Tag Archives: Kaspersky Lab

US Bans Kaspersky Software Over National Security Risk!

The US just announced a ban of Kaspersky Lab software, over national security concerns! Here is what you need to know!

 

US Bans Kaspersky Software Over National Security Risk!

On Thursday, 20 June 2024, the Biden Administration announced a ban of the sale of software made by Kaspersky Lab in the US, due to national security concerns. Unfortunately, this will also cut off updates for users who have already purchased Kaspersky software.

Kaspersky will generally no longer be able to, among other activities, sell its software within the United States or provide updates to software already in use.

US Commerce Secretary Gina Raimondo stated that Russia’s influence over the Russian company posed a significant security risk:

Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponise sensitive US information.

Recommended : The Kaspersky Global Transparency Initiative Explained!

In response, Kaspersky issued a statement to AFP, denying the claim and saying that the US Commerce Department “made its decision based on the present geopolitical climate and theoretical concerns” and vowed to “pursue all legally available options to preserve its current operations and relationships”.

Kaspersky does not engage in activities which threaten US national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted US interests and allies.

In addition to banning its software, the US Commerce Department also added two Russian and one UK-based unit of Kaspersky Lab to its Entity List, for allegedly cooperating with Russian military intelligence to support Moscow’s cyber intelligence goals. US companies are forbidden from providing goods or services to companies on the Entity List.

This is the most serious sanction affecting the Russian company after the US Department of Homeland Security banned its flagship antivirus software from federal networks in 2017, alleging ties to Russian intelligence. The DHS also pointed out that Russian law lets intelligence agencies compel assistance from Kaspersky and intercept communications using Russian networks.

Recommended : Kaspersky Lab Challenges DHS Ban Of Kaspersky Products

 

What Does US Ban Of Kaspersky Software Mean?

While the US has publicly announced its ban of Kaspersky Labs software, it doesn’t go into effect immediately.

The ban on sales of Kaspersky Lab software will only kick in on 29 September 2024 – 100 days after publication, to give businesses time to switch to alternative software. The ban also bars resales, and licensing of Kaspersky products in the US.

New US business for Kaspersky will also be blocked 30 days after the restrictions are announced. Sales of white-labelled products – software products sold or packaged under a different brand name, will also be banned.

Under the new rules, sellers and resellers who violate these restrictions will face fines from the US Commerce Department. Software users won’t face legal penalties, but are strongly encouraged to stop using Kaspersky software. However, critically – users will stop receiving updates for their software from 29 September 2024 onwards.

Russian companies are already subject to US export sanctions, but the UK-based unit of Kaspersky Lab will now be banned from receiving goods and services from US companies.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | BusinessTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Kaspersky on APAC Digital Reputation Threats!

Vitaly Kamluk, Kaspersky Director of Global Research and Analysis for APAC, explores the impact of social media activities on our digital reputation, as well as those of brands and companies!

 

Digital Reputation : What Is It?

Digital reputation is the online version of good old fashion reputation. The only difference is that it is defined by our online behaviour and what people are saying about us, or the brand.

In short, our digital reputation is a combination of our digital footprint, and the impact it has on how other people perceive us, or the brand.

As the world becomes more connected, digital reputation is becoming more than just important – it is now critical to the future and success of any individual or corporation.

This has led to a shift in how people and brands behave online these days…

As Jesmond Chang, Head of Corporate Communications for Kaspersky APAC, shared above :

  • 32% of social media users in APAC use anonymous accounts
  • 50% of social media users in APAC avoid companies that are involved in a scandal, or had received negative news coverage online
  • 40% also stopped using a company’s or brand’s products once they are embroiled in some kind of online crisis.

 

Kaspersky on APAC Digital Reputation Threats!

At the 6th Vitaly Kamluk, Kaspersky Director of Global Research and Analysis for APAC, shared the latest threats to digital reputation in the APAC region, which is precipitated by the COVID-19 pandemic.

“One of the most visible effect of this pandemic is how it forced everyone, from individuals to the biggest companies, to shift a lot of their activities online.

This dependence, triggered by our need to secure our physical health, also pushed us to increase our social media use, either to connect with our distant loved ones, to give support to our community, to entertain ourselves, or to get hold of products and services that we need.

Parallel to this trend is the opening of wider doors for cybercriminals to exploit”

With many employees working from home, cybercriminals have found new ways to exploit this situation :

  • brute force attacks on database servers increased 23% in April 2020
  • Malicious files planted on websites increase 8% in April 2020
  • Network attacks and phishing emails also rose

Kaspersky themselves reported an increase of unique malware samples from 350,000 per day pre-COVID, to 428,000 per day!

With the increased reliance on online services, including remote work and learning, e-commerce purchases and a greater adoption of e-wallets, the 2020 threat landscape appears to favour cybercriminals.

 

Recommended Reading

Go Back To > Cybersecurity | BusinessHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


KasperskyOS : First Successful Automotive ECU Integration!

Kaspersky just announced the first integration of their new automotive KasperskyOS into the ECU of an advanced driver assistance system by AVL SFR. Here are the details…

 

Automotive KasperskyOS : What Is It?

Modern vehicles are complex systems, which makes it hard to manage the security of its components.

KasperskyOS for automotive ECUs combines a secure microkernel operating system, with a security policy enforcement engine (Kaspersky Security System), and a trusted channel encrypted framework.

It is designed to secure onboard systems and communications, ensuring safer OTA updates, fleet management and safer autonomous driving.

 

KasperskyOS Integration Into AVL ADAS ECU

The new AVL Software and Functions GmbH (AVL SFR) ADAS ECU features two high-performance SoCs (system-on-a-chip), and a safety controller..

This new ECU platform also supports Controller Area Network, and automotive Ethernet standards, allowing for secure communications between devices in the vehicle – including cameras and LIDARs.

The integration of KasperskyOS into the ECU guarantees that undeclared functionality – either unnoticed at launch, or inserted through system updates – cannot be exploited. This is especially important in the safety of autonomous vehicles.

All interactions between electronic components is controlled by the Kaspersky Security System, the security policy engine within KasperskyOS. It monitors the launch of processes, as well as communications between those components and the operating system.

This new ADAS ECU by AVL SFR is ready for prototyping projects by OEMs and Tier-1 suppliers.

 

Kaspersky Automotive Adaptive Platform for KasperskyOS

Kaspersky is also a new associate partner of AUTOSAR, a consortium aimed at developing mutual standards for automotive software architecture.

To that effect, they developed a software development kit (SDK) called Kaspersky Automotive Adaptive Platform.

With this SDK, AVL SFR can develop applications for automated and even driverless vehicles – such as delivering auto-piloting features, controlling safety systems and monitoring their health.

This set of libraries also allows for other software to be adopted, which follow AUTOSAR Adaptive requirements, and work on KasperskyOS without additional changes.

Kaspersky Automotive Adaptive Platform is ready to be delivered and AVL SFR is showcasing its auto-piloting application to several automotive customers.

 

Suggested Reading

Go Back To > AutomotiveCybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Ransomware Warning : 1 in 3 Attacks Target Business Users!

INTERPOL and Kaspersky are urging organisations to protect their data against ransomware, because 1 in 3 attacks target business users!

 

Ransomware Warning : 1 in 3 Attacks Target Business Users!

Recent Kaspersky research revealed that in 2019, WannaCry is still the most prevalent ransomware circulating, and some 30% of people targeted by ransomware were business users!

  • 30% of ransomware attacks targeted business users
  • Organisations lost, on average, US$1.46 million in costs, fines and repetitional damage in 2019
  • WannaCry attacked 164,433 users in 2019, and accounted for 21% of all ransomware attacks.
  • GrandCrab accounted for 11% of attacks, while Stop accounted for 4%.

WannaCry, arguably the world’s most famous ransomware, reached its peak 3 years ago – on 12 May 2017 – but continues to wreak havoc on unsuspecting victims.

GrandCrab is famous for its ransomware-as-a-service model, rented out to cybercriminals by its developers. Meanwhile, Stop spreads through compromised software and websites, as well as adware.

 

Ransomware : How To Protect Your Business

Here are some tips that Kaspersky is recommending to stay protected against ransomware :

  • Explain to employees how following simple rules can help a company avoid ransomware incidents.
  • Always have fresh back-up copies of your files so you can replace them in case they are lost (e.g. due to malware or a broken device).
  • Don’t just rely on a physical backup, but also store your backup in the cloud for greater reliability.
  • Always update your operating system and software to eliminate recent vulnerabilities.
  • Use anti-ransomware software, which will prevent ransomware from exploiting vulnerabilities in software and applications – especially important for customers who continue to use Windows 7.

And if a corporate device is encrypted by ransomware, please remember that the attack is a criminal offence. You should NOT pay the ransom.

Instead, report the ransomware attack to your local law enforcement agency, and find a decryptor that may work for you. Some are available for FREE.

 

Suggested Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

COVID-19 Email Scams + Malware Are Spreading!

As the COVID-19 coronavirus spreads across the world, so are COVID-19 email scams and malware!

Tatyana Shcherbakova tells us what she and her team discovered!

 

Warning : COVID-19 Email Scams Are Spreading!

As the COVID-19 coronavirus spreads, fake information is being created and distributed at a very high rate, confusing people all over the world.

Cybercriminals are taking advantage of the confusion, creating various email scams, with some realistic ones pretending to be from the WHO.

Tatyana Shcherbakova, a senior web content analyst, details how her team looked at the COVID-19 email scams, and came across the realistic ones from WHO…

 

WHO Is Warning You? These Are COVID-19 Email Scams!

At first, we found emails offering products such as masks, and then the topic became more commonly used in Nigerian spam emails. We also found scam emails with phishing links and malicious attachments.

One of the latest spam campaigns mimics the World Health Organization (WHO), showing how cybercriminals recognize and are capitalizing on the important role WHO has in providing trustworthy information about the coronavirus.

Users receive emails allegedly from WHO, which supposedly offer information about safety measures to be taken to avoid a COVID-19 infection.

Once a user clicks on the link embedded in the email, they are redirected to a phishing website and prompted to share personal information, which ends up in the hands of cybercriminals.

This scam looks more realistic than other examples we have seen lately, such as alleged donations from the World Bank or IMF for anyone who needs a loan.

In order to stay safe, we advise users to carefully study the content of the emails they receive and only trust reliable sources.

If you are promised a vaccine for the virus or some magic protective measures, or content of the email is making you worried, it has most likely come from cybercriminals.

This is especially true if the sender suggests clicking on a link and sharing your personal data or opening an attachment.

You should not donate any real money or trust information with promises to help those affected by the virus, even if the email comes from someone who introduces themselves as an employee of a trusted organization.

Finally, double check the email address, as scammers often use free email services or addresses that have no relation to the organization mentioned.

 

Malware Masked As COVID-19 Coronavirus Documents!

They also found malicious files disguised as documents related to the COVID-19 coronavirus. The malicious files were masked under the guise of pdf, mp4 and docx files about the COVID-19 coronavirus.

The names of files imply that they contain video instructions on how to protect yourself from the virus, updates on the threat and even virus detection procedures, which is not actually the case.

In fact, these files contained a range of threats, from Trojans to worms, which are capable of destroying, blocking, modifying or copying data, as well as interfering with the operation of computers or computer networks.

Some malicious files are spread via email. For example, an Excel file distributed via email under the guise of a list of coronavirus victims allegedly sent from the World Health Organization (WHO) was in fact a Trojan-Downloader, which secretly downloads and installs another malicious file.

This second file was a Trojan-Spy designed to gather various data, including passwords, from the infected device and send it to the attacker.

 

COVID-19 Email Scams + Malware : How To Avoid

As governments and businesses are forced by the COVID-19 coronavirus to encourage their employees to work from home, it is critical that they employ these cybersecurity practices to reduce risk of falling for phishing attacks, or malware :

  • Provide a VPN for staff to connect securely to the corporate network
  • All corporate devices – including mobiles and laptops – should be protected with security software
  • The operating system and apps should be updated with the latest patches
  • Restrict the access rights of people connecting to the corporate network
  • Ensure that the staff are aware of the dangers of unsolicited messages

 

Recommended Reading

Go Back To > Cybersecurity | Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Malware Alert : How Shopper Takes Over Android Phones!

An Android malware called Shopper is actively taking over smartphones, to post fake reviews on Google Play.. and worse!

Find out what’s going on, and how to prevent your smartphone from being hijacked by Shopper!

 

Shopper : What Does It Do?

Shopper (Trojan-Dropper.AndroidOS.Shopper.a) is an Android trojan that uses the Google Accessibility Service to take over your smartphone.

It is not yet known how users are being infected, but researchers suspect that it may be downloaded through fraudulent ads, or third-party app stores when they try to download legitimate apps.

The malware masks itself as a system application, and uses a system icon called ConfigAPKs to hide itself from the user.

After the user unlocks the screen, the Shopper trojan launches and gathers information about the device, which is then sent to the attacker’s servers.

The attacker’s servers will then send commands to the Shopper trojan to execute one or more of these actions :

  • Check the rights to use the Accessibility Service. If permission is not granted, it will send a phishing request until it gets it
  • Turn off Google Play Protect, a safety check on Google Play Store apps before they’re downloaded
  • Post fake positive app reviews in Google Play, for those apps

  • Open links received from the remote server in an invisible window
  • Download and install advertised apps from Google Play Store
  • Download and install apps from the Apkpure third-party app store
  • Show ads when the smartphone screen is unlocked
  • Create labels to advertised ads in the app menu
  • Replace the labels of your installed apps with labels of advertised websites
  • Use your Google or Facebook account to register on popular shopping and entertainment apps, like AliExpress, Lazada, Zamora, Shein, Joom, Likee and Alibaba

 

Shopper : Who’s Getting Infected?

Right now, Kaspersky researchers say that it is most widespread in Russia (28.46%), following by Brazil (18.70%) and India (14.23%) :

 

Shopper : How To Block It?

To reduce the risk of being infected by Trojan-Dropper.AndroidOS.Shopper.a, take these actions :

  • Do NOT install apps from untrusted sources
  • Block the installation of apps from unknown sources in your smartphone settings
  • Be wary of apps that require the use of the Google Accessibility Service, especially if the app is not meant to offer accessibility features to the disabled
  • Always check application permissions to see what your installed apps are allowed to do
  • Use a reliable mobile security solution

 

Suggested Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

WizardOpium Exploit : Update Google Chrome ASAP!

