In this post, we go through a thorough checklist based on our recommendations for how to prepare and what to do with your child’s first gadget, which were developed by Kaspersky in collaboration with Dr. Saliha Afridi, clinical psychologist. To make this challenge easier for you, we’ve included a link to download the handbook in PDF format at the end of this post.

What should I do before give a gadget to my kid?

  1. Create a child account
  2. Disable in-app purchases
  3. Install essential apps
  4. Adjust app privacy
  5. Use a digital parenting app (like Kaspersky Safe Kids)
  6. Set age-appropriate filters
  7. Block unknown calls

How do I introduce a new gadget to my child?

  1. Establish family rules and good tech-habits
  2. Create tech-free zones and times
  3. Promote non-tech activities
  4. Limit your kid’s phone usage during:
    • meals
    • bedtime
    • family gatherings and outings
    • homework and studying
    • hosting social gatherings
    • engaging in outdoor activities
    • morning routines

What online safety rules should my child know?

  1. Set clear ground rules about what they can and can’t do online
  2. Teach them privacy basics and tell them about the risks of oversharing
  3. Emphasize that they should never share personal info or login details
  4. Advise children to use non-personal usernames

What are the main online risks I should tell my kid about?

  1. Watch out for phishing scams
  2. Avoid unauthorized game downloads
  3. Ignore intrusive ads and surveys
  4. Exercise caution regarding links and email attachments
  5. Seek help if uncomfortable or suspicious regarding something online
  6. Use unique passwords, and consider Kaspersky Password Manager  for security

How do I help my children avoid online strangers?

  1. Telling them to say no to unknown friend requests
  2. Telling them to become suspicious if someone asks personal questions
  3. Maintaining open communication about your kids’ online activities

What online gaming safety advice should I give?

  1. Play with friends you know
  2. Enable a “gaming mode” for safety
  3. Download games only from trusted stores
  4. Ignore chat-room links
  5. Never share passwords – even with friends

My kid is being bullied on the Internet. What should I do?

  1. Listen to them without interrupting
  2. Make them feel both safe and understood
  3. Take screenshots of harmful content
  4. Discourage retaliation
  5. Update privacy settings, change passwords, block or report the bully
  6. Report to the school
  7. Consider professional help for stress-related signs

My kid is bullying others online. What should I do?

  1. Stay calm, gather evidence, and understand the context
  2. Get your child’s side of the story
  3. Help them see the impact on others
  4. Encourage an apology to the victim
  5. Without being overly invasive, consider using digital parenting apps
  6. Promote responsible online behavior
  7. Seek professional help if necessary

What questions should I ask my child to ensure their online experience is safe?

  1. What’s interesting online today?
  2. Anything confusing encountered?
  3. Do you chat or game with strangers?
  4. How do you choose what to share?
  5. Have you ever felt uncomfortable online?
  6. Are there any new apps or websites you enjoy?
  7. Do you know how to handle inappropriate messages?
  8. Have you ever seen someone being unkind online? How did you react?

How do I monitor my kids online without invading their privacy?

  1. Talk about their online experience
  2. Engage in their online activities together
  3. Use safety-focused parenting apps
  4. Explain why certain controls are needed
  5. Shift from monitoring to mentoring
  6. Stay updated on digital trends and share insights

What are signs of a negative impact of devices on my kids?

  1. Lower grades
  2. Less physical and social activity
  3. Eye strain, poor sleep, bad posture
  4. More irritability, withdrawal
  5. Neglecting hobbies, responsibilities
  6. Anxiety, depression, low self-esteem
  7. Shorter attention span, memory issues

We’ve explored the crucial steps for empowering both you and your child in the digital realm. For your convenience, download our PDF handbook — a practical resource to help you navigate your child’s tech journey with confidence.

#Preparing #childs #gadget #comprehensive #checklist

Sooner or later (most) parents inevitably get round to buying their kids their own electronic device. According to Kaspersky’s research, 61 percent of children get their first device between the ages of eight and 12, and, perhaps surprisingly, in 11 percent of cases, they’re given their own cellphone or tablet before they turn five. It’s essential for parents to know the guidelines for introducing a device into their kids’ lives for the first time.

