5.2.16

Facebook at 12: Bigger, better and securer?

By Narinder Purba, ESET research team

Hard to believe it but Facebook has only just turned 12, meaning it is still young enough to have not been around at the turn of the millennium. Yet, it’s true. As its co-founder Mark Zuckerberg will tell you, it came into existence on February 4th, 2004.
It’s funny, because, as one of the biggest and most successful brands in the world, it feels like it has been around for a lot longer, as if it were around before even the internet came into popular use. Needless to say, that would be impossible.
And anyways, its rapid ascent is indicative of the kind of world we now live in. This is the 21st century, after all, where new technologies can disrupt the status-quo faster than lightening. It’s amazing what is now possible. Facebook, not even a teenager, has already conquered the world … well, at least socially.
In this timely guide, we look at five of the best ways that you, one of Facebook’s 1.2 billion plus active users – a number that goes to show its universal appeal – can keep on enjoying the engaging, connective and transformative service it offers.
Why is this important? Because it’s an important part of our daily lives, a network that allows direct access to our most personal of experiences. It needs to be respected and, moreover, protected.
Sadly, while the service has gone from strength to strength over the years, running parallel to this has been the evolving threat of cybercrime, which is fast becoming “the crime of our generation”. The threat remains very real, both externally and internally (Facebook isn’t without its own flaws).
While the tech giant knows this and regularly updates its website – at the end of last year it introduced a new security checkup for Android, as a case in point – part of the responsibility in remaining secure lies with its users. Below is a guide helping you stay protected.
1.     Constructing a near-impenetrable password is a must
If your password is weak – and for many people, this is highly likely – then you are offering cybercriminals an opportunity to access your account with very little effort or expertise.
Make your Facebook password original – different to the ones you have on other, online accounts – and complex. This includes using, for example, capitals, numbers and symbols, making spelling mistakes and using cryptographic solutions … from an 11-year-old.
2.     Knowing where you are logged in at all times
Technology has evolved to allow us to be connected to our Facebook account at all times and on multiple devices at the same time. However, keeping track of which computer, tablet or smartphone we are actually logged into can be difficult.
Luckily, the company has developed a solution to this. Facebook records every logged in account as an active session, which you can see and manage under security settings. You can also end sessions from here. Note: smartphone logins can sometimes show an unusual location because your device may have connected through cell towers outside your usual area.
3.     Switch on login alerts to spot unauthorized access
Facebook allows you to set up login alerts, which means that every time someone logs into your account from a different computer or smartphone, you will be notified. This means that if someone other than yourself has accessed your account you can swiftly deal with it.
The process that follows any unauthorized use of your account is fairly robust. For example, the social media giant will take you through a step-by-step authentication process, establishing what changes were or were not made by you.
4.     How not to get caught by a phishing hoax
Along with spam, discussed below, phishing scams are ubiquitous on social media. Problematically, as ESET’s David Harley has previously observed, they have become “markedly more sophisticated”.
One of the most common types of scams used on Facebook is a spoof login page that looks like it’s the real deal. It’s used to uncover your unique username and password combination. Again, trust your intuition – if it looks odd or has come out of the blue, be wary. The same applies for so-called official requests for credit card details. As with banks, the tech firm will never request this information this way.
5.     Dealing with the longstanding problem of spam
Spam is a problem we can all do without, yet, unfortunately, it has a way of rearing its ugly head every now and again. It can come in multiple forms on Facebook – masked as a friend or family request, a post and even a message.
If you have any doubts about the authenticity of something, then be cautious. Instead of clicking onto it – or sharing it – report it (as spam). Interestingly, if you notice, for example, that a friend or family member’s account is repeatedly sharing spam, you can message them to “resolve this” issue.


4.2.16

Capital Markets 2016: Data, Disruption and Regulation



Reston, VA, February 4, 2016 – Software AG (Frankfurt TecDAX: SOW) today shared its predictions for capital markets in 2016, derived from its expertise, market observations and interactions with its customers.

Nigel Farmer, solutions director for capital markets at Software AG said: “Capital markets are in a state of flux thanks to new regulations and disruptive competition from fintech, so 2016 will be the year that defines the way financial services companies can move forward. The new landscape means they have to get creative to address new competition while still remaining in compliance. I believe there are five key trends that will occur in 2016”

1. A compliance officer will go to jail.
In 2016 a compliance officer will go to jail for not stopping an illegal act executed by one of his colleagues. Regulations including MAD II (Market Abuse Directive) and MAR (Market Abuse Regulation) hold compliance officials responsible for anyone in their companies for breaking the law, which means criminal sanctions. The pressure on an already tight labor pool may send potential applicants elsewhere, even as in situ compliance officers head for the door.