Kaspersky recently discovered a Google Chrome zero day exploit that was being used in Operation WizardOpium.

Here are the full details, but the TLDR message is – make sure you update Google Chrome ASAP!

 

The WizardOpium Exploit : What Is It?

Kaspersky’s automated Exploit Prevention subsystem detected the exploit, which they dubbed WizardOpium. It used a zero day vulnerability that had hitherto not known to developers.

 

The WizardOpium Exploit : How Does It Work?

The attacks, which Kaspersky called Operation OpiumWizard, began with an infiltration at a Korean news website, where attackers managed to inject malicious code.

It loads a script from a third-party site that first checks if the system is suitable for infection – they were interested only in Chrome for Windows, not older than version 65.

If the operating system and browser requirements are met, the script downloads the WizardOpium exploit piece by piece, reassembles and decrypts it.

The script then runs another check on the version of Google Chrome, working exclusively with Chrome 76 or 77.

After verifying that it has the right Chrome version, the script then leverages the use-after-free vulnerability CVE-2019-13720, based on the improper use of system memory.

By manipulating the system memory, the exploit gains permission to read and write data, which it immediately uses to download, decrypt and run the malware package.

 

The WizardOpium Exploit : Solution

Kaspersky cybersecurity products will detect the exploit, and identify it as Exploit.Win32.Generic.

On discovering it, they reported it to Google with the identifier CVE-2019-13720.

Google fixed the bug in Chrome 78.0.3904.87 for Windows, macOS and Linux. Just make sure you update to that version, or newer… ASAP!

To make sure you have the update, follow these steps :

  1. Click on the 3 vertical dots at the upper right corner of Chrome (Customise and control Google Chrome)
  2. Select Help > About Google Chrome.
  3. In the About Chrome page, it should say that you have Version 78.0.3904.87 or higher
  4. If not, Chrome will automatically start looking for, and installing the latest update
  5. Click Relaunch to restart Chrome.

 

Suggested Reading

Go Back To > Cybersecurity | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Why Cybersecurity Is Critical For Industry 4.0 Success

Yeo Siang Tiong, the General Manager of Kaspersky Southeast Asia, recently shared with us why cybersecurity is critical for Industry 4.0 initiatives to succeed.

While he uses Malaysia’s drive to implement Industry 4.0 as an example, the lessons are universal and apply across the world.

Let’s hear it from Mr. Yeo Siang Tiong!

 

Why Cybersecurity Is Critical For Industry 4.0 Success

The term Industry 4.0 was first used at the Hanover Fair, as a reference to the latest industrial strategy which has been termed the fourth industrial revolution.

According to the explanation by Ministry of International Trade and Industry Malaysia [1] I have read months ago, Industry 4.0 is referred to as production of manufacturing based industries digitalization transformation, driven by connected technologies.

Together with autonomous robots, big data analytics, cloud computing, Internet of Things, additive manufacturing, system integration, augmented reality and simulation, in my opinion, cybersecurity is among the main pillars of Industry 4.0.

Why? Because while the cyber-physical systems connected without wires, automated and with lesser human touch points promise more efficient processes and communications, this also exposes systems to potential cyberattacks.

Greater connectivity brought about by Industry 4.0 will require greater security attention for ICS security because the Fourth Industrial Revolution is a double-edged sword which countries and companies should use wisely.

It is great to note that Malaysia is currently ranked third globally among 193 International Telecom Union members, in terms of the level of national commitment to addressing cybersecurity risks.

In 2018, Ministry of International Trade and Industry Malaysia launched INDUSTRY 4WRD, a national policy on Industry 4.0, to place policies and guidelines in place to ensure Malaysian manufacturing industry and its related services would be ready, to be smart, systematic and resilient.

The policy has the overarching philosophy – A-C-T, Attract, Create and Transform.

The government’s efforts are indeed being commended worldwide. Proof is the Readiness for the Future of Production Report 2018 [2] which put Malaysia in the “Leader” quadrant, positioned well for the future. Malaysia and China are the only two non-high-income countries in this coveted quadrant.

One important area for improvement that I know if will be the human force. Malaysia has shortage of required talents, skills and knowledge for Industry 4.0, particularly in the areas of IoT, robotics and AI.  The lack of talents in the fields of IoT is hypocritical for Malaysia Industry 4.0 especially in the areas of exposure to cyber threats.

However, let us not miss the commitment uttered by the Ministry of Education Malaysia [3] saying that cybersecurity must be introduced at the grassroot level, especially among the schoolchildren. The department of Polytechnic and Community College Education and Politeknik Mersing in Johor is also off to set up the Cyber Range Academy, which provides the students with an authentic learning environment in the threat landscape.

For our part, Kaspersky understands the cyber security needs in ensuring the success of Industry 4.0 and have solutions in place – Industrial CyberSecurity (ICS), with the aim to protect companies from three main risks [4].

Firstly, unintentional infection of an industrial network.  In theory, industrial information networks should not be connected to office networks, and should also not have direct access to the internet.  However, sometimes without intending to cause any harm, staff will connect infected removable drives to industrial computers or access the internet to update software on the server, resulted malware manages to penetrate the network.

Secondly, it is not unusual for people who are professionally versed in industrial systems to try and use that knowledge to trick their employer, which cause serious harm to the business.

Thirdly, cyberwar, targeted actions that are intended to cause damage. Two years ago, a massive data breach saw more than 46 million mobile subscribers in Malaysia leaked on to the dark web.

For companies to reach their Industry 4.0 goals, all components have to be protected.

Remember ShadowHammer [5] which Kaspersky team highlighted in the research back in March?  Executable files, found in reputable and trusted large manufacturer, contained malware features, which upon careful analysis confirmed been tampered by malicious attackers.

To avoid being victims and ensuring a clearer path to achieving Industry 4.0 [6], we suggest to:

    • Regularly update operating systems, application software, and security solutions
    • Apply necessary security fixes andaudit access control for ICS components in the enterprise’s industrial network and at its boundaries
    • Provide dedicated training and support for employees as well as partners and suppliers with access to your network
    • Restrict network traffic on ports and protocols used on edge routers and inside the organization’s OT networks
    • Use ICS network traffic monitoring, analysis and detection solutions for better protection from attacks potentially threatening technological process and main enterprise assets
    • Deploy dedicated securitysolutions on ICS servers, workstations and HMIs, such as Kaspersky Industrial CyberSecurity. This solution includes network traffic monitoring, analysis and detection to secure OT and industrial infrastructure from both random malware infections and dedicated industrial threats
    • Form a dedicated security team for both IT and OT sectors
    • Equip these security teams with proper cybersecurity training as well as real-time and in-depth threat intelligence reports

[1] FAQs on Industry 4.0

[2] National Policy on Industry 4.0

[3] Bridging the talent gap in cybersecurity

[4] Securing Industrial Revolution 4.0

[5] Operation ShadowHammer: a high-profile supply chain attack

[6] Almost every second industrial computer was subjected to malicious cyber activity in 2018

 

What Is Industrial Revolution 4.0?

Industrial Revolution 4.0, also known as the Fourth Industrial Revolution or Industry 4.0, is a term that is applied towards the current trend of intelligent automation that is enabled by information technology, interconnectivity and data analytics.

 

Industry 4.0 employs a wide range of technologies to achieve those aims, such as mobile devices, Internet of Things, smart sensors, big data analytics, augmented reality, cloud computing, and more.

Countries and corporations that successfully make use of these technologies will greatly improve their productivity. Hence, there is great interest by governments and companies to develop and accelerate their IR 4.0 capabilities.

 

Why AI Digital Intuition Will Deliver Cyberimmunity By 2050!

In his first prediction for Earth 2050, Eugene Kaspersky believes that AI digital intuition will deliver cyberimmunity by 2050. Do YOU agree?

 

What Is Earth 2050

Earth 2050 is a Kaspersky social media project – an open crowdsourced platform, where everyone can share their visions of the future.

So far, there are nearly 400 predictions from 70+ visionaries, from futurologist Ian Pearson, astrophysicist Martin Rees, venture capitalist Steven Hoffman, architect-engineer Carlo Ratti, writer James Kunstler and sci-fi writer David Brin.

Eugene himself dabbles in cyberdivination, and shares with us, a future of cyberimmunity created by AI digital intuition!

 

Eugene Kaspersky : From Digital Intuition To Cyberimmunity!

In recent years, digital systems have moved up to a whole new level. No longer assistants making life easier for us mere mortals, they’ve become the basis of civilization — the very framework keeping the world functioning properly in 2050.

This quantum leap forward has generated new requirements for the reliability and stability of artificial intelligence. Although some cyberthreats still haven’t become extinct since the romantic era around the turn of the century, they’re now dangerous only to outliers who for some reason reject modern standards of digital immunity.

The situation in many ways resembles the fight against human diseases. Thanks to the success of vaccines, the terrible epidemics that once devastated entire cities in the twentieth century are a thing of the past.

 

However, that’s where the resemblance ends. For humans, diseases like the plague or smallpox have been replaced by new, highly resistant “post-vaccination” diseases; but for the machines, things have turned out much better.

This is largely because the initial designers of digital immunity made all the right preparations for it in advance. In doing so, what helped them in particular was borrowing the systemic approaches of living systems and humans.

One of the pillars of cyber-immunity today is digital intuition, the ability of AI systems to make the right decisions in conditions where the source data are clearly insufficient to make a rational choice.

But there’s no mysticism here: Digital intuition is merely the logical continuation of the idea of machine learning. When the number and complexity of related self-learning systems exceeds a certain threshold, the quality of decision-making rises to a whole new level — a level that’s completely elusive to rational understanding.

An “intuitive solution” results from the superimposition of the experience of a huge number of machine-learning models, much like the result of the calculations of a quantum computer.

So, as you can see, it has been digital intuition, with its ability to instantly, correctly respond to unknown challenges that has helped build the digital security standards of this new era.

 

Recommended Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Kaspersky Travel Scam Alert + Advisory For The Holidays!

Kaspersky Lab just issued a travel scam alert and advisory for this holiday season. Pay attention, so you will enjoy a great holiday!

 

Travel Scam Operations On The Rise!

Kaspersky Lab researchers have uncovered several travel scam operations last month, seeking to trick holiday-goers looking for great bargains.

Fraudsters Are Phishing For Unwary Victims

There were more than 8,000 phishing attacks, disguised as offers from popular lodging platforms. In fact, 7,917 of those phishing attacks specifically targeted people looking for Airbnb rentals.

In one example, fraudsters created a phishing page that look like an Airbnb page, and pretended to offer cheap city-centre rentals with high review scores. Once the victim confirmed and paid for the booking, both the fraudsters and the offer disappeared.

Spam Is Still Effective!

In just one day, the researchers detected 7 different fake email blasts that are very convincingly disguised as offers from popular booking platforms for airline tickets and accommodation.

Three of those spam emails actually offered FREE FLIGHTS in return for the completion of a short online survey, and sharing the link with other people. After answering just three questions, victims were asked to enter their phone numbers, which were then used to subscribe to paid mobile services.

 

Travel Scam Methods

Spam and phishing attacks were amongst the most effective attack vectors. They use social engineering to manipulate and exploit human behaviour.

Fake Websites

These travel scam operations are often very sophisticated, using fake sites that are almost identical to the legitimate websites.

They, therefore, easily trick unwary victims into handing over their credit card details, or pay for a product or service that does not exist.

Mobile Booking Risk

More people are booking their flights and accommodations on a mobile device, which makes it harder to spot fake links. This makes mobile users particularly vulnerable to both spam and phishing attacks.

 

Kaspersky Travel Scam Advisory

To avoid these travel scams, Kaspersky Lab recommends taking these security measures :

  • If an offer seems too good to be true, it probably is. AVOID IT!
  • CHECK the link in the browser’s address bar before you key in sensitive information like your login and password.
    If it is misspelled (e.g. airbnb.com.room.online), or does not match the page you are visiting (like this example below), or uses special symbols instead of letters, don’t key in any information. CLOSE THE PAGE!

An Expedia page with a Booking.com address??? Something’s NOT right…

  • Book your stay and tickets only with trusted providers.
    Make sure you are on their actual websites by typing in their address in the browser’s address bar.
  • NEVER click on links that come from an unverified source, whether it’s in an email, an instant message or through social networks.
  • Use a security solution with behaviour-based anti-phishing technologies like Kaspersky Security Cloud, or Kaspersky Total Security, which will warn you if you get tricked into visiting a phishing web page.

 

Recommended Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Incident Response – Five Key Factors CISOs Should Consider!

Maxim Frolov, Vice President of Global Sales, Kaspersky Lab, speaks about Incident Response, a critical tool of every cybersecurity team to respond to, and manage cyberattacks.

Here are five key factors he believes every CISO (Chief Information Security Officer) should consider while formulating their companies’ Incident Response process.

 

Cyberattacks Are Inevitable

As cyberattacks become more sophisticated and frequent, many CISOs agree that a cyberattack on their companies are inevitable.

They also believe that the speed and quality of their incident response are the most important factors in measuring their performance.

Hence, IT security departments are now focused, not just on preventing attacks, but also on identifying the issues in time to minimise damage.

 

What Is Incident Response?

Incident Response (IR) is the methodology a cybersecurity team uses to respond to, and manage cyberattacks. It aims to reduce damage and recover from an attack as quickly as possible.

A good incident response plan also includes a thorough investigation to learn from an attack, in order to prepare for and prevent a repeat attack in the future.

 

The Five Key Factors CISOs Should Consider About Incident Response

While CISOs understand that a well-developed, repeatable incident response plan is critical, they face five major issues in developing a good plan.

Factor #1 : Shortage Of Qualified Professionals

Incident response does not mean jumping into the remediation phase when an incident happens. It actually starts before an attack has occurred, and does not stop after the attack ends. In general, it consists of four stages :

  • Stage 1 : All responsible employees are prepared, so they know how to act when an attack happens
  • Stage 2 : Detection of an ongoing cybersecurity incident
  • Stage 3 : The incident response team eliminates the threat and recover affected systems
  • Stage 4 : The incident response strategy is reviewed based on this experience, to mitigate against a future attack

Such diversified activities require different types of professionals, who are in short supply. According to a Kaspersky Lab survey, CISOs find it quite impossible to find malware analysts (43%), specialists that can respond to an attack (20%) and threat hunters (13%).