Together with clinical psychologist Dr. Saliha Afridi, Kaspersky is presenting cybersecurity and psychological considerations that parents would do well to be aware of before giving their kids their very first tech gadgets.

What to do before giving a gadget to a child?

Set up a Child Account before giving your offspring their first gadget. Whether it’s a phone or a tablet, it’s crucial to ensure the age-appropriateness and safety of the gadget. Even if it’s a brand-new gift, prioritize setting up this feature. A Child Account acts as a safeguard on the device, preventing things like downloads of mature content or songs with explicit content. For detailed guidance on creating a kid’s account, refer to our guide for Android or the one for iOS.

Install all the basic applications that support either communication or geo-location (like messenger and map apps), plus learning applications. And don’t forget to set up the privacy and confidentiality settings in each of the installed applications, so that the child, for example, isn’t discoverable via their phone number by unknown individuals. Tools like Privacy Checker can assist you in tailoring the optimal protection settings for various devices and platforms.

Remember to install a digital parenting app as well. This will empower you to curate content, monitor the amount of time your kid spends on specific apps (and set limits if needed), and track their current location.

How to introduce a new device into a child’s life?

Walk them through the device’s functionalities as well as the potential dangers when gifting them a new gadget. This is an opportune moment to explore its features and understand its potential pitfalls.

Craft a set of family usage rules together. In this conversation, it’s important to foster an understanding and consensus about the responsibilities and expectations tied to device ownership. To ensure a healthy balance, establish tech-free zones and times — perhaps during dinner or the hours leading up to bedtime. Designate moments for non-tech hobbies like reading, outdoor games, or puzzles, which can act as beneficial alternatives to screen time. Periodically revisiting and refining these rules as your kid grows and technology advances is key.

And remember — unless a kid shows a healthy level of engagement with real-life activities and in-person socializing, don’t introduce a smartphone or social media. One way they can earn a device is by showing that they’re capable of doing the “non-negotiables” regularly and consistently. These include sleep, exercise, homework, socializing, eating healthily, and wakeful resting periods.

How to talk to a child about online safety?

Encourage open communication from the outset. Engage junior in conversations about their online experiences — ensuring they feel safe to share both the good and the bad experiences.

Stay up to date with the latest digital trends and threats as well as high-profile cyberbullying or data breaches. Share this information with your child in a way they understand. You can learn the latest cybersecurity news via our blog.

Bring up the permanence of online actions. This includes how things shared online stay there forever and can affect their reputation and future opportunities. Kids should be especially careful about information they share about themselves: never giving out their address, geolocation or login credentials and passwords. Additionally, they should avoid using their real names as user IDs, as these can be potential clues for attackers to discover their other social media accounts. Help them understand the concept of privacy and the potential risks of sharing too much information.

Teach your kid that accepting friend requests from unfamiliar individuals in real life should be avoided. It’s crucial to explain that if someone they don’t know is persistently trying to find out personal information about them or their parents, it’s a cause for concern. Your child shouldn’t feel they’re being rude or impolite if they don’t respond to a request for friendship. In social networks, just like in life, there needs to be privacy.

By having such conversations and educating your children about online risks in a non-confrontational manner, you raise your kids being more likely to approach you when they encounter something questionable online. You should make sure they maintain a stance of curiosity — not judgment or fear. Your reactions will determine how open they feel about sharing in the future.

And a digital parenting app serves here as a valuable tool to enable you to monitor your kids’ online searches and activity, ensuring a safer online experience.

What are the main risks I should tell my child about?

In our digital age, kids are vulnerable to cybercriminals, often because they’re unfamiliar with essential cybersecurity principles and common scam tactics. It’s our duty as guardians to educate them on these matters before they inadvertently fall prey to them.

For instance, guide your kid in identifying deceptive commercials, bogus survey requests, counterfeit lotteries, and other schemes that can jeopardize their personal data. Help them grasp the reality that, while it might be tempting to download a Barbie movie ahead of its official release, offers like these could be ploys by cybercriminals aimed at pilfering data or even siphoning money from their parents’ cards. A reliable security solution can detect and block any phishing websites or any malicious software.

