_ERROR_MITM_DETECTED
• MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED
• SSL_ERROR_BAD_CERT_DOMAIN
• ERROR_SELF_SIGNED_CERT

Microsoft Edge

If you are using Microsoft Edge, then you will see a message that looks almost identical to the Google Chrome message with the exclamation point and “Your connection isn’t private” message. If the certificate does not match the domain that you are trying to reach, then you will see the same code.

Common codes that you might see with Microsoft Edge:

• NET::ERR_CERT_COMMON_NAME_INVALID 
• DLG_FLAGS_INVALID_CA 
• DLG_FLAGS_SEC_CERT_CN_INVALID
• Error Code: 0

How to Fix “Your Connection is Not Private” Error

There are a few different ways to fix or bypass this error message for each browser. 

1. Double-Check the URL

If you get a connection error message, the first step is to double-check your URL. A simple typo in the URL could be preventing a page from loading correctly. If re-typing the URL doesn’t work, then you can move on to other solutions.

2. Reload the Page

Of course, this seems like the most obvious thing to try, but something simple can do the trick. Sometimes, fixing common glitches like your browser timeouts, internet connections, and typos can solve the problem. If your browser times out or you have a spotty internet connection, a quick reload may resolve your connection issues.

3. Clear Your Browser Cache and Cookies

While browsing online, your computer stores cookies that gather data and take up tons of space on your hard disk. When your computer is trying to process all of that information, it can really slow down

Try going to your settings and clearing your browser cache and cookies. Clearing all that information will speed up your connections.

4. Try Incognito Mode

The next thing that you can try is to enter incognito mode and attempt to access the same website. If the website is truly having security issues, then it should not work once you switch to incognito because this mode lets you browse without saving your history or cache. If the site still says “your connection is not private,” then you should try clearing your cache.

For Chrome: Click on the three vertical dots on the top right of your screen. Open the dropdown menu and select “New Incognito Window” or hit the keys command+shift+N.

For Mozilla Firefox: Click on the three lines in the upper right corner, then click “New Private Window” or hit the keys ctrl+shift+P.

For Microsoft Edge: Click on the three dots in the upper right corner, then click “New InPrivate Window” or hit the keys ctrl+shift+N.

For Safari: Click on “File” in the toolbar, then “New Private Window” to open a private browsing window or hit the keys command+shift+N.

5. Check Your Antivirus or Firewall

If you have an antivirus on your Mac or Windows device, you may still be receiving the error message because the antivirus or firewall is overriding your network. Test this issue by temporarily disabling the SSL scan feature.

6. Consider What Wifi is in Use

Using public wifi might give you a warning because it’s not secure. Some public wifi has poor configuration and does not run HTTPS. If you are uncertain about the security of your connection, look for a different wifi network or wait until you can browse safely at home.

The best way to protect your data while on public wifi is to use a Virtual Private Network (VPN). A VPN helps to hide your traffic and protect your identity while it exchanges encrypted data to and from a distant server. 

7. Check the Date and Time

Double-check that the date and time on your computer are correct. When they don’t match the browser, an SSL connection error may occur. 

How to Check Date and Time on a Mac:

1. Go to the Apple menu in the upper left corner of your screen. 
2. Click on “System Settings.”
3. Click on “General.”
4. From there, choose “Date & Time.”
5. Ensure the date and time are accurate.

How to Check Date and Time on Windows:

1. Right-click the date and time on the taskbar.
2. Click on Adjust date/time.
3. Verify the date and time are correct. 

8. Manually Proceed With Caution

If you’re still seeing a “your connection is not private” message and you’re in a situation where you must reach your desired website, do so with caution. Your browser shows you this message and advises against continuing for good reason. Choosing to proceed may put your personal and payment information at risk of being compromised. The time and money involved with this risk aren’t worth it.