The other issue is employee retention. Specialists know that they are in great demand, and easily switch to a rival organisation for a higher salary. It is, therefore, increasingly hard for companies to employ and retain a team to conduct the entire incident response process.

Factor #2 : Choosing Suitable Outsourcers

Because of the difficulties in forming an internal Incident Response team, many companies opt to outsource the job. However, it is no trivial task to choose a suitable third-party IR team.

A good outsourced Incident Response team should be proficient in the important IR competencies, namely threat research, malware analysis and digital forensics.

Their capabilities should be ascertained through vendor-neutral certification, and past experience. The diversity of their client base is also important – working in a variety of industries will allow them to find similarities in seemingly disparate cybersecurity cases.

Companies in strictly-regulated industries will have additional restrictions when they are considering outsourcing candidates. They can only choose from IR teams that meet specific compliance requirements.

Factor #3 : Cost Of Incident Response

Establishing and maintaining an in-house Incident Response team is costly. Not only are full-time specialists expensive, companies also need to purchase solutions and threat intelligence services their IR team will need for threat hunting, data analysis and attack remediation.

Yet they cannot afford not to have an IR strategy in place. The average cost of a data breach is on the increase, now amounting to US$1.23 million on average. This is an increase of 24% from US$992,000 in 2017.

Some organisations may find the outsourced model to be more cost-effective and flexible. However, enterprises that deal with numerous incidents will find it necessary to have an in-house IR team.

To save costs, organisations can employ a hybrid approach – forming an internal team of first-level responders, with external experts on retainer.

Factor #4 : Synergy With IT Department

Both the Incident Response team and the IT department must understand their respective roles and work together. After all, they have conflicting objectives when a cybersecurity incident occurs.

The IT team will want to shut down infected machines to reduce or prevent data loss, and stop the malware from spreading. On the other hand, the IR team will want to collect evidence, which would mean leaving the “crime scene” untouched even after the incident is over.

If the IT team disconnects the machines, and/or stores the logs for only three months; that would make the IR team’s work a great deal more difficult.

To avoid such issues, the internal IR team should provide tailored guidance or training for their IT colleagues. This would ensure that both teams are on the same page when an attack happens.

Factor #5 : Delays In Responding

Organisations that rely on outsourced IR teams can quickly get their incident response processes in place, because the external IR team is always at hand to step in and help resolve an incident.

However, this can only happen after contracts are signed, and agreements ratified; leading to a delay in incident response.

In Maxim’s experience, an organisation often comes back to work on Monday to discover that they were breached during the weekend. They will try to handle the incident for several days, before turning to external experts.

However, it’s usually Friday by the time they start seeking help. Even if they have a pre-vetted contractor to turn to, and rush the approval of an agreement; it will take several more days before the external IR team can get to work.

Hence, it is a good idea for organisations to have an internal Incident Response team (even if they are just first-level responders) that can quickly evaluate the incident and delegate responsibility.

 

The Most Effective Incident Response Strategy

For most large organisations, the hybrid approach to Incident Response is perhaps the most effective.

Combining a small in-house team with third-party responders will help them maintain an effective IR strategy, without the problems associated with maintaining a dedicated internal team or outsourcing the job completely.

Even though outsourcing incident response is attractive financially, it doesn’t mean the organisation can hand over the reins and absolve all responsibility for incident response. Having a suitable IR plan for their particular organisation is still important, as well as the need for the external IR team to liaise with the organisation’s IT team.

There should be a proper process for when employees should ask for external assistance, and what it will address. An employee should also be tasked with prioritising actions and coordinating between the external IR team and internal departments.

 

Recommended Reading

Go Back To > Cybersecurity | Home

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


The 2019 Kaspersky Cybersecurity Report – Key Findings + Advice!

The 2019 Kaspersky Lab year-on-year cybersecurity report is here, and it revealed a number of interesting changes in cyberthreats. Here is a quick primer on what the Kaspersky Lab team discovered!

 

The 2019 Kaspersky Cybersecurity Report

The 2019 Kaspersky cybersecurity report is based on the Kaspersky Security Network (KSN) data from 2017 and 2018.

This report saw an appreciable drop in local infections in Malaysia, but it’s not all roses. The same report noted massive increases in web threats and malware hosting during the same period!

Web Threats

Web Threats, also known as Online Threats, are malware that attack users through the Internet. It can be in the form of a browser-based attack which hijacks the victim’s computer.

The 2019 Kaspersky Lab cybersecurity report reported that they detected over 42 million web threats in 2018 – a shocking 2.5X increase over 2017.

No of Detections

Users Attacked

Rank

2017

2018

2017

2018

2017

2018

16,740,303

42,052,261

33.2%

37.7%

25th

25th

Local Threats

Local Threats are infections or malware that attack the victim’s computer through infected media (like a USB drive), or initially gets into the computer in an encrypted format.

This is the silver lining in the report. The Kaspersky Security Network recorded a 17.4% drop in local threats in 2018, compared to 2017. Even so, that was still way over 67 million detections, and local threats remain a serious cybersecurity threat.

No of Detections

Users Attacked

Rank

2017

2018

2017

2018

2017

2018

82,026,205

67,739,963

605%

56.5%

74th

86th

Malware Hosting

Malware Hosting in the report refers to malware that was detected to be hosted on servers or websites based in Malaysia.

The team reported a massive 3.4X increase in servers or websites hosting malware in Malaysia. Over 1.6 million servers or websites!

No of Incidents

Share of Incidents Hosted

Rank

2017

2018

2017

2018

2017

2018

480,090

1,640,611

0.03%

0.05%

37th

39th

 

2019 Kaspersky Lab Cybersecurity Advice

Kaspersky Lab security experts advocate the following basic but important steps to protect yourself against cyberthreats in 2019 :

  • Carefully check the link before visiting a site, especially for misspelling or other irregularities, even if you think it’s a site you’ve visited regularly before.
  • Enter your username and password only over a secure connection. Avoid logging in to online banks and similar services via public Wi-Fi networks.
  • Be aware that URLs that begin with the “https” may not always be secure.
  • Don’t trust emails from unknown senders until you can verify the authenticity their origins.
  • Always run a system with a quality, up-to-date anti-malware program such as Kaspersky Internet Security.

 

The Kaspersky Security Network

The 2019 Kaspersky Lab cybersecurity report relied on data collected by the Kaspersky Security Network (KSN).

KSN is a distributed infrastructure dedicated to intelligent processing cybersecurity-related data streams from millions of voluntary participants around the world. By analysing these data streams automatically in the cloud, KSN delivers much faster reaction times to new and yet unknown cyberthreats.

KSN also employs Kaspersky Lab’s HuMachine principle ~ both Kaspersky Lab expert knowledge and next-generation machine learning capabilities are merged, allowing Kaspersky Lab to spot patterns, changes and new threats in the cyber landscape with greater accuracy and skill.

 

Recommended Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


The 2019 Kaspersky ICS CERT Report + Recommendations!

The 2019 Kaspersky ICS CERT Report just revealed that almost half of the Industrial Control System (ICS) computers they protected were attacked in the second half of 2018. This is a wake-up call to industries large and small.

They also shared with us some technical measures that can help companies ward off these cyberattacks.

 

The 2019 Kaspersky ICS CERT Report

The 2019 Kaspersky ICS CERT report is based on the industrial threat landscape the team experienced in H2 2018.

In that period, they noted that almost half of the ICS computers they were protecting were attached in some form.

These attacks could have crippled these industrial facilities if they resulted in an actual breach. That would have caused great material and production losses.

Here is the summary of their report :

  • 47.2% of ICS computers were attacked in 2018, slightly more than the 44% they encountered in 2017.
  • Vietnam was the top country, with 70.90% of their ICS computers attacked
  • Algeria was second, with 69.91%; and Tunisia was third with 64.57% attacked.
  • The least impacted countries were Ireland (11.7%), Switzerland (14.9%), and Denmark (15.2%).

 

Mass-Distributed Malware Is The Greatest Threat

Mass-distributed malware such as phishing emails are the most common way used by hackers to infiltrate industrial companies throughout the Asia Pacific region and the world.

Despite the common myth, the main source of threat to industrial computers is not a targeted attack, but mass-distributed malware that gets into industrial systems by accident, over the internet, through removable media such as USB-sticks, or e-mails.

However, the fact that the attacks are successful because of a casual attitude to cybersecurity hygiene among employees means that they can potentially be prevented by staff training and awareness – this is much easier than trying to stop determined threat actors,” said Kirill Kruglov, security researcher at Kaspersky Lab ICS CERT.

 

Knowledge And Training Are Essential To Combating Malicious Cyber Attacks

According to Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky Lab,

Our researchers are seeing many carefully crafted phishing emails, sent purportedly by real companies and masked as business correspondence, commercial offers, invitations to tender and so on, which could be very commonly faced by many enterprises in Malaysia.

We recommend all companies to warn their staff of this real threat and to train them to recognize signs of an attack, to not open suspicious files or click on links, and to inform their IT department of any potential incidents,” Yeo said.

H2 2018 saw a decline in ICS infections in Malaysia, 41.1% versus H1 2018 of 50.8%. It is a good sign that users are more aware of the cyber risks, and are becoming careful about it,” Yeo added.

 

How To Safeguard Industrial Computer Systems (ICS)

The 2019 Kaspersky Lab ICS CERT recommends the following measures to protect Industrial Computer Systems (ICS) :

  • Regularly update operating systems, application software on systems that are part of the enterprise’s industrial network.
  • Apply security fixes to PLC, RTU and network equipment used in ICS networks where applicable.
  • Restrict network traffic on ports and protocols used on edge routers and inside the organization’s OT networks.
  • Audit access control for ICS components in the enterprise’s industrial network and at its boundaries.
  • Deploy dedicated endpoint protection solutions on ICS servers, workstations and HMIs.
  • Make sure security solutions are up-to-date and all the technologies recommended by the security solution vendor to protect from targeted attacks are enabled.
  • Provide dedicated training and support for employees as well as partners and suppliers with access to your network.
  • Use ICS network traffic monitoring, analysis and detection solutions for better protection from attacks potentially threatening technological process and main enterprise assets.

 

Recommended Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


How To Deal With The Momo Challenge + Hype!

The Momo challenge and hype continue to create panic and hysteria over the Internet for more than a year now. Here is a short guide on what Momo is all about, and how to deal with the Momo challenge and hype!

 

What Is Momo?

Momo is actually a photo of a sculpture of the Ubume ghost by a Japanese artist Keisuke Aizawa that some pranksters use to create the Momo hype.

Using WhatsApp, these pranksters use the Momo picture to scare people, and spread hysteria, by sending victims horror pictures, claims of knowing everything about their contacts, and so on.

 

The Momo Challenge

The same Momo accounts are also said to also challenge people to harm themselves or others. They are said to be presented as a series of challenges or initially benign tasks, that culminates in demands of violent acts or suicide.

Although no actual cases have been confirmed, the Momo challenge created a hysteria, thanks to the media and Internet trolls.

The media failed to verify facts before presenting the Momo challenge as a genuine threat, while Internet trolls take opportunity of the public’s fear and ignorance to spread more false stories about the Momo challenge or hype.

 

Momo Is NOT A Virus, But It Is Dangerous

Although it has been claimed that Momo can add itself to contact lists using a virus, this is not true. There is no virus that spreads Momo, or a Momo virus.

Momo is not a cybersecurity threat – it cannot steal or damage your data. Yet it is still a threat to both parents and children.

Children don’t know better that Momo is not real, and may be enticed by pranksters using the Momo avatar to trick them into doing something wrong or unsavoury.

Parents, on the other hand, can be overwhelmed by the media onslaught about Momo, and over-react because they don’t know what to do.

 

How To Deal With The Momo Challenge

David Emm, Principal Security Researcher at Kaspersky Lab, shared with us some ways to deal with the Momo challenge.

  •  Have regular conversations with your child(ren) – make them aware of how to be safe online. Agree which sites are appropriate for them and ensure they understand the reasoning behind this. They also need to know that they can – and should – confide in a trusted adult if they experience something upsetting whilst online.
  • Make sure your child understands they should not ‘friend’ anyone online they don’t know in real life, or add unknown numbers to their contacts – people online are not always honest about who they are and what they want
  • Activate safety settings – settings such as auto-play should be disabled and parental controls can be installed to help prevent children from viewing inappropriate content.
  • Make use of the mute, block and report features – This will protect them from a lot of harmful content.
  • Never share personal information such as phone numbers, address, etc with people you don’t know.

 

Suggested Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Tech ARP 20th Anniversary Giveaway Week 7 – Western Digital!

Tech ARP is now 20 years old! To celebrate, we partnered up with many of the world’s TOP BRANDS to thank you all for your loyal support with a TWENTY-WEEK GIVEAWAY! 😲 😲 😲

 

Tech ARP Is 20 Years Old & Going Strong!

Time sure FLIES when you are having fun! Twenty years ago, Ken, Chai and I got together to rebrand Adrian’s Rojak Pot as Tech ARP. We were having trouble explaining what rojak was, and that pot did not refer to marijuana / cannabis! 😂😂😂

That was in the good old days of sawing off pipe end caps to turn into CPU water coolers, and modifying SLAB (sealed lead acid batteries) into the world’s first power bank for our PDAs (remember those?).

Those sure were CRAZY DAYS! 😂😂😂

Somehow, we worked our way to the forefront of motherboard technology with our seminal BIOS Optimization Guide, which later got published as Breaking Through The BIOS Barrier : The Definitive BIOS Optimization Guide for PCs.

I don’t know how I did it, but somehow, we did all those crazy stuff while I was still in medical school! CRAZY days indeed!

Over the years, we moved from strength to strength, with Ken hand-developing our own backend, and Chai nurturing our budding forums.

Somehow, we persevered and by the miracle of surviving the passage of time, Tech ARP is Malaysia’s oldest tech website!

Today, we are still pretty much the same team, with FalconeDashkenCarolyn, Hui Xin, Alyssa, Kar Hoe and Brian Chong helping us out here and there. Thank you, guys!

 

The Tech ARP 20-Week Giveaway

To thank you all for sharing our crazy journey over the years, we have prepared a 20-week giveaway contest. Actually, a series of twenty weekly giveaway contests.