Instill in your child the habit of being critical and cautious when online. Teach them to pause before clicking when it comes to dubious links, unfamiliar email attachments, or messages from unknown entities. Discuss the appropriate permissions apps should have on their devices. For example, there’s no valid reason for a Calculator app to request geolocation access.

Make conversations about cybersecurity more enjoyable and interesting by discussing the topic through games and other entertaining formats. Most importantly, instill confidence in them to approach a trusted adult when faced with unsettling or suspicious situations online.

How to check that you’re prepared?

Once a gadget appears, your family’s life will inevitably undergo a transformation, as your kid will be drawn into the realm of the internet. Rather than forbidding it, it’s advisable to guide them on proper online behavior — if used correctly, a gadget can really help kids learn and grow. However, this can only happen if they know when and how to alert their parents about any online threats they come across – whether they’re receiving strange messages from adults, requests for personal information, or stumbling upon phishing sites.

Learning, however, is a gradual process, and it doesn’t guarantee perfection from the start. Mistakes will naturally occur, such as your kid accidentally downloading malware or engaging with suspicious individuals or struggling with screen time management. Nonetheless, your role as a parent is to provide support and assistance in their learning process. Only this way can you help your child be safe online.

To get ready for the challenge, we suggest taking a peek at our complete handbook for parents about getting your kid’s first gadget.

#Preparing #childs #gadget

We’ve published many posts on the security and privacy benefits of setting up a VPN on your computer, your smartphone, or even your entire home network. But there are lesser-known advantages that come to the fore if your VPN is super speedy. Want to know about them? Then let’s get started!

1. Watch foreign sports or TV shows

A familiar situation for many sports fans: having moved abroad or simply gone on vacation, you find to your annoyance that your beloved football/soccer/baseball/cricket/rugby… team’s games aren’t broadcast on TV there. The same catastrophe befalls fans of domestic TV shows that aren’t popular abroad. This issue may be solved if you can subscribe to digital broadcasts of whatever matches or shows you like in your hometown, but in other regions that service is likely to be blocked. However, the good news is that Kaspersky Secure Connection lets you watch what you paid for — wherever you are. To do this, when away, you need to select a VPN server in your home country and connect to it. That way you’ll be assigned a “native” IP address that will virtually teleport you home. You just need to make sure that both your local internet connection and VPN are up to it speed-wise. For fast VPN secrets, see the end of this post.

2. Bypass bandwidth throttling

In mobile networks, public places, and sometimes even home connections, ISPs limit communication speed, which is known as bandwidth throttling. You may notice this when visiting sites with videos or downloading large files: your internet runs much slower. This allows ISPs to save bandwidth and reduce the load on the network, but it also restricts your rights. Thanks to Kaspersky Secure Connection, which encrypts your traffic, providers and other third parties can’t see exactly what you do online or what sites you visit, and so they cannot throttle your bandwidth – however, if your ISP slows down all activities for all subscribers (blanket throttling), there’s no escape.

3. Play in the region of preference

Servers of many multiplayer games are distributed all over the world. Connecting from a certain region, you will play on the nearest server. This is done to minimize lag for all players, unite players from the same time zone, and lessen the language barrier in game chats. But this approach can cause issues too: for example, you might play at an “unsociable” hour, which means few suitable gaming partners on the nearest servers, or your team has settled on a very specific game server. Going online through Kaspersky Secure Connection in the desired region guarantees a connection to the best server for your needs. Of course, VPN speed is critical here to ensure low lag and fast data exchange, so slow VPNs and VPN protocols are a big no-no for gamers — which is why we especially recommend that gamers use our VPN, recognized for high speeds in independent tests.

On game consoles, setting up a VPN can be tricky, so console owners find it easier to set up VPN directly on the router — more on this at the end of the post.

4. Sidestep price policies

In many stores and service organizations, the price for the same goods and services differs significantly from country to country due to variances in pricing policies or simply different sales schedules. At the time of posting, Black Friday and Singles’ Day (11.11) are on the horizon, to name just a couple of shop fests. You can cash in on seasonal offers and save money by connecting to a VPN server in the desired country and thus changing your IP address. That done, logging into the regional versions of online stores, you’ll see local promotions and enjoy the best discounts.