If you follow these steps, you should be able to fix or bypass the “Your connection is not private” error message. Remember that you are receiving this message because the website you are trying to access is not deemed secure. If you fail to fix the issue, bypassing may help you find what you are looking for, but also risk your private information. There is software like Panda Security Dome that you can use to protect your digital life. Your online information holds great value, so be smart with your searches so your sensitive information doesn’t end up in the wrong hands.

The post How to Fix “Your Connection is Not Private” Error appeared first on Panda Security Mediacenter.

When it comes to free apps and websites, most of these services rely on collecting – and selling – personal data. Google and Facebook are well known for building detailed profiles of everyone who ever uses their services, using that information to sell targeted advertising.

Generative artificial intelligence systems like ChatGPT are very similar – they collect as much data as they can to help improve the accuracy and performance of their algorithms. So as generative artificial intelligence tools like ChatGPT become a part of our everyday lives, how can you maintain your privacy?

How can you maintain your privacy while using ChatGPT and generative AI?

Be aware of what you are giving away

Unfortunately, the terms and conditions of most online services tend to be extremely complex and hard to understand – often intentionally so. However, failing to read these documents means that you never really understand what you are giving away – or how the platform will use your data in future.

In the case of ChatGPT, any information you type into the chat prompt will be stored and analyzed to help further improve their service. You can probably assume that any generative AI platform will do the same. So you should be very careful about sharing sensitive personal information with these systems.

Everything is vulnerable online

As the recent data breach at the Police Service of Northern Ireland has shown, even the most secure, sensitive IT systems can be breached. Although the AI providers invest time and money into securing their systems, there will always be a risk that they too will be targeted by hackers. And if the criminals manage to break into the generative AI platform, they may also steal your sensitive personal information.

Again, you must be very conscious and careful about the information you share with generative AI systems – and what may happen if that information was leaked or stolen.

Adjust your privacy settings

Not every generative AI tool offers privacy settings, but you must use those that do. Both Google and Microsoft expect artificial intelligence to be an integral part of their services in future, so the privacy tools for their AI services are included with the controls for the rest of your account.

This means that you can choose to have data shared with Google Bard automatically deleted periodically for instance. Similarly, Microsoft allows you to review your search history and delete anything (or everything) you no longer want to share.

By using the trash can icon at the bottom of the ChatGPT window, you can immediately delete the contents of your chat when you have finished. You can also choose to prevent any of your inputs being saved in the Data controls setting. Obviously OpenAI suggest you don’t disable this setting – but it is the only way to maintain full control of your data.

As always, the best way to protect your personal data is to stay alert – what information am I sharing and how could the generative AI system use it in future. If you have any concerns at all, it’s probably best not to use the system until you are sure you are safe.

The post How to protect your personal data when using ChatGPT and generative AI appeared first on Panda Security Mediacenter.

Google has been aggressively pushing its users to enable Enhanced Safe Browsing. Bleeping Computer reported that the message to enable the security feature appears even after users reject the invitation. Google insists that this will help users stay safe, and users with the feature enabled are 35% less likely to become victims of online scams. However, turning it on comes with a few drawbacks, including giving Alphabet more detailed access to user browsing habits, associated accounts, and overall online behavior.

READ ALSO: What Is HTTPS? A Guide to Secure Browsing and Sharing

What is Enhanced Safe Browsing, and how does it work?

The feature is not new. A version of it has been around for more than fifteen years. The tool had a facelift a few years ago, and Google had another push. Google stated that when users enable Enhanced Safe Browsing, Chrome activates a cyber security feature that allows live accurate threat assessment. In real-time, Google knows which sites users visit and checks whether the site is blacklisted or flagged for malicious activities. The feature also sends parts of downloaded files for investigation if Google thinks those files could be malicious. If the analysis determines possible threats, it starts preventing other users from being able to download them and warns others when entering the questionable websites hosting such files.

Why the concerns?