We worked with many of the world’s TOP BRANDS to bring you all some goodies. We are also sponsoring some of these giveaways ourselves. Here are some of the brands that will be sponsoring their own giveaways here soon :

[adrotate group=”2″]
  • Acer – Special Edition Laptop!
  • AMD – AMD Ryzen CPUs!
  • BenQ – MONITOR!
  • Cooler Master – CPU coolers, gaming keyboards and more!
  • Dell – POWER COMPANIONS, speakers and more!
  • Edifier – Headphones!
  • GIGABYTE – Motherboards!
  • TP-LINK
  • Western Digital – SSDs + HDDs!

Where possible, we are opening up the giveaways WORLDWIDE. But where our brand partners wish to restrict their giveaways to certain regions or countries, we will notify you of that.

Week 1 Giveaway by Tech ARP

Week 2 Giveaway by Dell

Week 3 Giveaway by Tech ARP

Week 4 Giveaway by BenQ + Tech ARP

Week 5 Giveaway by Dotty’s + Tech ARP

Week 6 Giveaway by Pocophone!

Week 7 Giveaway by Western Digital!

All we ask is that you use your genuine personal Facebook account in our Facebook contests. We will automatically disqualify anyone who uses a Facebook account that is primarily used for contests.

 

Crowdfunding Tech ARP

As we have been for the last twenty years, Tech ARP is a crowdfunded website. We do NOT charge for our articles. So if you wish to help us out, please feel free to donate to our cause. Thank you!



Next Page > Week 1 Giveaway by Tech ARP

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


20th Anniversary Week 1 Giveaway

To kick things off, we are giving away the following prizes for the first week!

The Awesome Prize : Microsoft Lumia 950 Smartphone + Microsoft Display Dock + Tempered Glass Screen Protector

Cool Prize #1 : TP-Link Groovi Ripple Portable Bluetooth Speaker

Cool Prize #2 : TP-Link Groovi Ripple Portable Bluetooth Speaker

Cool Prize #3 : Olike Qualcomm Quick Charge 3.0 Car Charger with two USB ports

Cool Prize #4 : Olike Qualcomm Quick Charge 3.0 Car Charger with two USB ports

Contest Period : 31 August to 7 September 2018

Eligibility : WORLDWIDE *

* Tech ARP will pay for standard shipping, but you may opt to pay for expedited or express shipping services.

Week 1 Giveaway Rules

  1. Make sure you LIKE the Tech ARP Facebook page.
  2. Everyone definitely wants The Awesome Prize, but we want to know which of the Cool Prizes you prefer – the Groovi Ripple, or the Olike QC 3.0 car charger.
    So post a comment in our official Facebook post on the Week 1 Giveaway, and tell us which you prefer :
    a) TP-Link Groovi Ripple, or
    b) Olike QC 3.0 Car Charger

  1. SHARE our official Facebook post on your Facebook wall. Please make sure it is PUBLIC, so we can verify.

BONUS : Liking and sharing our posts, or commenting and tagging your friends, will give you a higher chance of winning The Awesome Prize or the prize you want!

That’s it! It’s THAT simple!

Contest Mechanics

[adrotate group=”2″]
  1. At the end of the contest, we will randomly select FIVE contestants.
  2. If any contestant fails to meet any of the rules above, another contestant will be randomly selected.
  3. The Likes, Shares, Comments and Tags of the five verified contestants in the Tech ARP Facebook page will be calculated.
  4. The Awesome Prize winner will be randomly selected from that pool.
  5. The subsequent winners will be randomly selected from that pool, with prize preference given to those who are selected first.
  6. Each contestant may only win one prize, so if his/her number is selected again, it will be discarded and a new number randomly selected.

Got it? Go and try it out!

Note On Gaming Accounts : Contestants who use gaming accounts will be automatically disqualified. Please use your personal Facebook accounts.

 

Week 1 Giveaway Winners!

We are very excited to announce the winners for the Week 1 Giveaway!

Mohd Fahmi wins the Microsoft Lumia 950 Smartphone + Microsoft Display Dock + Tempered Glass Screen Protector!

Faridah Akmal wins a TP-Link Groovi Ripple Portable Bluetooth Speaker!

Alister Lok wins a TP-Link Groovi Ripple Portable Bluetooth Speaker!

Mohd Khairul Zaman wins an Olike Qualcomm Quick Charge 3.0 Car Charger!

Ivan Ng wins an Olike Qualcomm Quick Charge 3.0 Car Charger!

Winners, please send your full details to contest @ techarp.com.

Full Name :
Full Address :
Mobile / Contact Number :
Email Address :

LAST CALL : Those who do not submit their details by 12 PM, Friday, 19 October 2018 will forfeit their prizes.

Next Page > Week 2 Giveaway by Dell

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


20th Anniversary Week 2 Giveaway

This week, Dell will be giving away prizes worth more than RM 2,000 / $500!

The Awesome Prizes : Dell PW7015M Power Companion (2 units)

Great Prizes : Dell AE215 Speaker System (2 units)

Cool Prizes : Dell WM514 Wireless Laser Mouse (3 units)

Nice Prizes : Dell AX210 USB Speaker System (6 units)

Dell PW7015M Power Companion (12,000 mAh)

Meet the Dell Power Companion – a handy device that powers select Dell notebooks and ultrabooks, as well as up to two smartphones, tablets or other USB-enabled devices, ensuring users can be more productive on-the-go.

Lightweight and compact, and featuring a 12,000 mAh 4-cell battery that provides reliable power, this compact power solution is designed to deliver in-bag charging so you can stay powered without adding bulk to your bag.

Dell 2.0 Speaker System – AE215

The Dell 2.0 Speaker System (AE215) provides high quality sound experience that fits neatly into almost any desktop setup. With premium sound professionally tuned by award-winning Waves Maxx Audio and a compact and modern design, the speakers deliver a surprising amount of full, deep bass without adding clutter to your desk.

In addition, the Dell AE215 speakers also feature a headphone jack so you can plug in your favourite headphones for a private listening experience without interruptions.

Dell WM514 Wireless Laser Mouse

The Dell WM514 Wireless Laser Mouse is a stylish, high-precision wireless mouse with long battery life. Its laser tracking feature allows for smooth tracking on virtually any surface, and provides quick response times and accurate clicking.

There is no greater option for a clutter-free workspace with its compact size, and unrestricted performance that allows mobile professionals to have all of the expected conveniences of a wireless mouse. The WM514 is also designed for comfort, allowing users to work or play for longer periods without the usual stress on the wrists or hands.

Dell AX210 USB Speaker System

Dell’s AX210 offers great sound for a PC desk with little room. These speakers are a true upgrade in audio quality and functionality. Designed to complement any Dell computer, the speakers give users a unified aesthetic at home or in the office.

Whether you’re enjoying the latest movie, playing an action-packed game, or participating in a video conference, you will be at the center of excellent sound.

Contest Period : 8 to 21 September 2018

Eligibility : WORLDWIDE *

* Tech ARP will pay for standard shipping, but you may opt to pay for expedited or express shipping services.

Week 2 Giveaway Rules

  1. Read the description of the prizes above, as well as these Dell articles :
    The 2018 Dell Precision 3000 Series Workstations Revealed!
    Why Dell Precision Is World’s Preferred Workstation!
    Dell S2719DM Ultra-Thin FreeSync HDR Monitor Preview
  2. Answer just five (5) simple multi-choice questions regarding the prizes and the three Dell articles.
  3. Tell us the sequence of the Great, Cool or Nice prizes that you prefer!
  4. If you want a shot at winning the Awesome Prize, you will need to share our contest post in Facebook. If you want more chances to win the Awesome Prize, tag your friends in our our contest post, or comment or like it.

That’s it! It’s THAT simple!

Contest Mechanics

  1. At the end of the contest, we will randomly select 5 contestants who shared our Facebook contest post. [adrotate group=”2″]
  2. If any contestant fails to answer any question correctly, another contestant will be randomly selected.
  3. The Likes, Shares, Comments and Tags of the five verified contestants to share our Facebook contest post, AND get all five questions correct will be calculated.
  4. Two winners will be randomly selected out of that pool to win an Awesome Prize each.
  5. The subsequent winners will be randomly selected from contestants who correctly answered all five questions, with prize preference given to those who are selected first.
  6. Each contestant may try multiple times but can only win one prize. If he/she has already won, a new contestant will be randomly selected.

Got it? Go and try it out!

 

Week 2 Giveaway Winners!

Here are the correct answers :

  1. How many cells are there in the Dell PW7015M Power Companion?
    4 Cells
  2. What kind of sensor does the Dell WM514 wireless mouse use?
    Laser
  3. How many models are in the 2018 Dell Precision 3000 Series Workstation family? See https://is.gd/ZM3mPj
    4
  4. Which Australian university uses Dell Precision workstations for all its engineering requirements? See https://is.gd/Uwpn5w
    Monash University
  5. What Corning technology is used in the Dell S2719DM monitor? See https://is.gd/5YcTTD
    Iris Glass

We are very excited to announce the winners for the Week 2 Giveaway!

Dell PW7015M Power Companion Winners
zy****@gmail.com
forbi****2k@yahoo.com

Dell AE215 Speaker System
– vee***@hotmail.com
– wchian****@hotmail.com

Dell WM514 Wireless Laser Mouse
– radu@*****.ro
– cheok*******@gmail.com
– open*****@gmail.com

Dell AX210 USB Speaker System
– junwah****@gmail.com
– skyline****@hotmail.com
– Tony******@gmail.com
– 
hiz****@hotmail.de
– retro_*****@yahoo.co.uk
– Koo******@gmail.com

Winners, please send your full details to contest @ techarp.com.

Full Name :
Full Address :
Mobile / Contact Number :
Email Address :

LAST CALL : Those who do not submit their details by 12 PM, Friday, 19 October 2018 will forfeit their prizes.

Next Page > Week 3 Giveaway by Tech ARP

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


20th Anniversary Week 3 Giveaway

For the third week, Tech ARP will be sponsoring these awesome prizes!

Awesome Prize #1 : honor Band SS smartwatch

Awesome Prize #2 : honor Band SS smartwatch

Cool Prize #1 : VR Box virtual reality glasses

Cool Prize #2 : VR Box virtual reality glasses

Cool Prize #3 : Kaspersky Foldable Bluetooth Keyboard

Cool Prize #4 : Kaspersky Foldable Bluetooth Keyboard

Cool Prize #5 : Honor Tripod Selfie Stick

Cool Prize #6 : Honor Tripod Selfie Stick

Contest Period : 17 September to 30 September 2018

Eligibility : WORLDWIDE *

* Tech ARP will pay for standard shipping, but you may opt to pay for expedited or express shipping services.

Week 3 Giveaway Rules

  1. Make sure you LIKE the Tech ARP Facebook page.
  2. Everyone definitely wants The Awesome Prizes, but we want to know which of the Cool Prizes you prefer :
    – the VR Box virtual reality glasses,
    – the Kaspersky foldable Bluetooth keyboard, or
    – the Honor tripod selfie stick.
    So post a comment in the prize of your choice! If you like, you can post a comment in all three prizes!
  1. SHARE the main contest post, and the prizes you want to win on your Facebook wall. Please make sure it is PUBLIC, so we can verify.

BONUS : Liking and sharing our posts, or commenting and tagging your friends, will give you a higher chance of winning The Awesome Prize or the prize you want!

BONUS : Likesshares, comments or tags on our many Samsung Galaxy Note9 posts will give you a higher chance of winning The Awesome Prize or the prize you want!

That’s it! It’s THAT simple!

Contest Mechanics

[adrotate group=”2″]
  1. At the end of the contest, we will randomly select TEN contestants.
  2. If any contestant fails to meet any of the rules above, another contestant will be randomly selected.
  3. The Likes, Shares, Comments and Tags of the ten verified contestants in the Tech ARP Facebook page will be calculated.
  4. The two Awesome Prize winners will be randomly selected from that pool.
  5. The subsequent winners will be randomly selected from that pool, with prize preference given to those who are selected first.
  6. Each contestant may only win one prize, so if his/her number is selected again, it will be discarded and a new number randomly selected.

Got it? Go and try it out!

Note On Gaming Accounts : Contestants who use gaming accounts will be automatically disqualified. Please use your personal Facebook accounts.

 

Week 3 Giveaway Winners!

We are very excited to announce the winners for the Week 3 Giveaway!

Awesome Prize #1 Winner : Isaac Lee Eng Quin

Awesome Prize #2 : Ken-Boon Teoh

Cool Prize #1 : Yee Mee Chan

Cool Prize #2 : Thomas George

Cool Prize #3 : Jireh Phan

Cool Prize #4 : Spectre Phang

Cool Prize #5 : Vicky Loo

Cool Prize #6 : Ilrelda Koh

Winners, please send your full details to contest @ techarp.com.

Full Name :
Full Address :
Mobile / Contact Number :
Email Address :

Note : Please submit your details by 12 PM, Wednesday, 14 November 2018 or you may forfeit your prize! 😀

Next Page > Week 4 Contest by BenQ + Tech ARP

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


20th Anniversary Week 4 Giveaway

For the 4th week, BenQ and Tech ARP will be sponsoring these awesome prizes!

Incredible Prize : BenQ EW277HDR Eye-Care Monitor

Cool Prize #1 : BenQ Travel Adaptor (White)

Cool Prize #2 : BenQ Travel Adaptor (Black)

Cool Prize #3 : Samsung Travel Adaptor (White)

Cool Prize #4 : Intel + Dell Travel Adaptor (Blue)

The BenQ EW277HDR Eye-Care monitor is part of a new range of BenQ Eye-Care monitors that feature the new Eye-Care technologies like Brightness Intelligence Plus and Low Blue Light.

BenQ specifically highlighted these HDR monitors (including the BenQ EW277HDR) as the best choices to be paired with the PlayStation 4 Pro or PlayStation 4. Here are their key specifications :

BenQ EW3270U

  • 4K UHD resolution – 3840 x 2160 pixels, HDR
  • 31.5-inch VA panel with 95% DCI-P3 colour gamut
  • Brightness Intelligence Plus, Low Blue Light, Flicker-free
  • Price : RM 1,899 (Web | App), US$ 599, £ 442.49

BenQ EL2870U

  • 4K UHD resolution – 3840 x 2160 pixels, HDR
  • 28-inch TN panel with 72% NTSC colour gamut
  • Brightness Intelligence Plus, Low Blue Light, Flicker-free
  • Price : RM 1,399 (Web | App), US$ 429.31£ 338.57

BenQ EW277HDR

  • Full HD resolution – 1920 x 1080 pixels, HDR
  • 27-inch VA panel with 93% DCI-P3 colour gamut
  • Brightness Intelligence Plus, Low Blue Light, Flicker-free
  • Price : RM 829 (Web | App), US$ 199.99£ 214.95

Would you like to own the BenQ EW277HDR Eye-Care monitor? Here’s how!