To take full advantage of this, your VPN service should offer a wide variety of servers in different countries. For example, our VPN has more than a hundred of these, including in such exotic locations as Bangladesh, Liechtenstein, and Malaysia. With such a wide selection, finding the right server in the list can be tough, which is why the latest version of Kaspersky Secure Connection lets you add servers to a Favorites tab and quickly select the one you need.

5. Shop with peace of mind

Public networks — be it Wi-Fi at an airport, hotel, cafe, train, or bus — pose a number of risks to your devices. Among them are: third-party ads on websites; data harvesting of your online activities; the already mentioned slowdown when watching videos; and potential interception of payment information and passwords. It’s a real stinger to pay for extra baggage or window seats on your phone, only to see unexpected debits from your account after landing, right?

Over an encrypted VPN channel, none of that can happen. Nearby cybercriminals, cafe owners, and unscrupulous Wi-Fi providers can neither see nor intercept your online activity.

What’s more, our VPN can be configured to automatically turn the VPN on when connecting to unprotected Wi-Fi networks, plus you can customize the VPN settings for each Wi-Fi access point saved on your device individually. This makes it easy to configure which Wi-Fi networks need VPN protection, keeping you safe at all times.

And one other thing: if the VPN connection drops, Kaspersky VPN can automatically block all your network traffic until reconnection, ensuring your data doesn’t leak to an unsecured network.

6. Open geo-blocked websites

For both legal and security reasons, some sites choose to shut out connections from other countries. For example, many online stores aren’t accessible in countries they don’t ship goods to. The same goes for many municipal or government services provided online — access from abroad isn’t possible. If you need to use such sites, you need to point your VPN to a server in the respective country.

7. Open websites despite blocking

The opposite scenario to geo-blocking is when you arrive in a country where, say, Google or Instagram is blocked. By connecting to a VPN server in another country, you can continue to use your usual accounts and services.

Geo-blocking often creates the nuisance of having to constantly turn your VPN on and off to access certain sites or use certain apps. Kaspersky Secure Connection comes in handy here, too. By configuring rules for Smart Protection (on Android only) and Split Tunneling (on Android, Windows and macOS), you can forget about the need to keep toggling the VPN: it will activate automatically for selected apps, sites, or site categories (such as payment systems, banking sites, or online stores) or bypass VPN for apps added to the exceptions list.

What makes Kaspersky VPN the fastest?

Gaming, watching videos, downloading large files, and even conference calling all require a lightning-quick VPN connection with minimal latency and high data-transfer rates. Besides a fast enough internet connection, this requires three other jigsaw pieces: a high-performance VPN server with a strong communication channel; a sufficiently powerful client (your phone, computer, or router); and an optimized communication protocol between these two pieces.

To make our VPN the undisputed speed champion (it outperformed all six of the other VPNs in an independent test), we use the fastest servers (10 Gbps) and connect to them over the most powerful protocols: Catapult Hydra and WireGuard. According to our internal tests, Catapult Hydra is five to seven times faster than the common OpenVPN protocol in terms of connection speed and ensures exceptional privacy protection without data leaks.

Where and how to use VPN?

You can install a VPN on your smartphone, computer, tablet, and sometimes even your TV or game console. Most routers also support a VPN connection, giving you the benefits of a VPN across your entire home network all at once. Which of these scenarios is better?

For travel and business trips, setting up a VPN on your phone and laptop is a priority. If gaming or online bargain hunting is your thing, it’s best to install a VPN on your Windows or Mac computer.

For TVs, game consoles, and simultaneous VPN use on multiple devices, the encrypted channel is best deployed directly on the router. Our VPN supports the ability to connect routers using the WireGuard and OpenVPN protocols: the former delivers maximum speed even on relatively weak router models; the latter provides maximum compatibility even with older models. Simply go to the VPN section on the My Kaspersky portal, and under VPN for routers, create a configuration file by selecting the protocol and server in the desired country. Then upload it to your router’s control panel — and every device in your home network will automatically enjoy all the benefits of VPN.

Where to find the best VPN deal?

You can get Kaspersky Secure Connection either as a standalone product or as part of a Kaspersky Plus or Kaspersky Premium subscription. Besides super-fast VPN, your subscription comes with full protection for all devices — both computers and smartphones.