2. Capital market firms will be buried in data.
Data requirements for reporting transactions, risk data aggregation and reporting (Basel Committee on Banking Supervision 239), communications surveillance and swaps data repository reporting are creating a bureaucratic nightmare for capital markets firms. Few are prepared to handle the basic regulatory requirements, never mind take advantage of what could be useful for market monitoring and transparency. The ability to analyse and act upon the data before it becomes stale and loses value will be a key differentiator for capital markets firms going forward.

3. Blockchain technology will transform capital markets.
Blockchain will evolve from something banks are suspicious of into “the” disruptive technology that will totally transform the banking system, eliminating the need for securities depositories and central clearing, and reducing settlements delays. One report notes that blockchain could cut up to $20bn a year off of a bank’s infrastructure costs. Blockchain will also help to nail money launderers through its distributed ledger and the historic traceability of funds.

4. Predictive Analytics will destroy insider and rogue trading.
Regulators and financial services firms will monitor trades and traders to spot aberrant behavior and anomalous trades, using streaming analytics with predictive analytics models on top. This way they will be able to predict with a good deal of certainty when something bad might happen; insider trading, market manipulation, even money laundering will be halted before markets are affected.
5. FinTech will begin to disrupt investment banking.
While financial technology companies have already disrupted retail banking and investing business models, with lower cost banking and financial planning websites, they have only scratched the surface of the behemoth investment banks’ businesses. This will change in 2015 as fintech firms begin to target and invade wealth management, private investment and small business lending, beginning in the U.S.

“Capital markets will begin to see some real disruption in 2016. The financial services firms that are prepared for the onslaught of new rules and data, and are proactively embracing fintech, are the ones which will still be there at the end of 2016,” concluded Farmer.

Ahead of Mobile World Congress, ESET Mobile Security Scores Major Endorsement in Germany









ESET®, the pioneer of proactive protection, has placed first with its ESET Mobile Security for Android app in an independent test by leading German consumer organization Stiftung Warentest. It outplaced its competitors by winning “good” mark with the highest score out of all 13 tested products. Publication of the test results came just ahead of the Mobile World Congress, which takes place in Barcelona later this month.

Berlin-based Stiftung Warentest carries out hundreds of independent comparative product tests, including assessment of IT security products. “ESET offers the best use in the test … protects reliably … and burdens smartphones the least,” says on various points in extensive analysis Stiftung Warentest magazine, highlighting ESET Mobile Security’s ease of use, reliability and lightweight system footprint.

ESET will be showcasing the latest version of ESET Mobile Security at Mobile World Congress 2016 in Barcelona, Spain, starting February 22. Along with ESET Mobile Security, another highlight will be ESET’s brand-new child protection app for Android – ESET Parental Control. ESET will be located in Hall 5, Booth B05.

We are excited to hear these results, especially in Germany. ESET is a Europe-based company, actually the largest from the EU, and Germany is a focus for our activities. Satisfied customers in Germany, around Europe and indeed around the world are our top priority. With this test result, there is yet more proof of the outstanding quality of our ESET Mobile Security for Android app,” says Miroslav Mikus, Director for Europe, Middle East and Africa at ESET.

Stiftung Warentest was not the only consumer organization which sees ESET Mobile Security as the best security app on Android. Late last year it won the test of Austrian magazine Konsument, local consumer testing equivalent.

More good news for ESET Mobile Security came recently from the PC Security Labs (PCSL) Android Malware Detection Test in December. ESET’s app achieved the highest score for malware detection, as well recording no false positive alerts. PC Security Labs is a China-based IT consulting institute.


Learn more about ESET’s technology and product portfolio by visiting www.eset.com

3.2.16

European firms’ financial departments the target of cyberattacks

Two major cyberattacks have siphoned over $50 million and nearly $80 million from the Belgian bank Crelan and the Austrian aircraft parts manufacturer FACC, respectively.
Official statements released by both firms this month were light on detail but indicated that they had fallen victim to a scam known as Business Email Compromise (BEC).
The common denominator is that criminals trick a company’s financial department into sending money to another bank account – and the key step in the scam is the compromising of an email account.
The BEC scam comes in several flavors. For example, the crooks might use information they have stolen from emails coming into an email account they are monitoring, in order to redirect a legitimate payment to their own bank account.
Or they fake an email message so that it appears to come from a top executive who has the power to issue payment orders, in order to trick staff at the company’s financial department into transferring funds.
“It’s a prime example of organized crime groups engaging in large-scale, computer-enabled fraud, and the losses are staggering.”
Regardless of its flavor, the BEC scam is a serious and global threat, according to the US police and the FBI.
“It’s a prime example of organized crime groups engaging in large-scale, computer-enabled fraud, and the losses are staggering,” reads an FBI alert dated August 27th, 2015. “Companies should make themselves aware of it and take measures to avoid becoming victims.”
Statistics from the Internet Crime Complaint Center (IC3), a division of the FBI, show that since late 2013, when IC3 began tracking BEC scams, more than 7,000 US companies have been targeted —with total losses exceeding $740 million. That doesn’t include victims outside the US, or unreported losses. Globally, losses exceed $1.2 billion.
While the FBI’s data show that over two-thirds of losses affected US companies, the recent attacks remind us that the BEC scam is a global threat to companies’ finances.