Contest Period : 24 September to 25 October 2018

Eligibility : Malaysia Only *

* Because it is large and fragile, we require the winner to collect the monitor from us in Selangor or Kuala Lumpur, with Penang as a possibility too. If necessary, the winner may send a representative. We will require a photo to be taken with the winner or representative, with some social media posts.

Week 4 Giveaway Rules

  1. Make sure you LIKE the Tech ARP Facebook page, and the contest post.
  2. You can then :
    a) Post a comment in the contest post, and tag your friends. Make sure you also use the #BenQPS4Monitor hashtag. You can tell us which Cool Prize you prefer, for example, or why you want to win the BenQ monitor.
    b) Share the contest post on your Facebook wall publicly, and use the #BenQPS4Monitor hashtag. You can tag your friends too for extra credit.
    c) Share the contest post in a relevant group, using the #BenQPS4Monitor hashtag.

  1. BONUS : Likesshares, comments or tags on our many Samsung Galaxy Note9 posts will give you a higher chance of winning The Awesome Prize or the prize you want!

That’s it! It’s THAT simple!

Contest Mechanics

[adrotate group=”2″]
  1. At the end of the contest, we will randomly select TEN contestants.
  2. If any contestant fails to meet any of the rules above, another contestant will be randomly selected.
  3. The Likes, Shares, Comments and Tags of the ten verified contestants in the Tech ARP Facebook page will be calculated.
  4. The Incredible Prize winner will be randomly selected from that pool.
  5. The subsequent winners will be randomly selected from that pool, with prize preference given to those who are selected first.
  6. Each contestant may only win one prize, so if his/her number is selected again, it will be discarded and a new number randomly selected.

Got it? Go and try it out!

Note On Gaming Accounts : Contestants who use gaming accounts will be automatically disqualified. Please use your personal Facebook accounts.

Next Page > Week 5 Giveaway by Dotty’s + Tech ARP

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


20th Anniversary Week 5 Giveaway

For the fifth week, Tech ARP and Dotty’s will be sponsoring these awesome prizes!

Awesome Prizes #1 : 5 x iflix Subscription (1 Year)

Awesome Prizes #2 : 5 x Dotty’s RM 100 voucher

Contest Period : 19 September to 29 October 2018

Eligibility : Malaysia Only (for Dotty’s) / Countries that iflix supports *

* The dotty vouchers are only valid in Malaysia. The iflix subscriptions are valid in Malaysia, Indonesia, Philippines, Brunei, Thailand, Vietnam, Cambodia, Myanmar, Pakistan, Nepal, Bangladesh, Sri Lanka, Maldives, Saudi Arabia, Kuwait, Bahrain, Jordan, Iraq, Lebanon, Egypt, Sudan, Nigeria, Kenya, Ghana, Zimbabwe, Tanzania, Morocco and Uganda.

Week 5 Giveaway Rules

  1. Make sure you LIKE the Tech ARP Facebook page, and the contest post.
  2. You can then :
    a) Post a comment in the contest post, and tag your friends. Make sure you tell us which prize you prefer using these hashtags – #IWantFREEiflix or #IWantFREEDottys.
    b) Share the contest post on your Facebook wall publicly, and use either hashtags. You can tag your friends too for extra credit.
    c) Share the contest post in a relevant group, using either hashtags..

  1. BONUS : Likesshares, comments or tags on any of our many Facebook posts will give you a higher chance of winning one of the Awesome prizes!

That’s it! It’s THAT simple!

Contest Mechanics

[adrotate group=”2″]
  1. At the end of the contest, we will randomly select TEN contestants.
  2. If any contestant fails to meet any of the rules above, another contestant will be randomly selected.
  3. The Likes, Shares, Comments and Tags of the ten verified contestants in the Tech ARP Facebook page will be calculated.
  4. The Incredible Prize winners will be randomly selected from that pool, with prize preference given to those who are selected first.
  5. Each contestant may only win one prize, so if his/her number is selected again, it will be discarded and a new number randomly selected.

Got it? Go and try it out!

Note On Gaming Accounts : Contestants who use gaming accounts will be automatically disqualified. Please use your personal Facebook accounts.

 

Week 5 Giveaway Winners!

We are very excited to announce the winners for the Week 5 Giveaway!

Awesome Prize #1 Winner : Franco Kailsan

Awesome Prize #1 Winner : Liza Lee

Awesome Prize #1 Winner : Mohd Fahmi

Awesome Prize #1 Winner : Siew Hong Go

Awesome Prize #1 Winner : Haqeem Norazli

Awesome Prize #2 Winner : Vee Fah

Awesome Prize #2 Winner : Steven Khoo

Awesome Prize #2 Winner : Chai Ser Loon

Awesome Prize #2 Winner : Falcone

Awesome Prize #2 Winner : Cyrus Varrus

Winners, please send your full details to contest @ techarp.com.

Full Name :
Full Address :
Mobile / Contact Number :
Email Address :

Note : Please submit your details by 12 PM, Wednesday, 28 November 2018 or you may forfeit your prize! 😀

Next Page > Week 6 Giveaway by Pocophone!

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


20th Anniversary Week 6 Giveaway

For the sixth week, Pocophone be sponsoring these awesome prizes!

Awesome Prize : Pocophone F1

Cool Prize : Mi Band 2

Contest Period : 1 November to 14 November 2018

Eligibility : Malaysia only for Pocophone F1, Worldwide for Mi Band 2

Week 6 Giveaway Rules

  1. Make sure you LIKE the Tech ARP Facebook page, the Mi Malaysia Facebook page and the contest post.
  2. You can then :
    a) Post a comment in the contest post, and tag your friends. Make sure you tell us which prize you prefer using these hashtags :
    – #FreePocophoneF1 and #XiaomiMY, OR
    #FreeMiBand2 and #XiaomiMY.
    b) Share the contest post on your Facebook wall publicly, and use either hashtags. You can tag your friends too for extra credit.
    c) Share the contest post in a relevant group, using either hashtags..

  1. BONUS : Likesshares, comments or tags on any of our many Facebook posts will give you a higher chance of winning one of the prizes!

Note : Use #FreePocophoneF1 if you are residing in Malaysia. It will qualify you for both the Pocophone F1 and the Mi Band 2. Use #FreeMiBand2 if you are residing outside of Malaysia. It will qualify you for the Mi Band 2.

That’s it! It’s THAT simple!

Contest Mechanics

[adrotate group=”2″]
  1. At the end of the contest, we will randomly select FIVE contestants.
  2. If any contestant fails to meet any of the rules above, another contestant will be randomly selected.
  3. The Likes, Shares, Comments and Tags of the five verified contestants in the Tech ARP Facebook page will be calculated.
  4. The Incredible Prize and Cool Prize winners will be randomly selected from that pool, with prize preference given to those who are selected first.
  5. Each contestant may only win one prize, so if his/her number is selected again, it will be discarded and a new number randomly selected.

Got it? Go and try it out!

Note On Gaming Accounts : Contestants who use gaming accounts will be automatically disqualified. Please use your personal Facebook accounts.

Next Page > Week 7 Giveaway by Western Digital!

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


20th Anniversary Week 7 Giveaway

For the seventh week, Western Digital be sponsoring these awesome prizes!

Awesome Prize : 1 TB Western Digital Blue SSD

Cool Prizes : 8 x 4 TB Western Digital Red HDD

Contest Period : 15 November to 15 December 2018

Eligibility : Klang Valley and Penang only for the HDDs*, Worldwide for SSD

—————-

Week 7 WD Blue SSD Giveaway Rules

  1. Learn about the WD Black NVMe SSD,
  2. Answer these easy questions!

WD Black NVMe SSD

The WD Black NVMe SSD is dedicated for PC gamers who are looking to boost the performance of their gaming rigs.

Featuring sequential read/write speeds up to 3,400/2,800 MB/s, and the innovative Western Digital NVMe SSD storage architecture, it’s where blazing speed and top-tier performance combine to keep up with even the most demanding workloads. Innovative power management and thermal throttling consistently help prevent overheating to deliver smooth, fast performance.

With up to 600TBW, 1.75M hours MTTF and an amazing 5-years limited warranty, the WD Black NVMe SSD is the virtually invincible SSD you can rely on.

Important : Learn more about the 2018 WD Black 3D NVMe SSD here!

Contest Mechanics

[adrotate group=”2″]
  1. At the end of the contest, we will create a pool of those who answered all the questions correct.
  2. If no one managed to answer all of the questions, then a pool will be created of the contestants with the most correct answers.
  3. We will then randomly select the Awesome Prize winner from that pool.

Got it? Go and try it out!

—————-

Week 7 WD Red HDD Giveaway Rules

  1. Make sure you LIKE the Tech ARP Facebook page and the contest post.
  2. You can then :
    a) Post a comment in the contest post, and tag your friends. Please let us know if you can self-collect the HDD using the hashtag #FreeHDD.
    b) Share the contest post on your Facebook wall publicly, and use the #FreeHDD hashtag if you can self-collect the HDD. You can tag your friends too for extra credit.
    c) Share the contest post in a relevant group. Please let us know if you can self-collect the HDD using the hashtag #FreeHDD.

  1. BONUS : Likesshares, comments or tags on any of our many Facebook posts will give you a higher chance of winning one of the prizes!

Collection : Winners of the HDDs must self-collect the WD Red hard disk drives in person, as we want to avoid the risk of damage during delivery. We can arrange to meet with the winners at these locations :

  • Selangor : Mutiara Damansara
  • Kuala Lumpur : TTDI
  • Penang : Seberang Jaya

Warranty : The drives are also provided as-is, without warranty from Western Digital or Tech ARP.

That’s it! It’s THAT simple!

Contest Mechanics

[adrotate group=”2″]
  1. At the end of the contest, we will randomly select TWENTY contestants who used the #FreeHDD hashtag.
  2. If any contestant fails to meet any of the rules above, another contestant will be randomly selected.
  3. The Likes, Shares, Comments and Tags of the twenty verified contestants in the Tech ARP Facebook page will be calculated.
  4. The Cool Prize winners will then be randomly selected from the pool of verified contestants.
  5. Each contestant may only win one prize, so if his/her number is selected again, it will be discarded and a new number randomly selected.

Got it? Go and try it out!

Note On Gaming Accounts : Contestants who use gaming accounts will be automatically disqualified. Please use your personal Facebook accounts.

Go Back To > First PageContests + Events | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


The AndOwningIt Campaign By Kaspersky Lab + The Mix!

Kaspersky Lab joined forces with digital youth charity The Mix to launch the AndOwningIt campaign for Generation Z! Here is everything you need to know about the #AndOwningIt campaign for youths!

 

Kaspersky Lab Reports Anxiety Among Generation Z!

Kaspersky Lab reports that the majority of Generation Z do not seek professional advice to help them cope with anxiety issues.

In line with its global commitment to turn insecurity into security, Kaspersky Lab has joined forces with digital youth charity The Mix to help young people from around the world embrace their own insecurities. The objective is to show them that anxiety issues are not barriers to achieving happiness.

The new campaign is called #AndOwningIt.

 

Who Are Generation Z?

Generation Z are young people aged between 13 to 23 years old. With their world dominated by online news and social media, nearly half of Generation Z said they feel more anxious about their appearance than about their career prospects, money, terrorism and being bullied.

The report revealed that these anxious feelings, or worries, can impact young people’s behavior including how they approach social media.

It is quite common for Generation Z to create a more manufactured perception of how they look. Most young people also spend up to half an hour editing their images or videos prior to posting them on social media platforms. The reason is to create a flawless image.

 

What Are The Findings Of The Report?

It was reported that girls are more insecure than boys. They feel much more anxious about their appearance than their male counterparts.

Nearly double the number of female Gen Z-ers compared to male Gen Z-ers admit to changing their eating habits (such as overeating or refraining from eating) because of appearance-related anxieties.

Body improvement and fitness content on social media makes young women feel worse than young men. Females have admitted to skipping a social event in the past year due to social anxiety.

What’s more worrying is that Generation Z does not seek help on what to do when they are feeling anxious. The majority young people do not visit a doctor for advice on how to cope with their anxieties.

This meant that many young people are struggling and they are unsure about how to deal with their feelings.

 

How are Kaspersky Lab And The Mix Helping The Generation Z?

Kaspersky Lab has joined forces with The Mix, a digital youth charity that supports people under the age of 25 to launch a new campaign to help turn Generation Z insecurities into securities. The campaign  #AndOwningIt aims to empower them to embrace the very things that make them feel insecure and allowing them to realize that insecurities are not barriers to happiness.

The first step to turn an insecurity into a strength is by admitting/owning it.

The campaign will be supported by custom t-shirts featuring the most common insecurities young people have, thus encouraging them to accept their insecurities and start a conversation. All of the profits from the sale of the t-shirts will go to The Mix.

 

How Can You Help The AndOwningIt Campaign?

Kaspersky Lab and The Mix are urging Generation Z to join the conversation across social media with the #AndOwningIt hashtag. They could also purchase a t-shirt to show their support.

Do Your Part Now!

Support the worthy cause by purchasing the AndOwningIt t-shirts here. For specific help in tackling anxiety or other mental health challenges, please reach out to The Mix.

The information and support offered is universal and can be accessed internationally.

 

Recommended Reading

[adrotate group=”2″]

Go Back To > Business + Enterprise | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Lab Tips On Staying Safe While Shopping Online!

Here is a short guide by the Kaspersky Lab team on how to stay safe while shopping online during the holiday sales, whether it’s for Black Friday, Cyber Monday or Christmas! Bookmark it for reference, and share this with your friends!

 

Kaspersky Lab Tips On Staying Safe While Shopping Online!

Why Is This Important?

14 families of malware targeting 67 different popular consumer brands around the world were recently detected. It caused the exposure of a large amount of client emails from a popular online shop.