Fine print

Some countries prohibit the use of VPN as a technology, while others ban specific VPN usage. In addition, the license agreements of various online services explicitly prohibit the use of VPNs to bypass their regional restrictions. You should research the legal position in your specific case before opting for a VPN.

#increase #VPN #speed #fast #VPN

At the international Security Analyst Summit conference, our Kaspersky Global Research and Analysis Team (GReAT) experts presented some extremely exciting research. We will not repeat each of them in detail, just briefly outline the most interesting facts.

StripedFly spyware platform

Almost a detective story about a malware that previously was detected as a regular Monero cryptocurrency miner, but in fact was a cover for a complex modular threat capable of infecting computers running both Windows and Linux. Various StripedFly modules can steal information from a computer, take screenshots, record audio from a microphone, and intercept Wi-Fi passwords. However, it is useful not only for spying — it also got modules that can function as ransomware and for cryptocurrency mining.

What is interesting is that the threat can spread using the EthernalBlue exploit, although that vector was patched back in 2017. In addition, StripedFly can use stolen keys and passwords to infect Linux and Windows systems with an SSH server running. A detailed study with indicators of compromise can be found on the Securelist blog.

Operation Triangulation details

Another Security Analyst Summit report was dedicated to ongoing research into the Operation Triangulation, which among other things, targeted our employees. A detailed analysis of the threat allowed our experts to detect five vulnerabilities in the iOS system used by this threat actor. Four of them  (CVE-2023-32434, CVE-2023-32435, CVE-2023-38606 and CVE-2023-41990) were zero-day vulnerabilities. They affected not only the iPhone, but also iPod, iPad, macOS, Apple TV and Apple Watch. It also turned out that in addition to infecting devices via iMessage, attackers could attack the Safari browser. In this post you can read details on how our experts analyzed this threat.

New Lazarus campaign

The third report by GReAT experts was devoted to new attacks carried out by Lazarus APT. This group is now targeting software developers (some of which have been attacked multiple times) and is actively employ supply chain attacks.

Through vulnerabilities in legitimate software for encrypting web communications Lazarus infects the system and deploys a new SIGNBT implant, the main part of which operates in memory only. It serves to study the victim (get network settings, names of processes and users), as well as launch additional malicious payload. In particular, it downloads an improved version of the already known LPEClient backdoor, which also runs in memory and in turn launches malware capable of stealing credentials or other data. Technical information about the new tools of Lazarus APT group, as well as indicators of compromise, can also be found on the Securelist blog.

TetrisPhantom attack

In addition, experts provided details of the TetrisPhantom attack aimed at government agencies in the APAC region. TetrisPhantom relies on compromising of certain type of secure USB drives that provide hardware encryption and is commonly used by government organizations. While investigating this threat, experts identified an entire spying campaign that uses a range of malicious modules to execute commands, collect files and information from compromised computers and transfer them to other machines also using secure USB drives. Some details about this campaign can be found in our quarterly report on APT threats.

#SAS #Key #Research #Kaspersky #official #blog

No one likes passwords. They take ages to enter, are hard to remember, and the need for a number, symbol, uppercase letter, and a couple of hen’s teeth only makes creating them all the more difficult. But if you use the same password everywhere, or limit yourself to simple short (read — weak) passwords, sooner or later you’ll get hacked. How to combine ease of input, memorability, and hack resistance? An interesting, if unusual, way is to use emojis — yes, those same smileys 😁 and other cute icons 🔐 we love to use in chats and posts.

On today’s computers and smartphones, emojis are just as much full-fledged symbols as letters in alphabets and punctuation marks. That’s because they’re part of the Unicode standard (see here for a full list of standardized emojis), so in theory, they can be used in any text — including in passwords.

Why use emojis in passwords

Since there are a great many emojis in existence, your password can be twice as short.

When intruders try to brute-force a password containing letters, numbers, and punctuation marks, there are fewer than a hundred variations for each symbol they need to pick. But there are more than 3600 standardized emojis in Unicode, so adding one to your password forces hackers to go through around 3700 variants per symbol. So, in terms of complexity, a password made up of five different emoticons is equivalent to a regular password of nine characters’ while seven emojis is equivalent to a strong password of 13 “regular” characters.