The fact that Alphabet’s Google is actively pushing its users to enable the feature raises some privacy concerns. The tech giant already collects vast amounts of data on its users, and many believe that by enabling this feature on Chrome, users might start sharing even more than before with the tech conglomerate. Google admits that the stored data is temporarily linked to an associated account, used for some time, and then anonymized. Hence, it is no longer connected to the profile that gathered it. However, cyber security experts confirm that the collected data could easily be connected to real persons only using information publicly available online.

Should you trust it?

Google, and its partners, already know a lot about you, so if privacy is of little importance to you, enabling the feature might be helpful. By allowing the tool to operate, you get some protection and help Google protect other users. Keeping the feature off might be your best option if you prefer not to share as much with big tech. Some people choose to enable the feature to stop receiving constant reminders to turn it on.

READ ALSO: Top 10 tips for safer, more secure web browsing

Is it enough? No, not really. Even though the feature could be helpful, having proper antivirus software installed on all connected devices is necessary. Antivirus software prevents users from being in the wrong place and time and often comes with features such as VPN that allow safe browsing without compromising privacy.

The post Google’s Enhanced Safe Browsing Explained appeared first on Panda Security Mediacenter.

We are halfway through the summer, and kids in the USA are getting ready to return to school.

While it is exciting to be back in the classroom, living in a post-pandemic world also comes with a grain of salt, as parents will not always be with their children.

Schools are returning to normal; distance learning is losing pace, and teaching children how to protect themselves while developing a digital lifestyle is as important as protecting themselves in real life.

READ ALSO: Are your children ready to go back to school?

Here are a few suggestions on how children and parents can avoid trouble in the new year.

The importance of privacy

TikTok and social media have made it easy for children to have a shot at being overnight stars and develop a following while still in school. However, social media platforms like TikTok sometimes lead to addiction and desperate moves to garner attention. While content is fun to make and allows children to express creativity, parents must know who is the audience of the created content. And if videos or posts are fully public, they should not disclose any info that could identify the address or full name of the children involved.

Predators exist

Parents sometimes forget that predators likely lurk more often in the digital world than in real life. Keeping an eye on the kids while respecting their privacy is a must, especially if there is a teen in the family. Predators can be everywhere, in PC video game chats, smartphones, and even on a Nintendo Switch platform. Discussing types of alarming behavior and how kids can recognize it and report it to a parent is a must. Students might not realize how exposed they are to the outside world online, so it is the parent’s job to include some primary cybersecurity education.

READ ALSO: TBH Meaning + Online Slang Parents Should Know

Cyberbullying

Talk about cyberbullying with the kids. Children of all ages, sometimes even parents, must understand that what happens online could have real-life consequences. Long gone are the days of complete anonymity. Teach the little ones to be responsible online like they are in the real world. Untasteful behavior online could even be worse, as digital prints can haunt a person forever. Teach children not to be the victim nor the bully.

ALSO READ: 52 Alarming Cyberbullying Statistics and Facts for 2023

Social media challenges

Stay on top of the trends and act quick when kids attempt to do something unhealthy. Those often start in schools and teachers are trained to recognize harmful behavior, and alert parents if they see something. Still, teachers also often have 20+ children per class, and relying only on reports by teachers isn’t enough. Keeping an eye on what is happening in children’s digital life is a must.

Phishing attempts

No one is fully protected by phishing attempts. One way or another, hackers always find a way to successfully deliver an email or a text message to potential victims. Antivirus software solutions can successfully shield people from such criminal attempts, but even with protection, sometimes malicious content ends up ready for takers in someone’s inbox. Everyone, from senators in the government to children with school email inboxes, gets targeted by cybercriminals and everyone should know not to click on those malicious links.

READ ALSO: 11 Types of Phishing + Real-Life Examples

Antivirus software solutions often also come bundled with parental control features like Panda Dome Premium. Utilizing the tools in such protection solutions helps parents limit a child’s exposure to phishing emails, online predators, cyberbullies, and dangerous social media behavior.

The post Back-to-school cybersecurity tips for parents and children appeared first on Panda Security Mediacenter.

