7-Zip 18.05 Vulnerability

A recent report from CIS, Center for Internet Security, has revealed that all versions of 7zip prior to 18.05 allow for arbitrary code execution, which means that depending on the privileges given to the user running the executable, it was possible to “install software; view, change or delete data; or create new accounts with full user rights”. User accounts with low privileges would be less affected than those with administrative rights.

The vulnerability has already been fixed and an update is available on the official website of the software. Antivirus4u would also like to inform you that 7zip is an open source project with forks existing for operating systems other than Windows; for example, Keka is a Mac OS archiver that is based on 7zip. It is yet unclear if 7zip forks have the same vulnerability, so we recommend you to update any archiving software you have on your computer. And subscribe to our YouTube channel for more news about software vulnerabilities and insights about computer security.

Twitter Password Change Required

Twitter’s Support is advising users to change their passwords after it was revealed that a bug caused “unmasked passwords” to be stored in internal logs.

It was specified in a series of tweets that after an internal investigation, Twitter found no reason to believe any sensitive information ever left their servers or was misused internally; still, the social network advised all users to change their passwords.

Anti-Virus4U.com would like to remind you that similar password-related security oversights tend to happen to a lot of tech companies, but are rarely shared publicly – thus, it is recommended to never reuse passwords, as that can lead to a domino-like effect if one of your accounts gets exposed. Antivirus4u also recommends investing in a password manager and subscribing to our YouTube channel to get latest internet safety news and announcements.


Fake adblocker apps and plugins - warning!

With AdBlocking becoming more accessible with each passing day, fake adblocking apps and plugins are an increasing risk. After a report from AdGuard Research, Google deleted 5 malicious extensions from it’s Chrome Web Store. AdGuard reports that as many as 20 million users have been affected.

The extensions communicated with their head servers and had access to the websites users visited; they could also execute any code sent by the head server in a privileged context, which meant the user’s browser behavior could be controlled by the extension owners in any way. Getting users to install the plugins was easy, it seems the only method the developers used, was optimizing the keywords to get to the top of the search results. The five extensions reported are now listed on the screen.

Anti-Virus4U.com advises you to never install unknown browser extensions; if you are unsure about the legitimacy of an addon, simply googling whether or not it’s safe to use is often enough. You can also subscribe to our YouTube channel to get latest computer security news and announcements.



New Android Security Patches Vulnerability

Today I’m here to bring you an important update regarding your Android device security.

A report from Security Research Labs showed, that some smartphone manufacturer’s haven’t kept their phone’s operating systems up to date with Google’s latest security patches.

The extent of the issue depends on the manufacturer, some skipped 1 update, some skipped up to a dozen. What’s problematic, is that customers were not made aware of the issues; usually the release date of the security patch is displayed in the Settings app, but some manufacturers went as far as fabricating that release date, thus, effectively deceiving customers about the security state of their device. Keep in mind, that applying these security patches is something only the manufacturer can do.

So, what can you personally do to protect your Android smart device? 
First of all, only install software from trusted sources, like “Google Play”, the “Galaxy Apps” store or the “Amazon Appstore”. Most vulnerabilities get exploited by rogue apps, so limiting your exposure to those uncertified apps will mostly keep you safe.

Also, consider using your PC or Mac antivirus license for your Android phone, most security solutions offer their software for both computers and mobile devices. If you don’t have an Android antivirus, you can visit Anti-Virus4U.com, we offer a number of Android security solutions, like Bitdefender Mobile Security, or Kaspersky Mobile Antivirus.


Mobile phishing links attacks has grown

As per the report published by Lookout, the universal leader in mobile security, there has been an ever-increasing growing risk of phishing on mobile devices. Since 2011, Lookout has been observing the increasing rate as 85% per year at which users are clicking on phishing links on their mobile phones.

Another serious concern is that about 56% of users who got phishing links clicked on the URL unintentionally. Evidently, this lapse on the part of users has sidestepped the accessible protection offered by mobiles. Typically, a user clicked on a mobile phishing link as a minimum six times per year.

 The global security company in the report examined the current state of mobile phishing. They further gave details that cyber criminals are successfully avoiding the phishing protections, and subsequently, targeting the mobile phones to carry out their illegal activities. As a result, these hackers manage to steal confidential data and personal details at an ever-increasing rate.

As reported, more than 66% of emails that were accessed on mobile device constituted the main point of attack by the hackers. These suspicious and vulnerable emails on a mobile device can easily develop into a new possibility for attack. There are many business organizations that protect their systems for email-based phishing attacks. These establishments make use of customary firewalls and protected email gateways. Besides, nowadays, people are getting more careful so as to recognize and manage phishing attacks. On the other hand, the mobile phones are lacking to recognize and block phishing attacks. Both the users and currently available security technologies are finding it difficult to deal with this situation.

The universal security company also asserts that on hand phishing protections are not sufficient for mobiles. This is due to the fact that mobile phones have small display screens, and so, it becomes somewhat difficult to make out whether it’s a genuine login page or a fake one. As observed, the only possible attack point on mobile phones is an email, in which the malicious links gain entry and when accessed, they lead to compromising the entire secret data.