Some new emojis in Unicode

Emojis are easier to memorize. Instead of a meaningless jumble of letters and numbers, you can compose a logical sentence and create an emoji puzzle based on it. For this you can use an emoji translator or a chatbot like ChatGPT.

An emoji translator or ChatGPT can create an emoji-based puzzle-password on a given topic

Hackers don’t brute-force emojis. Various hacking tools and dictionaries for cracking passwords include combinations of words, numbers, and common substitutions like E1iteP4$$w0rd, but not (yet?) emojis. So when an attacker goes through a leaked password database, your account protected with a 👁️🐝🍁👁️🥫🪰 (“I believe I can fly”) password is very likely safe.

All this sounds too good to be true. So what are the downsides of emoji passwords? Alas, they’re sizeable.

Why not use emojis in passwords?

Not all services accept emoji passwords.

We carried out a little account-creation experiment using a password consisting of several standard emojis. It was rejected by both Microsoft/Outlook and Google/Gmail. However, Dropbox and OpenAI happily accepted it, so basically it’s a matter of experimentation.

Not every service will accept an emoji password

You’ll have to test your emoji password immediately to make sure it works. Even if you’re able to create an account with it, it may not pass verification when signing in.

Emojis are harder to enter. On smartphones, entering emoji is simplicity itself. On desktop computers, however, it can be a bit more troublesome — though not excessively so (see below for details). In any case, you’ll have to find the emojis you need in a long list, making sure to select the right picture from several similar ones. If you cross-platform, remember to check you can enter these emojis on both your computer and smartphone for all services you use.

Recent emojis give you away. Many smartphone keyboards display frequently used emojis at the top of the list. This information is unlikely to help online hackers, but friends or family may be able to guess or snoop on your password.

Recent emoji can reveal a lot about you to prying eyes

How to create a password with emojis

A reasonable compromise would be to add an emoji or two to your password to up its complexity. The rest of the password can then be alphanumeric, and less fancy. Of course, using emojis is no substitute for traditional security tips: using long passwords, a password manager and two-factor authentication (2FA). Speaking of which, our password manager can both store passwords with emojis and generate 2FA codes.

Emoji password and 2FA code in Kaspersky Password Manager

How to enter emoji passwords

The input method depends on your device and operating system. Smartphones have a special keyboard section for this, while on computers you can use one of these options:

  • In Windows 10 or 11, press the Win key + period simultaneously to open the emoji table in any input field. In many layouts, the key combination Win + ; also works.
  • In macOS, the emoji table is available in any application under Edit → Emoji & Symbols. To open the table from the keyboard, hold down Command + Control + Spacebar together.
  • In Ubuntu Linux (version 18 and higher), you can enter emojis by right-clicking in the input field and selecting Insert Emoji from the context menu. To call up the table from the keyboard, just like in Windows, press Win + period at the same time.
  • Input by character code. Slow and boring as it may be, this is a reliable way to input any Unicode character — not just emojis. First, look up the code of the respective character in the table, then enter it using a special key combination. In Windows, press and hold Alt, then enter the decimal code from the list on the side numeric keypad. For other OSes the process is described in more detail here.
  • But the easiest way to enter emoji passwords is to save them in Kaspersky Password Manager and insert them into the required input fields automatically.

#emojis #passwords

Artificial Intelligence has become something of a buzz-word of late, with start-ups across the globe jumping on the AI train, in the hopes of making the next ChatGPT. But whilst the scramble to create the next big-thing rolls on, employers are looking at how the current crop of tools will be used (and possibly abused) in their businesses.

Are businesses sleep-walking into a cyber-security nightmare, or are concerns around the technology overblown? Recently we conducted some research, asking business leaders their thoughts on generative A.I and its use in their businesses.

A real concern?

But what are the concerns when it comes to AI exactly? After all it’s not a security risk in the same sense as an outdated server or endpoint. To understand this properly, we first have to understand how generative A.I works.

In order to work effectively, AI is constantly being fed data. From this, the tool learns and refines its outputs. But whilst that’s fine for cat pictures or poems, highly sensitive intellectual property or data is another matter entirely.