You’ve probably heard of companies having massive data breaches and thought, “How did that happen?” or “What if I had been affected?” A data breach can be scary, as it’s a type of security violation where confidential data is exposed or stolen without authorization. They can also have serious outcomes like payment card fraud or even identity theft.

Here’s a deeper look into how data breaches can affect you, how they happen and how to prevent them.

What Is a Data Breach?

A data breach is a security incident where private, confidential or sensitive information is exposed or stolen by someone without authorization. They happen for various reasons, from human error to malicious attacks, and the consequences can be significant. Anyone is at risk of a data breach, especially if their accounts aren’t protected. 

Data breaches can result in: 

• Stolen credentials
• Identity theft
• Compromised assets
• Payment card fraud
• Third-party access to your accounts

Phases of a Data Breach

Unlike what your imagination may suggest, a malicious data breach looks less like someone dressed in all black sneaking into a building with a flash drive and more like people in a remote location scheming about how to hack into a database. 

However, not every data breach is malicious. Some are the result of human error or negligence, but we’ll go over that more in the next section. Here are the three stages of an intentional data breach.

1. Research

In the very beginning of a data breach, an attacker picks a target, usually a company or organization with access to personal data, and researches how they can infiltrate their target’s database. The attacker gathers information like employee information, financial records and security budgets. They also look for vulnerabilities like weak passwords, outdated software or unprotected network connections.

2. Attack

Taking what they’ve learned from their research, the attacker can now attack the data system. Here are some common ways attackers gain access to company systems or networks:

• Stolen credentials: Compromised usernames and passwords can be collected through the dark web, phishing, brute force attacks or even physical theft of devices to impersonate legitimate users and gain access to systems.

• Phishing emails: Attackers also use personal information from their research, like job titles or coworkers’ names, to trick their targets into providing credentials or clicking a malicious link that downloads malware onto their computer.

• Malware: Hackers use malicious software to secretly infect and take control of a victim’s computer or network to steal data. 

• Vulnerability exploitation: The attacker uses any vulnerabilities like weak passwords, misconfigurations or unpatched systems found within a company’s computer system to gain access.

• Denial of service (DoS) attacks: This attack overwhelms a website with excessive fake traffic until it’s unavailable to actual users. It’s a distraction from other security weaknesses so attackers can carry out data breaches.

3. Extract Data

Once the attackers have gained access to the target’s system or network, they can locate and extract valuable or sensitive data, including personal information, financial records or any other data that could be sold on the dark web. The extracted data is then copied or transferred to the attacker’s own servers where they can control and exploit it. Oftentimes a company won’t know its data has been stolen until a third party like law enforcement, service providers or customers report the breach.

How Data Breaches Happen

Data breaches can be a type of cybercrime if done maliciously, but it can also be an unintentional error from someone with authorized access to the data. Here are the causes of data breaches:

• Malicious insiders: People with access to the database intentionally misuse their access privileges to steal or leak sensitive information. 
• Malicious outsiders: Someone from outside the organization attacks a database via phishing, malware, vulnerability attacks or denial of service (DoS) attacks.
• Accidental insiders: Individuals with authorized data access accidentally expose data due to mistakes or lack of security measures. This is technically classified as a data leak since it’s an internal mistake; however, it still has the same consequences for those affected, and the company may still face legal ramifications.

Major Data Breaches and Their Consequences

Unfortunately, data breaches happen regularly, and every company without appropriate security measures in place is at risk. Check out these recently reported data breaches and their consequences: 

• T-Mobile: In 2023, T-Mobile was the victim of two data breaches. The first data breach affected over 37 million people, and the second affected over 800 people. Personal information including names, contact details, account PINs, Social Security numbers, birthdays and government IDs were compromised.
• ChatGPT: A vulnerability in ChatGPT’s open-source library caused a data breach in March of 2023. The breach exposed 1.2% of ChatGPT Plus subscribers’ names, payment addresses, email addresses, credit card expiration dates and the last four digits of credit card numbers during a nine-hour window.
• Roblox: Almost 4,000 attendees of the Roblox Developer Conference had personal data including physical addresses, names, email addresses, dates of birth and phone numbers breached in July of 2023.