Another form that offers an opportunity to the hackers to make attacks is SMS and MMS. Also, popular social media apps and messaging platforms such as Facebook, WhatsApp, and Instagram are frequently used by attackers. Unluckily, more than 25% of employees by chance clicked on a link in the mobile’s SMS message and got defrauded.

Even one hacker utilized a non-email way of phishing. He used ViperRAT that permitted him to gain an illegal access to the mobile’s data, including SMS messages. He got himself into conversations with persons after creating fake woman profile on social media platforms. Just the once, he established their faith, the imposter asked the persons to download an app, so as to make communication easier and simplified.

In another instance, one cyber criminal targeted Android and iOS users via Facebook Messenger. He told that a YouTube video features them. When the victims clicked on the link offered, the user was asked to login fraudulent Facebook login page. Actually, this illegal exercise was meant to steal their secret information.

Lookout also revealed that users are three times more prone to click on a doubtful link on a mobile phone in comparison to a computer. It is only due to the fact the mobile’s screen is small, and the user can’t make out the entire link clicked by them. Moreover, there isn’t at all times a firewall to maintain the device protected, as in the case of a computer system.

The phishing attacks on mobile devices are increasing at a higher rate. Some of the most refined attacks appear from mAPTs (mobile advanced persistent threats). The most recent mAPT attacks to mobile have been reported in Pegasus and Dark Caracal.

There are some applications that have links or URLs in the codebase to share information in real-time. Thus, hackers can misuse this links for phishing purposes. In this respect, the corporations should pay more attention to “benign apps” that pose threat as malicious links.

Lookout gave details that the apps that are frequently used for advertising to make revenue money integrate ad SDKs into their code. These SDKs have URLs or links to display ads to the users. If a benign app utilizes an ad SDK run by a cyber criminal; the SDK is made to access malicious URLs or links with the aim of displaying ads, and therefore, the user gets compelled into entering susceptible data.


New Anti-Ransomware for Office 365

New Anti-Ransomware added for Office 365
For the past so many years, ransomware has been targeting big businesses, financial institutions, and individuals worldwide. From small to mid-size businesses, Microsoft Office 365 continues to be the fastest-growing office suite. It comes to no surprise that it has turned out to be a primary target for ransomware, and related scams. Keeping in view the security aspect, Microsoft has formally announced the beginning of latest anti-ransomware features for Office 365.

Features of new ransomware protection:
  • Option of ‘file restore’ from ransomware and malicious attacks. 
  • Facilitates in maintaining you information secure and confidential. 
  • Advanced protection features from viruses and trojans. 
  • Restore back up files from ransomware attacks. 
The newly added ransomware feature for Office 365 is called ‘File Restore’. Being a OneDrive feature, it offers the provision that helps allow users to return back and restore 30 days old files. Furthermore, this feature can be best utilized for unintentional mass deletes, corrupted files, or any other disastrous incident. Marketing it as anti-ransomware protection system tool, Microsoft is emphasizing more on the saving of files inside a OneDrive folder.

There might be some users who were targeted by ransomware and they had destroyed their files. However, once they start using new Microsoft Office 365 File Restore option, they can restore their deleted files efficiently. Microsoft has launched the potent Files Restore feature from OneDrive for Business to your individual OneDrive account. With his feature, all of your confidential files get protected in OneDrive. Moreover, you will be able to restore your complete OneDrive to an earlier point.

Microsoft Office 365 can now spot ransomware attacks and assist in restoring your OneDrive to a point earlier than files were disarranged. As a result, you can keep your files protected, and you don’t have to surrender to hackers’ demands. If a cyber attack is detected, you will be put on maximum alert through an email, desktop or mobile notification. Also, you will be given information about the complete recovery process.

Both the Office 365 Home and Office 365 Personal subscription offer highest-performance apps like Word, Excel, and PowerPoint. In addition, they feature powerful cloud services like OneDrive folder and File Restore option. With the aid of Office 365, you can create, share, and communicate wherever you like, and at whatever device it may be.

As reported in a number of incidents, the cybercriminals are using ransomware to carry out their illegal activities related to system-lockup and stopping access to files in an attempt to ask for ransom from their victims. Microsoft launched new ransomware protection features with the purpose of helping customers, so that they can recover their files, in the event they are affected by a ransomware attack.

As all these threats progress, Microsoft is constantly improving malware detection capabilities, so as to keep you and your system safe from the most highly-developed ransomware.


Cryptocurrency Mining Malware Hits Smartphones

Security experts have now warned that cyber criminals are targeting Smart phones to mine for cryptocurrency like Bitcoin. Even though, you didn’t download any malware-infected or unknown app, still your mobile phone is vulnerable to cryptojacking.

In the past, cyber criminals made several attempts to mine cryptocurrency illegally in one form or the other. According to cyber security experts, as soon as the user visits an infected website, the Smart phone undergoes cryptojacking in the form of mining for cryptocurrency.