So, the potential is that staff misuse AI tools and share sensitive data or intellectual property with a third-party. Outside of the fact that you could run into legal problems such as GDPR, you could end up in a position where your business is sharing private data with a tool that disseminates and reuses this data. So, broadly speaking, the concern stems from privacy and data rather than more “traditional” security concerns that IT teams are familiar with.

Two-sides to every coin

However, with this all said many business leaders already think that generative AI is in the building – indeed, some are even using it themselves – our research shows that around a quarter of business leaders such as CEO’s (26%) are already using tools such as ChatGPT themselves.

Whilst many of those surveyed believed that Gen AI is already in their business, most aren’t planning on doing anything about it. In fact, just over a quarter of those surveyed are actually using AI themselves for day to day activities.

What’s the solution?

So whilst we wax lyrical about the concerns of Gen AI, what pragmatic solutions are there, so businesses can continue using tools such as this, whilst mitigating the risks.

To understand this, we need to go back a little bit in time.  Ten years ago, BYOD, or Bring Your Own Device was hailed as a game-changer for businesses – allowing them to reduce costs & maintenance. However, businesses quickly realized that there were several issues that BYOD caused, including not having a complete breakdown of the devices on their network and additional issues around data privacy and security. As a result, BYOD in many businesses was either restricted or blocked, or staff had to ensure IT teams had visibility over devices.

So, what does this have to do with Gen AI? Well, as John C. Maxwell once said: “You can’t trust what you don’t understand”. Business leaders need to learn more about the pros and cons of generative A.I to see if it truly deserves a place in their business.

To learn more about our findings, you can read the whole report here.

#csuite #worried #Gen

Android is a well-designed operating system that gets better and more secure with each new version. However, there are several features that may put your smartphone or tablet at serious risk of infection. Today, we take a look at the three that are the most dangerous of all — and how to minimize the risks when using them.


Accessibility is an extremely powerful set of Android features originally designed for people with severe visual impairments. To use smartphones, they need special apps that read on-screen text aloud, and respond to voice commands and convert them into taps on UI controls.

For those with visual impairments, this function is not just useful — it’s essential. But the very modus operandi of Accessibility is to grant an app access to everything that’s going on in others. This violates the principle of strict isolation, which is a core security feature of Android.

And it’s not just tools for helping the visually impaired that take advantage of the Accessibility feature. For example, mobile antiviruses often use it to keep an eye out for anything suspicious taking place in other apps.

But every coin has a flip side. For example, malicious apps can requests permission to access this feature set too. This isn’t surprising, since such access makes it easy to spy on everything on your smartphone: read messages, steal credentials and financial data, intercept one-time transaction confirmation codes, and so on.

What’s more, access to this feature allows cybercriminals to perform user actions on the smartphone, such as tapping buttons and filling out forms. For instance, malware can fill out a transfer form in a banking app and confirm it with a one-time code from a text message, all on its own.

Therefore, before you give an app access to Accessibility, always think carefully: do you really trust its developers?

Install unknown apps

By default, only the official store app has the right to install other programs on Android. Given an unmodified version of the system, this is, of course, Google Play. But together with (or instead of) Google Play, smartphone developers often use their own — such as Huawei AppGallery or Samsung Galaxy Store. Indeed, Android is a democratic operating system with no strict limitations on app download sources. You can easily allow any app to download and install programs from anywhere. But it’s just as easy to get your smartphone infected with something nasty this way too, which is why we don’t recommend using it.

Official stores are usually the safest sources for downloading apps. Before being published in an official store, apps are subjected to security checks. And if it later transpires that malware has sneaked in, the dangerous app is quickly kicked out of the store.

Sure, even Google Play is not totally immune to malware (alas, it gets in more often than we’d like). Still, official stores at least try to keep their house in order — unlike third-party sites where malware is endemic, and the owners couldn’t care less. A case in point: attackers once even managed to infect the third-party Android app store itself.

The most important thing to remember is this: if you do decide you absolutely must download and install something on your Android smartphone not from the official app store — don’t forget to disable the ability to do so immediately after the installation. It’s also a good idea to scan your device afterward with a mobile antivirus to make sure no malware’s appeared; the free version of our Kaspersky Security & VPN will do the job just fine.