Data Breach Prevention 

Companies with your personal data are responsible for safeguarding it, and you could still be a victim of a data breach even if you follow data security best practices. However, you can make it harder for attackers to use your devices or passwords to gain access to databases with these tips:

• Update software: Regularly updating your software ensures you have the latest security patches and fixes potential vulnerabilities attackers could exploit so you can avoid getting hacked.

• Encrypt data: Encryption converts your data into unreadable code so attackers have a harder time accessing or understanding your information. Some ways to encrypt your data include password managers, file encryption software or cloud storage.

• Upgrade devices: Keeping your devices up to date ensures you have the latest security features and protection against known vulnerabilities. You don’t always need the latest model, but you should upgrade when the manufacturer no longer supports your current software.

• Use strong passwords: Strong, unique passwords for each account makes it harder for attackers to guess or crack your credentials. Passwords should be at least eight characters (but the longer, the better) and have a combination of numbers, symbols and uppercase and lowercase letters.

• Implement multi-factor authentication: An additional verification step, like a unique code sent to your phone, is required for logging into your accounts with multi-factor authentication, making it more difficult for attackers to get into your account even if they have your password.

Data breaches can have serious consequences. Follow security best practices and use Panda Security’s antivirus software to further protect your accounts. 

Sources: IBM | The Verge | Open AI | PC Gamer

The post What Is a Data Breach + How Do You Prevent It? appeared first on Panda Security Mediacenter.

According to one study, 60% of people prefer instant messaging to phone calls. In fact, messaging apps are an essential tool for communication – many people rely on these services to stay in touch with friends, family, colleagues and to interact with businesses too.

This means that people often share extremely sensitive information about their health, personal life, work and relationships via instant message. It also means that it could be extremely damaging if your instant messages were ever exposed.

So what can you do to better protect your instant messages against being stolen or leaked?

1. Enable end-to-end encryption

Hackers often try to intercept data as it passes over the internet – including your instant messages. End-to-end encryption uses cryptography to encrypt messages in transit, ensuring they can only be read on your device and the recipient’s device. Encrypting messages ensures that even if hackers do manage to capture your messages, they cannot read them because they cannot decrypt them.

End-to-end encryption is available in popular messaging apps like WhatsApp, iMessage, Signal, Facebook Messenger and Telegram.

2. Set your messages to self-destruct

Some apps, like Facebook and WhatsApp allow you to auto-delete messages after they have been read (a bit like Snapchat). Enabling this feature ensures that your messages disappear within a specified time limit and that they cannot be recovered from your device or your friend’s.

Other apps, like Apple’s iMessage, allow you to auto-delete older conversations by defining a time limit in the ‘Keep messages’ setting. Any messages older than the specified time frame will be permanently deleted.

3. Double-lock your chat apps

Your phone is protected by a passcode, so why not your apps too? WhatsApp, Signal, Telegram and Facebook Messenger allow you to set an additional passcode to access the app. No passcode, no messaging.

Thieves will have to steal your phone and two passcodes if they want to read your secret messages.

Secure your profiles

All instant messaging apps allow you to block users, but most allow you to control your profile and who can message you too. Check your profile settings to see who can message you and how much information you are sharing publicly (such as location, address, profile pics) etc. The less you share publicly, the less risk of your information being misused by criminals.

Check your backups

Most messaging apps provide backups to ensure you can still read your messages when you switch devices. But if a hacker steals your backups, they may be able to recover your secret chats.

You need to know where your backups are stored and whether they are encrypted. You can then decide where the safest place to keep them is, away from hackers.

Don’t underestimate the risks

Because we use instant messaging apps for everything, they are a goldmine of valuable information for cybercriminals. By following the five steps outlined here, you can protect your privacy and secure your messages against theft.

The post How to make your instant messages ‘unhackable’ appeared first on Panda Security Mediacenter.