Emails may seem a small matter but this sort of information is in fact precious to scammers. Any personal data can be used by cybercriminals to target their victims.

Increase in the share of financial phishing in the last years

How Do Scammers Compromise Your Personal Data?

If a company is compromised and scammers get hold of customer’s email addresses, they can create an automatized spam mailout that mimics an authentic email. This would entice users to follow a malicious link or download a malicious file onto their devices.

What Should You Do?

Be very careful as we head into the holiday sales season, from Black Friday till Christmas and Boxing Day sales – the busiest time of the year. Do not compromise your bank accounts by following a phishing link and entering your bank credentials. Research shows that malware designed to steal data from online banking and payment accounts has extended its reach to target online shoppers.

Amazon sent out a warning as soon as the leak was exposed. And, although Amazon’s actions have been criticized for a lack of technical detail and a recommendation not to change users passwords, it’s great that company’s representative’s didn’t hesitate to warn their customers about possible threats, asking them to be on the lookout to minimize possible damage,” said Tatyana Sidorina, security researcher at Kaspersky Lab.

Tips On Staying Safe While Shopping Online

To keep yourself safe from fraudsters while shopping online during this holiday season, Kaspersky Lab recommends taking the following precautionary measures:

  • Always check the link address and the sender’s email to find out if they are genuine before clicking anything – very often phishers create URLs and e-mails that are are very similar to the authentic addresses of big companies, yet differ from them with one or two letters.
  • To make sure you follow a correct link, do not click on it, but type it into your browser’s address line instead.
  • Do not enter your credit card details in unfamiliar or suspicious sites and always double-check the webpage is genuine before entering any personal information (at least take a look at the URL). Fake websites may look just like the real ones.
  • If you think that you may have entered your data into a fake page, don’t hesitate. Change your passwords and pin-codes ASAP. Use strong passwords consisting of different symbols.
  • Never use the same password for several websites or services, because if one is stolen, all of your accounts will be put at risk. To create strong hack-proof passwords without having to face the struggle of remembering them, use a password manager such as Kaspersky Password Manager.
  • To ensure that no one penetrates your connection to invisibly replace genuine websites with fake ones, or intercept your web traffic, always use a secure connection – only use secure Wi-Fi with strong encryption and passwords, or apply VPN solutions that encrypt the traffic. For example, Kaspersky Secure Connection will switch on encryption automatically, when the connection is not secure enough.

 

Recommended Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

First Kaspersky Transparency Center Launched In Zurich!

Kaspersky Lab just launched their first Data Processing and Transparency Center in Zurich. This is part of their Global Transparency Initiative that we covered a while back.

Let’s take a look, and find out what this means for Kaspersky Lab and global cybersecurity!

 

The First Kaspersky Transparency Center

Malicious and suspicious files shared by users of Kaspersky Lab products in Europe will be processed in Kaspersky Lab data processing centers in Zurich, the first part of a relocation commitment made by the company in late 2017 under its Global Transparency Initiative.

The move reflects Kaspersky Lab’s determination to assure the integrity and trustworthiness of its products and the data processing center is accompanied by the opening of the company’s first Transparency Center in Zurich.

The relocation of Kaspersky Lab data processing is part of a major infrastructure move designed to increase the resilience of the company’s IT infrastructure to risks of data breaches and supply-chain attacks. It also further proves the trustworthiness of its products, services and internal processes.

 

Threat-Related Data and Malicious Files

From November 13, threat-related data coming from European users will start to be processed in two datacenters. These provide world-class facilities in compliance with industry standards to ensure the highest levels of security.

The data, which users have actively chosen to share with Kaspersky Lab, includes suspicious or previously unknown malicious files and corresponding meta-data that the company’s products send to Kaspersky Security Network (KSN) for automated malware analysis.

Files comprise only part of the data processed by Kaspersky Lab technologies, yet the most important one. Protection of customers’ data, together with the safety and integrity of infrastructure is a top priority for Kaspersky Lab, and that is why the file processing relocation comes first and is expected to be fully accomplished by the end of 2019.

The relocation of other types of data processed by Kaspersky Lab products, consisting of several kinds of anonymized threat and usage statistics, is planned to be conducted during later phases of the Global Transparency Initiative.

 

Kaspersky Lab’s First Transparency Center

The opening of Kaspersky Lab’s first Transparency Center in Zurich enables authorized partners to access reviews of the company’s code, software updates and threat detection rules, along with other activities.

Kaspersky Lab will provide governments and partners with information on its products and their security, including essential and important technical documentation, for external evaluation in a secure environment.

These developments will be followed by the relocation of data processing for other regions and, in phase two, the move of Kaspersky’s Lab’s software assembly to Zurich.

 

Kaspersky Lab’s Choice of Location in Zurich, Switzerland

Switzerland is a top location in terms of the number of secure internet servers available and is known as an innovative center for data processing and high quality IT infrastructure. A non-EU member in the heart of Europe, Switzerland has established its own data privacy regulation that is guaranteed by the state’s constitution and federal laws. There are strict regulations on processing data requests received from authorities.

“Transparency is becoming the new normal for the IT industry– and for the cybersecurity industry in particular. We are proud to be on the front line of this process. As a technological company, we are focused on ensuring the best IT infrastructure for the security of our products and data, and the relocation of key parts of our infrastructure to Switzerland places them in one of the most secure locations in the world.

The promises made in our Global Transparency Initiative are coming to fruition, enhancing the resilience and visibility of our products. Through the new Transparency Center also in Switzerland, trusted partners and governments will be able to see external reviews of our products and make up their own minds. We believe that steps such as these are just the beginning – for the company and for the security industry as a whole. The need to prove trustworthiness will soon become an industry standard.” Eugene Kaspersky, CEO Kaspersky Lab said.

 

Kaspersky Lab’s Next Big Step

Kaspersky Lab has engaged one of the Big Four professional services firms to conduct an audit of the company’s engineering practices around the creation and distribution of threat detection rule databases. This is done with the goal of independently confirming their accordance with the highest industry security practices.

The assessment will be done under the SSAE 18 standard (Statement of Standards for Attestation Engagements). The scope of the assessment includes regular automatic updates of antivirus records which are created and distributed by Kaspersky Lab for its products operating on Windows and Unix Servers. The company is planning the assessment under SSAE 18 with the issue of the SOC 2 (The Service and Organization Controls) report for the second quarter 2019 as part of its ongoing efforts to improve the security of its products with the help of a community of security enthusiasts from all over the world.

 

Recommended Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Lab – Mobile Threats Are On The Rise!

Kaspersky Lab warns that mobile threats are on the rise. It is important for the public to be aware, and to take the right precautions. On their part, they are raising awareness through greater media outreach and special events.

Back in June 2018, Kaspersky Lab entered the Malaysian Book of Records, with 1,931 anti-virus for mobile devices activated at a single event.  That event was held in partnership with Tunku Abdul Rahman University College (TAR UC), in conjunction with Kaspersky Lab’s 20th anniversary.

 

Kaspersky Lab – Mobile Threats Are On The Rise!

According to the Malaysian Communication and Multimedia Commission Hand Phone Users Survey, the percentage of smartphone users continue to rise from 68.7% in 2016 to 75.9% in 2017. Awareness to protect personal data among Malaysians has increased with 64.5% of users vigilant in protecting their mobile phones using passwords and 44.5% backing up their photos and contacts. However, the number of Malaysians with mobile device security solutions on their smartphones is still low.

“Smart device users need protection for their devices.  When you buy a PC or laptop, the first thing most people would do is to install an antivirus solution.  However, the same cautious approach does not apply to smart devices like smartphones and tablets.  Instead, most would install the physical essentials such as screen protector or protective case when they purchase their new smart devices,” says Yeo Siang Tiong, General Manager, SEA, Kaspersky Lab. 

At the sidelines of the 2018 CIMB Classics, Siang Tiong added that majority of people relying heavily on smart devices, on calendar reminders, emails, contacts, making payments using e-wallets and online banking. The risks of mobile threats exposing those data to hackers is increasing with our reliance on smart devices.

“We used the Malaysian Book of Records as a platform to raise the awareness so more users will take the similar precautious approach on their smart devices.  Mobile device security goes beyond password-protecting a device, and backing up data serves as an extension of your brain.  As mobile devices become the primary device for more people, identify theft becomes easier, as online banking and in-app e-commerce transactions become more frequent.  The need to educate on securing mobile devices is urgent. This is why Kaspersky Lab held this record-breaking mobile device security activation drive in conjunction with our 20th anniversary,” Siang Tiong added.

In Q2 2018, Kaspersky Lab detected 1,744,244 million mobile malicious installation packages. That is  421,666 more mobile threats than were detected in the previous quarter.  Other kinds of mobile threats like mobile banking Trojans were also on the rise, with Kaspersky Lab detecting 3.2 times more instances than Q1 2018.  Mobile ransomware Trojans were also on the rise, with 14,119 installation packages detected.

It is clear that while many of us are not yet affected by mobile threats like banking or ransomware Trojans, we need to start taking precautions. Kaspersky Lab offers a few options :

  • Kaspersky Internet Security for Mobile (Android) : RM 7
  • Kaspersky Internet Security for PC / Mac / Mobile (1 Device)  : RM 59 | £14.99 | $54.50
  • Kaspersky Internet Security for PC / Mac / Mobile (3 Device)  : RM 69£19.85 | $37.64
  • Kaspersky Internet Security for PC / Mac / Mobile (5 Device)  : RM 129£24

 

Suggested Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Catch The Predator With Kaspersky Lab and Win Prizes!

Predators including cyber predators are everywhere, and too often we don’t see them coming. With Kaspersky Lab you could catch THE PREDATOR and possibly some cyber predators and win some prizes too!

 

Catch The Predator With Kaspersky Lab and Win Prizes!

THE PREDATOR directed and co-written by Shane Black (whose previous directorial credits include Iron Man 3 and Kiss Kiss Bang Bang) see a new group of humans take on the predators again in a setting, and with a story line that echoes many of the top cyber predator protection tips that have been shared by Kaspersky Lab.

Kaspersky Lab’s role in protecting the world from cybercriminals by hunting the cyberpredators ties in with the hunt-the-hunters cat and mouse game of The Predator’s protagonists led by Narcos‘ Boyd Holbrook and Moonlight’s Trevante Rhodes.

“Being cybersecurity experts, we want to make sure that the cyberworld is safe for everyone from all kinds of threats. Our job is pretty much parallel to the role of the good guys in the Predator movie as we are hunting the hunters to make the world a little safer from cybercriminals,” Yeo Siang Tiong, General Manager, SEA, Kaspersky Lab.

Kaspersky Lab in partnership with 20th Century Fox has an exciting promotional campaign for the “The Predator”.  A total of USD 81,000 in FOX Studio Tours in Hollywood and special edition promotional merchandise are up for grabs in Kaspersky Lab’s ‘The Predator Promo’ in the Asia Pacific.

 

Catch The Predator Contest

The Catch The Predator promotion is open 11 countries in the APAC region including Australia, Hong Kong, Indonesia, Malaysia, New Zealand, the Philippines, Singapore, South Korea, Taiwan, Thailand and Vietnam.

Seven winners from the participating countries will get an experience of a lifetime to go on a VIP Hollywood FOX Tour for two worth more than USD 8000 each to view where the movie was filmed. This is an extremely rare opportunity as Fox Studios no longer offers studio tours, and the prizes are inclusive of airfare for two and three nights hotel accommodation.

There are also 1000  Limited Edition Predator Gift Sets of a military cap and thermal flash worth USD 25 per set to be won for a total of USD81,000  in prizes.

To participate in this promotion purchase any of these selected Kaspersky Lab products from an official Kaspersky online e-store or retail store between 9.July and 31 October 2018. :

  • Kaspersky Anti-Virus (Web | App)
  • Kaspersky Internet Security (Web | App)
  • Kaspersky Total Security (Web | App)

 

Suggested Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

How KIPS Online + KIPS Live Games Improve Cybersecurity

We just tried our hand at the first KIPS (Kaspersky Initeractive Protection Simulation) Online training and simulation session! Find out what it’s all about!

 

KIPS – Not Your Average Monopoly Game

KIPS Online is the online version of the KIPS Live offline cybersecurity training game. Based on 20 years of Kaspersky Lab’s experience in corporate cybersecurity, it instills cybersecurity awareness in players, and offers real, actionable cybersecurity insights to top-level business executives.

Both the Online and Live versions aim to help managers understand cybersecurity threats and how they can affect the performance of the company. It will help them work better with their cybersecurity counterparts, both internal and external, to better and quickly deal with cybersecurity attacks and threats.

 

KIPS Helps Bring Down Recovery Cost

According to Kaspersky Lab’s Corporate IT Security Risks survey, 51% of enterprises agreed that it is difficult to demonstrate the ROI (Return on Investment) when it comes to IT security. One of the goals of the KIPS Online and KIPS Live games is to demonstrate to senior management officials that quick and coordinated action can help save IT security costs.

During the game, participants are tasked with operating an interactive cybersecurity facility, with the goal of maintaining the company’s financial health while managing cybersecurity challenges. These are based on real-life challenges that have afflicted Kaspersky customers, so this is as real world as it gets!

 

Trying Out KIPS For Yourselves

Unfortunately, you cannot just download and try the Kaspersky Initeractive Protection Simulation for yourselves, because it needs a short training session, followed by a debriefing session in which Kaspersky Lab (or its partner) will explain the facts behind that particular game scenario.

Companies that are interested to try either games should contact Kaspersky Lab and their resellers globally. Both KIPS Online and KIPS Live are part of the Kaspersky Lab family of Security Awareness Training services.

 

Suggested Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Kaspersky Global Transparency Initiative Explained!

The upcoming Trump-Putin summit aside, Kaspersky Lab is pushing forward with their Global Transparency Initiative. What is the Kaspersky Global Transparency Initiative? And how does it help guarantee that Kaspersky Lab products and services are safe to use?

We explain it all, with a little help from Stephan Neumeier and Oleg Abdurashitov from Kaspersky Lab!

 

The Kaspersky Global Transparency Initiative

The Kaspersky Global Transparency Initiative began in October 2017, as a way to allay fears that Kaspersky Lab products and services had backdoors built-in.

It was really an extension of Eugene Kaspersky’s offer to show Kaspersky Lab source codes to the US government.