Superuser rights (rooting)

Less popular than the two features above — but by no means less dangerous — is the ability to gain superuser rights in Android. This process is popularly known as “rooting” (“root” is the name given to the superuser account in Linux).

The designation is appropriate since superuser rights give superpowers to anyone who gets them on the device. For the user, they open up the usually forbidden depths of Android. Superuser rights grant full access to the file system, network traffic, smartphone hardware, installation of any firmware, and much more.

Again, there’s a downside: if malware gets on a rooted smartphone, it too acquires superpowers. For this reason, rooting is a favored method of sophisticated spyware apps used by many government intelligence agencies — as well as cutting-edge stalkerware that’s accessible to regular users.

Therefore, we strongly discourage rooting your Android smartphone or tablet — unless you’re an expert with a clear understanding of how the operating system works.

How Android users can stay safe

Lastly, a few tips on how to stay safe:

  • Be wary of apps that request access to Accessibility.
  • Try to install apps only from official stores. Yes, you can come across malware there too, but it’s still much safer than using alternative sites where no one is responsible for security.
  • If you do install an app from a third-party source, don’t forget to disable “Install unknown apps” immediately afterward.
  • Never use rooted Android unless you fully understand how root permissions work.
  • Make sure you install reliable protection on all your Android devices.
  • If you use the free version of our security solution, remember to manually run a scan from time to time. In the paid version of Kaspersky Security & VPN, scanning takes place automatically.

#dangerous #Android #features

There’ve been more and more cases of users receiving emails seemingly from large internet companies (for example, Microsoft or its cloud service Office 365) containing QR codes. The body of these emails have a call to action: in a nutshell, scan the QR code to maintain access to your account. This post examines whether it’s worth reacting to such messages.

Scan the QR code, or face the inevitable

A typical email of this kind contains a notification saying your account password is about to expire, after which you’ll lose access to your mailbox, and so the password must be changed for which you need to scan the QR code in the email and follow the instructions.

The password must be reset by scanning the QR code

Another email could warn the recipient that their “authenticator session has expired today”. To avoid this, the user is advised to “quickly scan the QR Code below with your smartphone to re-authenticate your password security”. Otherwise access to the mailbox could be lost.

“Authenticator session has expired” — for a quick fix, scan the QR code

A further example: the message kindly informs the reader: “This email is from a trusted source” — we’ve already talked about why emails stamped “verified” should be treated with caution. The thrust of the message is that “3 important emails” supposedly cannot be delivered to the user due to lack of some kind of validation. Of course, scanning the QR code below will fix the issue.

Important emails can be delivered only by scanning the QR code for “validation”

Clearly, the authors of these emails want to intimidate inexperienced users with high-sounding words.

They’re also likely hoping that the recipient has heard something about authenticator apps — which do indeed use QR codes — so that their mere mention may stir some vague associations in their mind.

What happens if you scan the QR code in the email

The link in the QR code takes you to a rather convincing replica of a Microsoft login page.

Scanning the QR code takes you to a phishing site that steals entered credentials

Of course, all credentials entered on such phishing pages end up in cybercriminal hands. And this jeopardizes the accounts of users who fall for such tricks.

An interesting detail is that some phishing links in QR codes lead to IPFS resources. IPFS (InterPlanetary File System) is a communication protocol for sharing files that has much in common with torrents. It allows you to publish any files on the internet without domain registration, hosting, or other complications.

In other words, the phishing page is located directly on the phisher’s computer and is accessible via a link through a special IPFS gateway. Phishers use the IPFS protocol because it’s much easier publish and much harder to remove a phishing page than blocking a “regular” malicious website. As such, the links live longer.

How to guard against phishing QR codes

No decent authentication system will suggest scanning a QR code as your only option. Therefore, if you receive an email asking you to, say, confirm something, or sign in to your account again, or reset your password, or perform some similar action, and this email only contains a QR code, you’re probably dealing with phishing. You can safely ignore and delete such an email.

And for those times when you need to scan a QR code of an unknown source, we recommend our security solution with its secure QR code scanner function. It will check the contents of QR codes and warn you if there’s anything bogus inside.

#shouldnt #scan #codes #emails