Gracie Roberts

31 May 2016

North Korea makes a Facebook clone, site gets hacked hours later

When it comes to countries notorious for censoring online content and gleaning information from citizens, North Korea is one of the first names to come to mind. If a country like North Korea was to create its own social network, wouldn’t you think that securing the site would be one of its top priorities? Recent news begs to differ.

North Korea recently launched a social networking site that bears an uncanny resemblance to the Facebook we know and love. The site, which was hosted in North Korea itself, could originally be found at www.starcon.net.kp/.

Cjek0TNUUAAA6G3.jpgA screenshot of North Korea's own social network. (Image via Dyn Research)

Read More

Security News

Deborah Salmi

30 May 2016

Avast security news wrap-up

 

shutterstock_292970030-350725-edited.jpgCan your bad passwords cost you money and cause trouble?

That question was answered with a resounding YES by college football star Laremy Tunsil. A hacked Twitter and Instagram account cost that falling sports star an estimated $13 million. Don’t let your easy-to-crack passwords cost you. Use a password manager or follow our tips for strong passwords.

Read More

Security News

Deborah Salmi

25 May 2016

Avast Free Antivirus is top-rated free security software

Avast Free Antivirus has nearly 100% detection rate and no false positives.

Wondering if Avast Free Antivirus is worth the price? We understand that when it comes to “free” things, you mostly get what you pay for. But in the case of Avast Free Antivirus, our free security product is better than pricey premium antivirus products!

AV_Comparatives_Real_World_test_April_2016-1-135315-edited.jpg

Read More

Security News

Marina Ziegler

23 May 2016

Independent test shows Avast offers best HTTPS protection in the market

Dollarphotoclub_84782325.jpg

Every day, 50,000 infected unique URLs of HTTPS-protected websites are detected and blocked. Scientists from the Concordia University in Montreal, Canada, have tested 14 antivirus programs offering HTTPS scanning and found that these programs create more security problems than they actually solve. There was only one exemption from this: Avast. The only issue mentioned in their study is a lack of revoked certificates checking by Avast, which has been in the market since November 2015 and is fixed in 2016 products.

Read More

Security News

Stefanie Smith

23 May 2016

Your iPhone6s is not waiting for you – despite what the text message says

What’s the deal with these “you won something” texts?

I recently received a text message saying an iPhone 6s is waiting for me. I normally delete these messages, but this time I was curious… I have been considering upgrading from my iPhone 5 for a while now J. So, I decided to consult with my friend, Avast senior malware analyst Jan Sirmer and see what would happen if I believed the text.

iPhone_scam_text.jpg

How did they get my number?

The first question I had about this was: How did they get my number? “A computer probably sent it to you,” said Jan. How did a computer get my number? “There are programs that allow computers to send text messages to a bunch of numbers at once. They probably use the same area code and the rest of the digits in the number are generated by the program.”

Read More

Security News

Deborah Salmi

19 May 2016

Time to change your LinkedIn password

LinkedIn members' login credentials are being sold on the dark web.

The 2012 breach of social networking site LinkedIn, has come back to haunt us. That breach resulted in 6.5 million members' credentials being stolen. Articles published in the last day report that the number was way short of reality - it's actually more than 167 million email and password combinations - or nearly all the members of LinkedIn. 

linkedin-1-686150-edited.jpg

Read More

Security News

Alexej Savčin

19 May 2016

Locky ransomware is far from dead

Avast Antivirus solutions protect against Locky ransomware.

A brief update on Locky, the latest ransomware targeting PCs:

Beware of emails from random email addresses with subject lines like “Upcoming Payment – 1 Month Notice”. These emails typically come with a zip attachment that attackers have created to run a script that downloads and runs the now well-known ransomware, Locky. These phishing emails prove that Locky is not going anywhere anytime soon.

PROTECT YOUR BUSINESS WITH AVAST

The emails are written in typical phishing style. The attacker tries to entice a potential victim to read the email and subsequently download the attachment. Attackers seem to be targeting small and medium sized businesses, to gain access to valuable company data.   

Locky_email_content.pngContent of the email.

Read More

Security News

Stefanie Smith

19 May 2016

Avast Software Updater can help protect you from security loopholes, like the recent 7 Zip vulnerabilities

Last week, Talos discovered multiple vulnerabilities in 7-Zip, a popular, open source file archiver. The vulnerabilities are particularly severe as many products, including antivirus software, implement 7-Zip in their software. When vulnerabilities are found, it is the responsibility of software owners to patch them. However, these patches are useless, unless users update their software.

Avast is not affected by these vulnerabilities, but if you are a non-Avast user we recommend you update your antivirus software, if you haven’t done so already.

About the vulnerabilities

The two vulnerabilities found are CVE-2016-2335 and CVE-2016-2334. The first vulnerability is an out-of-bounds read vulnerability, which exists due to how 7-Zip handles Universal Disk Format (UDF) files and could allow attackers to remotely execute code.

The second vulnerability is an exploitable heap overflow vulnerability, found in the Archive::NHfs::CHandler::ExtractZlibFile method functionality. In the HFS+ file system, files, depending on their size, can be split into blocks. There is no check to see if the size of the block is bigger than size of the buffer, which can result in a malformed block size which exceeds the buffer size. This will cause a buffer overflow and heap corruption.

What you should do

As mentioned above, it is up to software publishers to provide their users with vulnerability fixes, but these are futile if users don’t take action and update their software. It is vital that you frequently update all software, including your operating system, on a regular basis.

Read More

Security News

Gracie Roberts

16 May 2016

New feature in Avast Passwords for Android: Fingerprint scanning

Screenshot_20160510-163038.png Screenshot_20160510-163229.png

Avast Passwords gives you easy, secure access to all your passwords, PINs and login credentials.

 Avast Passwords is an app that helps you to safely store each of your PIN codes, passwords and login details safely in one place. Instead of needing to memorize each of your login credentials, Avast Passwords allows you to keep them together in one secure place and access them safely.

Start managing your passwords now!  

Read More

mobile security

Michal Krejdl

10 May 2016

Andromeda distributors craft new strategies for attacks

Most of popular botnet Andromeda’s (also known as Gamarue) distribution channels have been discovered and analyzed by antivirus vendors. This has forced Andromeda’s distributors to come up with a new attack strategy to continue to drop Andromeda binaries onto PCs.

Meanwhile at the Andromeda headquarters…

Operator: “Captain, all of our distribution channels have been discovered!”

Captain: “Report the loss..”

Operator: “Email scams, exploit kits, everything is known to the public.”

Captain: “Operator, let’s start with plan N!”

Operator: “Roger that, captain”

Before we dive into Andromeda’s new tactic, I’d recommend you to read this article by fellow security researchers from Stormshield, which describes one of Andromeda’s most recent phishing campaigns. We have observed similar Andromeda email phishing campaigns. Most of the emails we have seen seem to be targeting Germans and Italians. However, these two target groups seem to be too clever to fall for the bait, as they are not the top infected users.

Some of the popular subject lines used to target Germans and Italians are “Your current bill” and “A nude photo of you has appeared on the Internet”.

andmail.png

Read More

Security News