InterSystems s’associe à Pulse InfoFrame afin de faciliter la recherche clinique collaborative



En s’appuyant sur la plate-forme HealthShare d’InterSystems pour assurer l’interopérabilité avec les dossiers médicaux informatisés (DMI), Pulse Infoframe rend possible le ‘Patient Registry in a Box’


InterSystems, fournisseur international de technologies de traitement de l’information pour le secteur des soins de santé, a conclu un partenariat avec Pulse Infoframe, leader sur le marché des solutions de registre patients et de recherche collaborative. Ce partenariat vise à faciliter la recherche clinique et les études concernant la santé des  populations. En s’appuyant sur la plate-forme informatique dédiée aux soins de santé  InterSystems HealthShare® afin d’assurer l’interopérabilité entre les systèmes de recherche clinique et les dossiers médicaux informatisés (DMI), les médecins et chercheurs peuvent aisément collecter, organiser, modéliser, stocker et partager des données de recherche clinique au travers d’une application Web sécurisée.

“Nous tenons à féliciter InterSystems et Pulse Infoframe pour cette collaboration dans laquelle ils s’engagent en matière de solutions de soins de santé innovantes. Pulse Infoframe est l’un des leaders canadiens sur le terrain des technologies émergentes tandis qu’InterSystems jouit d’une réputation internationale en matière de technologies de soins de santé mises au service de millions de personnes. C’est avec enthousiasme que nous apportons notre support à ce partenariat”, déclare David Alward, Consul Général au Consulat général du Canada à Boston.

La plate-forme de Pulse, baptisée Healthie, est une solution d’aide à la décision clinique qui gère les échanges de spécialistes, opérant partout dans le monde, en les faisant interagir au sein de réseaux auto-configurables. Cette solution, hébergée dans le cloud, a été créée par et pour les médecins. Elle recueille et agrège des données venant de dispositifs aussi bien mobiles que fixes. La plate-forme HealthShare d’InterSystems sera synonyme d’interopérabilité pour une grande variété de systèmes d’informations médicales, sans considération de zones géographiques, permettant ainsi d’intégrer les données collectées et consolidées dans des dossiers patient anonymisés et des données venant de la communauté des chercheurs avec des potentiels d’analytique temps réel.

Pulse Infoframe a par exemple créé le premier registre nord-américain du mélanome, désormais déployé dans 12 centres majeurs de cancérologie - un chiffre qui est en augmentation constante. “Nous nous sommes rendu compte que, même si nous avons lancé de nouveaux traitements du mélanome, il ne nous était pas toujours possible de déterminer avec exactitude l’effet réel de ces traitements sur l’état de santé des patients”, déclare le Dr. Scott Ernst, chef du département Oncologie médicale au Health Science Centre de London, dans l’Ontario. “Grâce à Healthie, nous pouvons désormais assurer le suivi des patients non seulement dans l’enceinte du centre mais aussi partout dans le pays, de telle sorte à pouvoir apporter des réponses à la question la plus élémentaire qui soit, à savoir: ‘comment se portent les patients?’”

“Notre objectif est de faire du clinicien, jusqu’ici isolé dans son cloisonnement de spécialiste, un membre actif d’une communauté dynamique de leaders d’opinion disposant de données pertinentes et d’outils de soins évolués. Nous qualifions les données que nous collectons de “little data” dans la mesure où seules les données adéquates sont pertinentes et exploitables”, déclare le Dr. Femida Gwadry-Sridhar, CEO et fondateur de Pulse Infoframe.

 

Santé publique “orbi-intra”

Autre exemple: Pulse collabore avec un grand hôpital universitaire d’une ville américaine à la mise en oeuvre d’un programme d’e-santé en vue de développer des solutions logicielles, mobiles et en-ligne répondant aux problèmes de soins de santé.
Alors qu’il officiait comme professeur de radio-oncologie à l’hôpital universitaire Jefferson, à Philadelphie, le Dr. Robert L. Goodman a collaboré avec Pulse dans le cadre de ce programme afin d’améliorer la santé d’un groupe de population composé de plus de 100.000 travailleurs syndiqués de Philadelphie.