July 2017 : Eugene Kaspersky Offers Source Codes To US Government

In response to the US government’s prohibition on the use of Kaspersky Lab products, Eugene Kaspersky offered to make Kaspersky Lab source codes available to the US government for inspection.

Oct. 2017 : Source Codes Available For Inspection

In the initial version, Kaspersky Lab offered to :

  • make their source codes available for independent review and evaluation,
  • conduct an independent assessment of their software development and supply chain,
  • establish three Transparency Centers in Asia, Europe and the US.
  • increase bug bounty awards to US$100,000

We immediately pointed out that it did not address a major concern of the US government – that data is still being routed through Russian Internet service providers that are subject to the Russian intelligence surveillance system called SORM (System of Operative-Investigative Measures).

Kaspersky Lab maintained that customer data sent to their Russian servers are encrypted, and they do not decrypt them for the Russian government. But it would be impossible for them to prove that to anyone’s satisfaction.

May 2018 : Core Operations Moves To Switzerland

Last month, Kaspersky Lab announced that they are establishing a data center in Zurich by the end of 2019. This facility will store and process all information for users in Europe, North America, Singapore, Australia, Japan and South Korea, with more countries to follow.

The Kaspersky Switzerland facility will :

  • store and process customer data of select countries outside of Russia
  • host Kaspersky’s software build conveyer that will assemble and digitally-sign the final executable files and updates
  • serve as the first Kaspersky Transparency Center.

In addition, Kaspersky will be arranging for a qualified and independent third-party to review and supervise the data storage, processing, software assembly and source codes at this Zurich facility.

The very act of moving their customer data out of Russia to a neutral country finally removes our main criticism of their initial transparency initiative. Now, no one has to worry about sensitive data being transmitted through the Russian SORM intelligence surveillance system.

 

The Kaspersky Global Transparency Initiative Going Forward

The establishment of the Swiss datacenter is merely another phase in the long process of “earning trust”, as Stephan Neumeier called it. Eventually, customer data from most countries outside of Russia will move to that datacenter.

By the end of 2018, all Kaspersky Lab products and threat detection rule databases (AV databases) will be assembled and signed with a digital signature in Switzerland, before being distributed to customers worldwide. All newly assembled software will also be verified by an independent organization, certifying that software builds and updates received by customers match the source code provided for audit.

The next step would be the establishment of two more Transparency Centers – one in Asia, and another one in North America. Singapore and Canada are probable favourites.

 

Perhaps A Backdoor Bounty?

We would suggest that perhaps Kaspersky Lab should establish an independent backdoor bounty program, separate from their current bug bounty.

A large sum of money could be placed in escrow, under an independent and competent third-party, which can freely investigate and reward security researchers who can successfully prove the existence of a backdoor in any Kaspersky product or service.

That would go a long way into shoring up trust of those who have neither the financial nor the technical capabilities to visit a Kaspersky Transparency Center and peruse millions of lines of code.

 

Suggested Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Moves Core Russian Operations To Switzerland!

In a move to allay fears of collusion with Russian authorities, Kaspersky Lab announced on 15 May 2018 that they will be moving a number of their core Russian operations to Switzerland. This would include their customer data storage and processing for most regions, as well as software assembly and threat detection updates.

To ensure full transparency and integrity, they are also arranging for this activity to be supervised by an independent third party, also based in Switzerland. Here are the full details!

 

 

Customer Data Storage & Processing

Kaspersky Lab will establish a data center in Zurich by the end of 2019. This facility will store and process all information for users in Europe, North America, Singapore, Australia, Japan and South Korea, with more countries to follow.

This information is stored and processed at this facility will be voluntarily shared by users of the Kaspersky Security Network (KSN) – a cloud-based system that automatically processes cyberthreat-related data. 

Relocation of software assembly

Kaspersky Lab will relocate to Zurich its ‘software build conveyer’ — a set of programming tools used to assemble ready to use software out of source code.

Before the end of 2018, Kaspersky Lab products and threat detection rule databases (AV databases) will start to be assembled and signed with a digital signature in Switzerland, before being distributed to the endpoints of customers worldwide.

The relocation will ensure that all newly assembled software can be verified by an independent organization and show that software builds and updates received by customers match the source code provided for audit.

[adrotate group=”1″]

First Kaspersky Lab Transparency Center

Kaspersky Lab first announced their Global Transparency Initiative in October 2017. One of their initiatives include the creation of three Kaspersky Transparency Centers – one each in Asia, Europe and the US.

The first Transparency Center will be in Switzerland, and is expected to open this year. It will allow organisations and governments to inspect and review the source code of Kaspersky Lab products and software updates in a secure facility.

Independent supervision and review

Kaspersky Lab is arranging for the data storage and processing, software assembly, and source code to be independently supervised by a third party qualified to conduct technical software reviews. They are also calling for the creation of a new, non-profit organization to take on this responsibility.

Don’t forget to read our interview with Eugene Kaspersky on his alleged ties with Russian President Vladimir Putin and the Kremlin.

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Chinese APT Teams Using PlugX Malware To Spy On Big Pharma!

March 15, 2018 – Kaspersky Lab’s researchers have discovered evidence of Chinese APT teams using the PlugX malware in attacks against the healthcare sector. The infamous PlugX malware has been detected in pharmaceutical organizations in Vietnam, aimed at stealing precious drug formulas and business information.

 

What Is PlugX?

The PlugX malware is a well-known remote access tool (RAT). It is usually spread via spear phishing and has previously been detected in targeted attacks against the military, government and political organizations.

The PlugX RAT allows attackers to perform various malicious operations on a system without the user’s permission or authorization, including – but not limited to – copying and modifying files, logging keystrokes, stealing passwords and capturing screenshots of user activity.

PlugX, as with other RATs, is used by cyber criminals to discreetly steal and collect sensitive or profitable information for malicious purposes.

 

PlugX In Attacks On Big Pharma

The PlugX RAT has been used by a number of Chinese-speaking cyber threat actors, including Deep Panda, NetTraveler or Winnti.

In 2013, it was discovered that Winnti – responsible for attacking companies in the online gaming industry – had been using PlugX since May 2012.

[adrotate group=”2″]

Interestingly, Winnti has also been present in attacks against pharmaceutical companies, where the aim has been to steal digital certificates from medical equipment and software manufacturers.

RAT usage in attacks against pharmaceutical organizations indicates that sophisticated APT actors are showing an increased interest in capitalizing on the healthcare sector.

Other key findings for 2017 in the research include:

  • More than 60% of medical organizations had malware on their servers or computers;
  • Philippines, Venezuela and Thailand topped the list of countries with attacked devices in medical organizations.

 

Stay Protected Against PlugX

In order to stay protected, Kaspersky Lab experts advise businesses to take the following measures:

  • Remove all nodes that process medical data from public and secure public web portals;
  • Automatically update installed software using patch management systems on all nodes, including servers.
  • Perform network segmentation: refrain from connecting expensive equipment to the main LAN of your organization
  • Use a proven corporate grade security solution in combination with anti-targeted attack technologies and threat intelligence, such as Kaspersky Threat Management and Defense solution. These are capable of spotting and catching advanced targeted attacks by analyzing network anomalies and giving cybersecurity teams full visibility over the network and response automation

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Reveals Security Flaws In Hanwha Techwin Smart Cameras

Kaspersky Lab researchers discovered multiple security vulnerabilities in popular smart cameras made by Hanwha Techwin that are frequently used as baby monitors, or for internal home and office security surveillance.

According to their research, the uncovered flaws could allow attackers to obtain remote access to video and audio feeds from the cameras, remotely disable these devices, execute arbitrary malicious code on them and do many other things.

 

Security Holes In Hanwha Techwin Smart Cameras

Modern smart cameras contain an advanced number of functions, providing users with various opportunities: people can use them as advanced baby monitors or for surveillance systems which spot intruders while no one is home or in the office.

But, are these cameras secure enough by design and what if such a smart camera started watching you, instead of watching your home? Previous analysis conducted by many other security researchers has shown that smart cameras in general tend to contain security vulnerabilities at different levels of severity.

In their latest research, Kaspersky Lab experts uncovered something extraordinary: not just one, but a whole range of smart cameras was found to be vulnerable to a number of severe remote attacks. This was due to an insecurely designed cloud-backbone system that was initially created to enable the owners of these cameras to remotely access video from their devices.

By exploiting these vulnerabilities, malicious users could execute the following attacks:

  • Access video and audio feeds from any camera connected to the vulnerable cloud service;
  • Remotely gain root access to a camera and use it as an entry-point for further attacks on other devices on both local and external networks.
  • Remotely upload and execute arbitrary malicious code on the cameras;
  • Steal personal information such as users’ social network accounts and information which is used to send users notifications.
  • Remotely “brick” vulnerable cameras.

Following the discovery, Kaspersky Lab researchers contacted and reported the vulnerabilities to Hanwha Techwin, the manufacturer of the affected cameras. At the time of publication, some vulnerabilities had already been fixed, and the remaining vulnerabilities are set to be completely fixed soon, according to the manufacturer.

 

Thousands Of Hanwha Techwin Cameras Are Accessible Online

All these attacks were possible because experts found that the way the cameras interacted with the cloud service was insecure and open to relatively easy interference. They also found that the architecture of the cloud service itself was vulnerable to external interference.

\It is important to note that such attacks were only possible if attackers knew the serial number of the camera. However, the way in which serial numbers are generated is relatively easy to find out through simple brute-force attacks: the camera registering system didn’t have brute force protection.

[adrotate group=”2″]

While doing their research, Kaspersky Lab experts were able to identify almost 2,000 vulnerable cameras working online, but these were only the cameras that had their own IP address, hence were directly available through the internet. The real number of vulnerable devices placed behind routers and firewalls could actually be several times higher.

In addition, researchers found an undocumented functionality, which could be used by the manufacturer for final production test purposes. However, at the same time criminals could use this hidden avenue to send wrong signals to any camera or change a command already sent to it.

Besides that, the feature itself was found to be vulnerable. It could be further exploited with a buffer overflow, potentially leading to the camera’s shutdown. The vendor has now fixed the issue and removed this feature.

 

Hanwha Techwin Official Statement

The security of our customers is the highest priority for us. We have already fixed the camera’s vulnerabilities, including the Remote Upload and Execution of arbitrary malicious code. We have released updated firmware available to all our users. Some vulnerabilities related to the cloud have been recognized and will be fixed soon.

 

Kaspersky Lab’s Recommendations 

In order to stay protected, Kaspersky Lab strongly advises users to do the following:

  • Always change the default password. Use a complex one instead and do not forget to update it regularly.
  • Pay close attention to security issues of connected devices before purchasing yet another smart device for homes or offices. Information on discovered and patched vulnerabilities is usually available online and is often easy to find.

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Lunar New Year Online Shopping Tips From Kaspersky

Every festive season turns into a shopping frenzy, and the action has moved increasingly online. With the convenience of online payment and in-app purchases, with delivery to your door, comes the very real risk of cybercrime, with you as the target. So here are some online shopping tips from Kaspersky!

Everyone loves a great deal during the Lunar New Year, and throughout the year. For cyber criminals, your frenzied shopping to get all the items you need delivered before the festivities begin is a prime opportunity. This is because in the euphoria and adrenaline rush of shopping, you will be more likely to make basic mistakes that can expose your personal data.

General Manager for Kaspersky Lab Southeast Asia, Sylvia Ng explained that the brand understands festive season shopping is a priority for consumers but reminds that it is also a prime opportunity for cyber criminals.

“Get your shopping done safely. Sipping on an espresso at a local coffee house and doing your Internet shopping does seems convenient. However, you open yourself up to criminal activity by doing so. Public Wi-Fi networks are often less secure than private ones, and you risk the possibility of logging onto a phantom network instead of the real one, opening you up to potential identity theft”.

Everyone needs to be wary of public Wi-Fi when using your smartphones and tablets. If you have to do your shopping on any Wi-Fi network, you first need to ensure that it is secure and a network you can trust. Cyber criminals know consumers are more likely to visit sites with login accounts or financial information during busy shopping times.

They can easily monitor all the information sent across public Wi-Fi networks, which can include your bank account or credit card number. Is that deal really so attractive that you are willing to put your online identity and finances at risk? Probably not.

Lunar New Year Online Shopping Tips

This year, don’t let your last minute shopping frenzy lead you down a path of bad security decisions. Here are some common mistakes, and how you can avoid them.

  • Check that you are using the authentic website of your bank or payment system – this should be obvious, but it is a common mistake that can be very costly!
  • Pay attention to the https prefix, which indicates an encrypted connection – makes a world of difference.
  • Check the spelling of the website – a misspelled address is an obvious sign of a fake phishing page.
  • Use that virtual keyboards to protect your password from being intercepted by key loggers.

Also, consider the following when shopping online:

Avoid ransomware — don’t open email attachments from unknown shopping sites, and always back up your files.

Be aware of phishing links — don’t click on unexpected links sent via email, SMS, or messengers.

[adrotate group=”2″]

Create strong passwords — combine letters, number and special characters to make them harder to hack.

Shop at safe sites — browse reviews before trusting online shopping sites with your credit card info.

Avoid shopping on public Wi-Fi — criminals love to snoop for your credentials in unsecured wireless networks.

Turn off Bluetooth, connect via cellular — these simple steps will make your smartphone connection much more secure.

Deny suspicious freeware — these ‘gifts’ might include adware or something even worse.

Avoid forged shipping confirmation emails — it could be a phishers’ bait for a quick click.

“These tips that we share are culled from real-life experiences of people. So, before you click on any deal, make sure that you are going to trusted sites. If you find a deal that seems too good to be true, it probably is,” added Sylvia Ng.

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky : The Password Dilemma & Solution Revealed!

Today we log into online accounts all the time. But what if suddenly you can’t log into the account you need, when you need it? What if you get the dreaded ‘password error’ message? Do you end up not being able to get home in time, or going out without a coat in the rain?

With the reality sometimes being much more serious than that, Kaspersky Lab research has revealed the dilemma people face when protecting their online accounts.

 

The Password Dilemma & Solution Revealed!

With our increasing dependency on online accounts to get us through our day-to-day lives, Kaspersky Lab has found that people are increasingly facing a dilemma – how to choose their passwords.

Some end up using strong and different passwords for every single account so that nothing can be hacked or exploited, but risk forgetting their passwords in the process. Others choose memorable passwords that make their lives easier, but also play right into cybercriminal hands.