In March this year, two reports were released by ESET and Symantec – Both Cyber security companies. These reports have revealed that the Smartphone's cryptojacking cases are increasing fast. The hackers are using the technique of entering infected codes into websites and online ads. As soon as the user opens the infected website on the mobile, its processor gets infected.

As per the recent report by Symantec, in the entire Asia-Pacific region, Singapore is most vulnerable to cryptomining attacks, and holds 6th position. The data analyzed from more than 157 countries ranked Singapore at 25th position globally. The report further disclosed that there is an increase of 34,000 percent jump in Smartphone cryptojacking globally as compared to the last year. The cyber criminals are using cryptominers on mobile phones, thereby, posing a serious threat to the security available on mobiles. Last year, ransomware was a major concern, and now, the process seems to have shifted to cryptojacking.

In cryptomining malware, the users are prompted to install an infected app onto their Smartphones. While, on the other hand, cryptojacking takes place, as soon as the user opens an infected website on his or her mobile device. Simultaneously, more users are vulnerable to such attacks.

For cyber criminals, the whole process of cryptojacking seems to be a money-making machine. The more they infect the number of devices, the more money they will get. According to Mr. Sherif El-Nabawi, Senior director at Symantec Asia-Pacific, the problem of illegal cryptomining is a serious one, and it’s not possible that it will go away on its own, unless and until some stringent methods are implemented.


Panda Security 2018 Review

Our review for Panda Internet Security 2018 and Panda Gold Protection 2018

Panda is an excellent antivirus program featuring an advanced cloud-based anti-malware technology. It offers an outstanding protection against all possible internet threats. Its secure tool i.e. Panda Internet Security comes with excellent features that make it an important internet security program. In comparison to normal antivirus software, it is far more resourceful. It comes with a variety of features, for instance, a fireball, a network manager, a safe browser, magnificent parental controls, and brilliant email protection. Panda’s another antivirus program i.e. Panda Gold Protection is considered as the best internet security tool featuring all of these fundamental tools. What’s more, it also offers an excellent mobile protection and technical support system. Both of these Panda’s internet security tools aid in protecting your system efficiently against possible online threats. However, it can slow down your system drastically, and consume system resources significantly.

Ransomware Protection 
Both Panda Internet Security 2018 and Panda Gold Protection 2018 are efficient for providing excellent protection against ransomware. In order to make sure that your computer remains free from any serious threats, they scan email, direct messages and USB drives in an efficient manner. Both of these internet security programs have free online backup and restoration tools. This facility can well serve the purpose, in case, your PC gets attacked by malware or any other threats. In comparison to Panda Internet Security, Panda Gold Protection has the features of system vulnerability scan and a file shredder. This can evidently lead to the best scanning and detection of malware threats. Furthermore, it helps in maintaining your system free from back-dated programs that have a tendency to slow your PC down and generate loopholes for the entry of cyber criminals. None of these programs have the provision of a spam filter; however, Panda Internet Security offers great protection in the form of a solid cloud-based program.

Protection & Identity
Both Panda Internet Security and Panda Gold Protection offer a high-level protection of your identity and contact details. For instance, a virtual keyboard functions by hiding your login details from keystroke logging. Furthermore, both of these security programs have a safe browser, and a virtual tool that runs inaccessible from your computer PC ever saves any record of your browsing. Eventually, these security features well fit the purpose of online shopping and online banking in which confidential information is exchanged in the form of online transactions. Your credit card numbers, Social Security number, Phone number and contact information can remain safe. Panda security tool also offers the provision of parental controls, further aiding in the creation of user profiles for your family members. You can incorporate the list of locked as well as permitted websites. Moreover, with the support of identity protection tool, your children will not be able to share vital information like names, birthdates, and contact details online without your authority. Also, Panda offers you the provision of assessing the sites visited by your children, including the blocked sites that they tried to gain access. Panda Security offers excellent online support information in the form of a startup guide, features, and FAQs. Also, there is an existence of an active user forum from which you can get assistance from other individuals. For normal consumers, there is a phone and live chat support. However, the premium package offers 24/7 and more customized assistance. Panda Gold Protection too offers the same level of support for their premium packages.

Malware Test
The level of protection offered by Panda’s security tools against possible internet threats is satisfactory. In view of the tests conducted by some independent labs, both Panda Gold Protection and Panda Internet Security have secured perfect scores for malware detection and protecting your system. Different tests conducted to analyze Panda‘s security aspect also resulted in slowing down your computer system. Being the premium internet security programs in the industry, they also have the ability to intermittently mark websites and good files as malware.

Bottom Line:
Both Panda Internet Security 2018 as well as Panda Gold Protection 2018 are the most excellent internet security suites for malware detection. They also incorporate many useful tools for protecting your system, identity, and contact information. The best features incorporated are a firewall, parental controls, online backup, secure browsing features, and efficient restoration tools. Also, Panda Gold Protection offers excellent internet security solution, including an instant detection of internet threats.