Ces personnes ont reçu gratuitement une appli pour smartphone capable d’identifier les risques potentiels de maladie cardiovasculaire. Les cliniciens ont eu accès à ces données anonymisées pour les besoins d’études de santé publique. Les travailleurs syndiqués qui furent identifiés comme courant un risque élevé eurent ainsi la possibilité de contacter un médecin pour assurer le suivi. “Les participants qui le désirent peuvent faire usage d’un droit d’opt-in afin d’obtenir des informations et un support supplémentaires. Les cardiologues peuvent utiliser la plate-forme Pulse pour diffuser et consulter les données et pour combiner sensibilisation du public et études de santé. Résultat: une population globalement en meilleure santé”, commente le Dr. Robert L. Goodman.

“De telles applications “orbi-intra” - ou “outside-in” - de notre technologie revêtent un grand intérêt”, souligne le Dr. Gwadry-Sridhar. “Les données viennent de la population réelle dont tous les individus ne sont pas malades et pour laquelle la technologie peut permettre à la fois de sensibiliser les gens à la santé cardiaque et de déboucher sur des interventions dans le domaine du bien-être.”

“Nous sommes fiers de collaborer avec Pulse Infoframe. La plate-forme de Pulse a réellement le potentiel de changer les règles du jeu dans le domaine de la médecine. Non seulement en facilitant la recherche collaborative entre cliniciens et chercheurs mais également en informant les patients et en veillant à entretenir avec eux des communications efficaces, une fois leur traitement terminé”, déclare Joe DeSantis, vice-président d’InterSystems, responsable de l’activité HealthShare Platforms.

Aujourd’hui, la plate-forme Pulse est utilisée, partout dans le monde, par des organismes de soins de santé de tout premier plan en vue de mesurer, d’évaluer et d’améliorer la situation des patients souffrant de 24 maladies, en ce compris le cancer, le diabète et des maladies cardiaques. Ses solutions peuvent être répliquées, déployées rapidement et sont par ailleurs évolutives à l’échelle planétaire. 



Android has some critical remotely-exploitable security holes. But can you get the patch?

On Monday, Google released the latest security update for Nexus devices running Android, as part of its previously announced plan to roll-out over-the-air patches on a monthly basis.
vulnerabilities
The most serious flaws, given a severity rating of critical, could lead to remote code execution – with malicious hackers running code on your device, without your permission or knowledge, without needing physical access.

For instance, the bug in Mediaserver could mean that simply opening an email, browsing a website or receiving a media file via MMS could mean that in the blink of an eye, malicious code is being run on your Android device.

If this sounds familiar then chances are you remember Stagefright, one of the biggest Android security scares of last year, which actually resulted in Google realising it needed to get more serious about patching Android and rolling out updates to users.
And then there is the critical remote code execution vulnerability in Broadcom’s Wi-Fi driver, that could allow a hacker to run code on your Android device if they are connected to the same network as you, by sending boobytrapped wireless control message packets.

Clearly, these are vulnerabilities that nobody would want on their smartphone.
So, if you have a Nexus device my advice is that you should patch it as soon as possible. If you are comfortable with a bit of nerdiness you could download the latest firmware images from the Google Developer site. But most people, I would imagine, will prefer to wait until the updates arrive over the airwaves in the next few days.
StopwatchBut remember this – these are flaws in Android, and the Nexus is just one brand of Android smartphone.
Google says that it informed its partners about the security issues described in the bulletin “on January 4, 2016 or earlier”, so if you haven’t received an update yet from your manufacturer/carrier then it’s time to start the stopwatch.
Sadly, I strongly suspect that in some cases you’ll find yourself waiting forever.

Over-the-air updates for Android are notoriously hard to get hold of for some devices.
Even if you desperately want to upgrade the operating system on your Android phone or tablet you might not be able, because update availability depends upon the assistance and goodwill of three separate parties: Google, your phone’s manufacturer and your mobile phone carrier.

History, sadly, shows us that older Android devices are often left stranded without an easy update path. Although it may not be technically possible to deliver a patch to devices which may not have the power or resources to run the latest and greatest version of Android, more manufacturers need to follow Google’s example in creating an easier path for OS updates to fix newly-found vulnerabilities.
This is a serious problem which, bearing in mind the regularity that critical security vulnerabilities are found in versions of Android, really needs to be fixed so fewer users are left in the lurch.