Option #1 – Strong Passwords That Are Hard To Remember

According to Kaspersky’s research, many consumers understand the need for strong passwords on their accounts. When asked which three of their online accounts required the strongest passwords, 63% of consumers selected online banking accounts, 42% selected payment applications including e-wallets, and 41% online shopping.

However, the difficulty of remembering all these strong passwords means people are likely to forget them and still get locked out of their accounts. Two-in-five (38%) people cannot quickly restore passwords to their personal online accounts after losing them. This may lead to feelings of frustration or stress if they can’t carry on their normal activities as a result.

When it comes to password storage, half (51%) store passwords insecurely, with a quarter (23%) writing them in a notepad so that they don’t have to remember them, which also puts their security at risk.

 

Option #2 – Weak Passwords That Are Easy To Crack

[adrotate group=”2″]

As an alternative answer to the password dilemma, and to avoid the frustration of having to remember long passwords, some people are developing other insecure password habits instead. For example, 10% use just one password for all accounts, allowing them to live their online lives seamlessly, without ever struggling to remember how to login to anything. That’s until a cybercriminal gets hold of that one key password and unlocks everything for themselves, of course.

Indeed, 17% of the consumers surveyed by Kaspersky Lab have faced the threat of, or have successfully had, an online account hacked in the past 12 months. Emails are the most targeted accounts (41%), closely followed by social media (37%), banking accounts (18%) and shopping accounts (18%).

 

There Is A Third Option After All

According to Kaspersky Lab, consumers don’t have to be limited to just two options in answering their password dilemmas. There is in fact no need for them to compromise, as Andrei Mochola, Head of Consumer Business at Kaspersky Lab explains,

“If people have strong passwords that they can remember, they will not only be able to access everything they need, whenever they need it, but the information held in their accounts will also be secure from hackers. This is important to consumers that just want to get on with their day-to-day lives in safety – allowing them to, for example, find someone’s contact information, recall a specific meeting place, win the war in their favorite game, check their emails, or order something they need when they want, without revealing their information to any hackers or criminals.

“But remembering secure passwords is difficult, meaning users face a password dilemma every day – and often either forget strong passwords or end up creating passwords that are easy to remember but also easy to hack. However, there is a third option which can bring consumers peace of mind – using a password manager solution allows people to have strong passwords, without having to write them down in notepads or remember complicated strings of words with special characters”.

To help consumers regain control over their sprawling online identities, Kaspersky Password Manager stores all of a user’s passwords in a secure vault. They only need to remember one master password in order to access all of their accounts, taking away the panic felt when access is prevented for whatever reason.

Through a free My Kaspersky account, users can access their passwords via any device, no matter where they are or what time of day, helping them keep accounts and valuable information secure and only available to the user. The automatic password generator feature also helps create strong passwords, taking away the pain for users but giving hackers a big headache.

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Lab Protection For Household 2.0 Revealed!

Kaspersky Lab is not letting their woes with the US Department of Homeland Security detract them from their core business of protecting consumers against cyberthreats. That was the message they conveyed when they presented the Kaspersky Lab protection options for Household 2.0.

 

Household 2.0

The modern home has changed. In the new era of Household 2.0 which consists of 2.4 people and 0.3 pets, there is an average of 6.3 connected devices per house! Yet, the Kaspersky Cybersecurity Index found that 39% of people are leaving their devices unprotected from cyberthreats like hacking, malware, financial fraud and more.

To protect these connected devices that play such a prominent role in Household 2.0, Kaspersky Lab is introducing updated versions of Kaspersky Internet Security and Kaspersky Total Security.

 

Kaspersky Lab Protection For Household 2.0

The updated Kaspersky Internet Security and Kaspersky Total Security come with anti-phishing technology to prevent users from falling victim to fake or spam emails, fake websites and fraud.

In addition, the updated URL Advisor tells a user whether a link in the search engine leads to a trusted, suspicious, dangerous or phishing website, or a website that may cause their computer harm, via a special indicator close to each link.

Many people are also worried about ransomware and the loss of their digital memories. To give them peace of mind, the new Kaspersky Internet Security and Kaspersky Total Security have updated anti-ransomware features.

Protecting your mobile devices is the new App Lock feature for Android. You can now protect specific apps like instant messaging services, social media or email accounts with a secret code. You can also use the Kaspersky Secure Connection service to encrypt your network traffic whenever you use a public or insecure Wi-Fi network.

Children are also increasingly connected to the Internet. To protect them, parents can use Kaspersky Safe Kids parental controls in Kaspersky Total Security to set time limits, restrict applications and prevent access to pages with adult content, obscene language or information on drugs and weapons.

 

The 2018 Kaspersky Lab Product Price List

Products One Device Three Devices Five Devices
Kaspersky Total Security RM 109 / ~US$ 27 RM 199 / ~US$ 49 NA
Kaspersky Internet Security RM 100 / ~US$ 24 RM 179 / ~US$ 44 RM 249 / ~US$ 68
Kaspersky Anti-Virus RM 39.90 / ~US$ 9.70 RM 119 / ~US$ 29 RM 199 / ~US$ 49

Here are some Amazon purchase links :

 

The Kaspersky Think Security Campaign

In conjunction with the announcement of the new Kaspersky Lab protection fo household 2.0, Techlane Resources, the Kaspersky Lab distributor in Malaysia, announced the Kaspersky Think Security Campaign.

You can now purchase Kaspersky Internet Security 3 Devices 1 Year at RM 179 / US$ 44 and get the following Kaspersky products absolutely FREE :

[adrotate group=”2″]
  • Kaspersky Internet Security 1 Device 1 Year,
  • Kaspersky Internet Security for Mac 1 Year, and
  • Kaspersky Internet Security for Android 1 Device 1 Year

You can also purchase Kaspersky Anti-virus 1 Device 1 Year at RM39.90 / ~US$ 9.70 and get the following Kaspersky products absolutely FREE :

  • Kaspersky Anti-Virus 1 Device 1 Year,
  • Kaspersky Internet Security for Mac 1 Year, and
  • Kaspersky Internet Security for Android 1 Device 1 Year

Go Back To > Events | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Lab Challenges DHS Ban Of Kaspersky Products

December 19, 2017 – Kaspersky Lab is challenging the DHS ban of the use of its products in federal agencies. In a statement issued today, Kaspersky Lab announced that it is seeking an appeal in federal court of U.S. Department of Homeland Security’s (DHS) decision on Binding Operational Directive 17-01 banning the use of the company’s products in federal agencies.  

 

Kaspersky Lab Challenges DHS Ban Of Kaspersky Products

Kaspersky Lab has filed an appeal under the Administrative Procedure Act to enforce its constitutional due process rights and challenge the DHS ban on the use of the company’s products and solutions by U.S. government agencies.

The company asserts that the DHS’s decision is unconstitutional and relied on subjective, non-technical public sources such as uncorroborated and often anonymously sourced media reports, related claims, and rumours.

Furthermore, Kaspersky Lab claims that the DHS failed to provide the company adequate due process to rebut the unsubstantiated allegations underlying the Directive and has not provided any evidence of wrongdoing.

Kaspersky Lab reached out to DHS in mid-July, offering to provide any information or assistance concerning the company, its operations, or its products. In mid-August, DHS confirmed receipt of the company’s letter, appreciating the offer to provide information and expressing interest in future communications with Kaspersky Lab regarding the matter.

However, the next communication from DHS to Kaspersky Lab was notification regarding the issuance of Binding Operational Directive 17-01 on September 13, 2017.

The DHS ban on the use of Kaspersky products in federal agencies damaged Kaspersky Lab’s reputation and its sales in the U.S. In filing this appeal, Kaspersky Lab hopes to protect its due process rights under the U.S. Constitution and federal law and repair the harm caused to its commercial operations, its U.S.-based employees, and its U.S.-based business partners.

“Because Kaspersky Lab has not been provided a fair opportunity in regards to the allegations and no technical evidence has been produced to validate DHS’s actions, it is in the company’s interests to defend itself in this matter. Regardless of the DHS decision, we will continue to do what really matters: make the world safer from cybercrime,” said Eugene Kaspersky, CEO of Kaspersky Lab.

 

The Kaspersky Global Transparency Initiative

On 23 October 2017, Kaspersky Lab launched its Global Transparency Initiative. This Initiative will include :

[adrotate group=”2″]
  • an independent review of the company’s source code, software updates and threat detection rules;
  • an independent review of internal processes to verify the integrity of the company’s solutions and processes;
  • three transparency centers by 2020, in Asia, Europe and the U.S.; and
  • increased bug bounty rewards up to $100k per discovered vulnerability in Kaspersky Lab products.

You can read more about this initiative in our article – How Kaspersky Lab Plans To Counter Alleged Ties To Russian Intelligence.

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Lab Reveals Mokes Backdoor In NSA Leak

Kaspersky Lab just issued an update on their internal investigation into the alleged downloading of NSA hacking tools by Russian hackers, and their own team. Their update provides new insights into the hack, including their new findings on the Mokes backdoor used to gain access to the infected computer.

 

What’s Going On With Kaspersky Lab?

Kaspersky Lab can’t seem to get ahead of the bad publicity over the alleged downloading of NSA hacking tools from an NSA employee’s home computer. After the incident was first reported in the Wall Street Journal,  Kaspersky Lab launched an internal investigation.

They have also recently announced their Global Transparency Initiative to combat the perception that they are helping the Russian government attack Western interests.

Read : Eugene Kaspersky On The Cyberspace Survival Guide

 

Kaspersky Lab’s Initial Findings

Kaspersky Labs published these initial findings on 25 October :

  • On September 11, 2014, a Kaspersky Lab product installed on the computer of a U.S.-based user reported an infection of what appeared to be variants of malware used by the Equation APT group– a sophisticated cyber threat actor whose activity had already been under active investigation since March 2014.
  • Sometime after this, the user seems to have downloaded and installed pirated software on their machine, specifically a Microsoft Office ISO file and an illegal Microsoft Office 2013 activation tool (aka “keygen”).
  • To install the pirate copy of Office 2013, the user appears to have disabled the Kaspersky Lab product on their computer, because executing the illegal activator tool would not have been possible with the antivirus enabled.
  • The illegal activation tool contained within the Office ISO was infected with malware. The user was infected with this malware for an unspecified period while the Kaspersky Lab product was inactive. The malware consisted of a full-blown backdoor which could have allowed other third-parties to access the user’s machine.
  • When re-enabled, the Kaspersky Lab product detected the malware with the verdict Backdoor.Win32.Mokes.hvl and blocked this malware from calling out to a known command and control server. The first detection of the malicious setup program was on October 4, 2014.
  • In addition, the antivirus product also detected new and previously known variants of Equation APT malware.
  • One of the files detected by the product as new variants of Equation APT malware was a 7zip archive which was sent back, in accordance to the end-user and KSN license agreements, to the Kaspersky Virus Lab for further analysis.
  • Upon analysis, it was discovered that the archive contained a multitude of files, including known and unknown tools of Equation group, source code, as well as classified documents. The analyst reported the incident to the CEO. Following a request from the CEO, the archive itself, source code, and any apparently classified data were deleted within days from the company’s systems. However, files that are legitimate malware binaries currently remain in Kaspersky Lab storage. The archive was not shared with any third-parties.
  • The reason Kaspersky Lab deleted those files and will delete similar ones in the future is two-fold: first, it needs only malware binaries to improve protection and, secondly, it has concerns regarding the handling of potentially classified material.
  • Because of this incident, a new policy was created for all malware analysts: they are now required to delete any potentially classified material that has been accidentally collected during anti-malware research.
  • The investigation did not reveal any other similar incidents in 2015, 2016 or 2017.
  • To date, no other third-party intrusion aside from Duqu 2.0 has been detected in Kaspersky Lab’s networks.

 

The Mokes Backdoor & Other New Findings

Kaspersky Lab continued their investigation, issuing a new report that confirmed their initial findings above. It also provided additional insight into the analysis of the telemetry of suspicious activities registered on that NSA employee’s computer that was sent to their servers.

One of the major discoveries was the detection of the Mokes backdoor in that NSA employee’s computer. The Mokes backdoor is a malware that allows the hacker to remotely access the computer.

Curious Mokes backdoor background

It is publicly known that the Mokes backdoor (also known as “Smoke Bot” or “Smoke Loader”) appeared on Russian underground forums as it was made available for purchase in 2014. Kaspersky Lab research shows that, during the period of September to November 2014, the command and control servers of this malware were registered to presumably a Chinese entity going by the name “Zhou Lou”.

[adrotate group=”2″]

Moreover, deeper analysis of Kaspersky Lab telemetry showed that the Mokes backdoor may not have been the only malware infecting the PC in question at the time of the incident as other illegal activation tools and keygens were detected on the same machine.

More non-Equation malware

Over a period of two months, the product reported alarms on 121 items of non-Equation malware: backdoors, exploits, Trojans and AdWare. All of these alerts, combined with the limited amount of available telemetry, means that while Kaspersky Lab can confirm that their product spotted the threats, it is impossible to determine if they were executing during the period the product was disabled.

 

Kaspersky Lab’s Conclusions

Their current investigations conclude thus far that :

  • The Kaspersky Lab software performed as expected and notified our analysts of alerts on signatures written to detect Equation APT group malware that was already under investigation for six months. All of this in accordance with the description of the declared product functionality, scenarios, and legal documents which the user agreed to prior to the installation of the software.
  • What is believed to be potentially classified information was pulled back because it was contained within an archive that fired on an Equation-specific APT malware signature.
  • Beside malware, the archive also contained what appeared to be source code for Equation APT malware and four Word documents bearing classification markings. Kaspersky Lab doesn’t possess information on the content of the documents as they were deleted within days.
  • Kaspersky Lab cannot assess whether the data was “handled appropriately” (according to U.S. Government norms) since our analysts have not been trained on handling U.S. classified information, nor are they under any legal obligation to do so. The information was not shared with any third party.
  • Contrary to multiple media publications, no evidence has been found that Kaspersky Lab researchers have ever tried to issue “silent” signatures aimed at searching for documents with words like “top secret” and “classified” and other similar words.
  • The Mokes backdoor infection and potential infections of other non-Equation malware point to the possibility that user data could have been leaked to an unknown number of third-parties as a result of remote access to the computer.

Go Back To > Articles | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!