Articles about Security

Businesses are failing to take security seriously enough


Companies are still failing to properly protect themselves from potential attacks and hackers, with security not being given enough weight of consideration -- and indeed, many firms haven’t even covered the fundamentals of keeping intruders out of their networks and data.

This is according to Neira Jones, a security expert who chairs the Global Advisory Board for the Centre for Strategic Cybercrime & Security Science, who criticized businesses for failing to "fix the basics" of protecting data, and lacking sufficient "cyber-security awareness programs".

Continue reading

The security challenge of business mobile devices

photo by Slavoljub Pantelic, Shutterstock

The trend towards mobile devices and BYOD is great for productivity but it creates new challenges in terms of keeping information secure.

Identity and access management specialist Ping Identity has produced an infographic looking at the vulnerabilities introduced by letting employees use mobile devices.

Continue reading

XSS vulnerabilities open the door to drive-by downloads

Web script

Cross-site scripting (XSS) vulnerabilities allow attackers to inject script into web pages in order to infect client computers.

Security company High-Tech Bridge has released a report revealing that 95 percent of XSS vulnerabilities can be used to perform sophisticated drive-by-download attacks, which infect users who open harmless-looking URLs that they trust. More worrying is that 90 percent of vulnerabilities can be exploited in such a way that even advanced users and IT professionals won't suspect anything. The structure and architecture of more than 70 percent of web applications allows the creation of a sophisticated XSS exploit that can perform several fully-automated actions, ultimately giving full administrative access to the attacker. This access can then be used by hackers to compromise the entire website and even the web server.

Continue reading

Free tool detects 'government surveillance spyware'

snoop spy eye

Free software that can detect the presence of surveillance spyware has been launched by a global coalition of human rights and tech organizations.

Organizations including Amnesty International, Privacy International, Digitale Gesellschaft and Electronic Frontier Foundation have teamed up to unveil the open source tool Detekt.

Continue reading

Mozilla, EFF and others join forces to encrypt the web with free security certificates

Mozilla, EFF and other join forces to encrypt the web with free security certificates

It has been a long time coming, but the web is slowly transitioning away from HTTP to HTTPS. Google has done it with Gmail, and Yahoo did the same with its webmail service, and security advocates would like other websites to follow suit. The problem, for smaller sites at least, is the cost involved. But a new venture between Electronic Frontier Foundation (EFF), Mozilla, Cisco, the University of Michigan and IdenTrust will eliminate the cost obstacle when it launches next summer.

The partnership has brought about the creation of Let's Encrypt, a new certificate authority that will provide free security certificates to those who need them. It is hoped that handing out cost-free certificates will encourage more sites to adopt the HTTPS protocol. But Let's Encrypt does not just eliminate the financial hurdle.

Continue reading

New venture aims to completely rethink enterprise security


Up to now cyber security has generally taken a defensive approach to protecting data and intellectual property.

That’s set to change as a team of industry experts has got together to create a system that's aimed at dramatically improving the reliability and security of enterprise data and applications running in both cloud and conventional environments.

Continue reading

Microsoft unveils Office 365 Video for secure enterprise video sharing and streaming

Microsoft unveils Office 365 Video for secure enterprise video sharing and streaming

Microsoft is giving Office 365 users an early glimpse of what it hopes will become the future of enterprise video sharing. Office 365 Video harnesses the power of SharePoint and Azure Media Services to create a tool that gives businesses a one-stop-shop for uploading, sharing, delivering and streaming videos.

A number of possible scenarios are set out by Mark Kashman, a senior product manager in the Office 365 group. From providing employees with access to training videos to delivering CEO messages, this is a flexible tool that has been designed with security and simplicity in mind. Office 365 Video is not expected to launch until early next year, but a sneak peak is available right now.

Continue reading

DGA malware evolves to get past security solutions

Malware spy

Malware developers are constantly shifting the goal posts in order to evade detection mechanisms. Part of this involves changing the domain names used to communicate with command and control servers and spread infections.

The latest trick identified by security company Seculert is the increasing use of Domain Generating Algorithms (DGAs).

Continue reading

DDoS attacks fall as defenses improve

DDoS attack

New research from DDoS protection specialist Black Lotus shows that cyber attack incidents have continued to decline throughout this year.

There were 201,721 incidents in the third quarter of this year (down from 462,621 in Q1 2014 and 276,447 in Q2). This can be attributed to the security industry's increased knowledge and filtering against NTP DrDoS types of attacks, as well as more proactive activity to stop malicious attacks before or as soon as they're detected.

Continue reading

One third of retail security breaches come from third-party vulnerabilities

cloud commerce shopping

The past year has seen a number of high profile security breaches involving retail businesses and there’s no sign of the trend slowing down.

Security ratings company BitSight Technologies has released some new research looking at the performance of 300 major US retailers over the past 12 months. It shows that 75 percent of retailers that suffered a data breach have improved their security effectiveness.

Continue reading

87 percent of the top 100 paid iOS apps available as hacked versions

mobile security

According to the third annual State of Mobile App Security report from application protection company Arxan Technologies, 87 percent of the top 100 paid iOS apps have been hacked.

Don’t feel smug if you're an Android user though as the report reveals 97 percent of the top 100 paid Android apps have been too. But whilst the Android figure is in line with previous years, the iOS percentage represents a jump from 2013 when 56 percent were found to have been hacked.

Continue reading

Is cyber insurance your last line of defense?

cyber insurance

The recent spate of payment card breaches that have plagued the retail industry this year has prompted many merchants to consider investing in cybersecurity liability insurance policies to offset the costs associated with a breach recovery. These companies often make this choice based on the belief that the money they’ve spent to comply with industry security standards has failed to prevent these breaches from occurring, and there seems to be no other alternative. At least one recently filed claim has led to a lawsuit that will put these cybersecurity insurance policies to the test.

The key element of such lawsuits is determining liability -- who is at fault -- to determine whether the claims are justified and if the insurance companies will pay out. Finding a party liable for something means determining if the party was taking reasonable steps to prevent such actions from happening.

Continue reading

Mastercard and Visa working on new online payment verification system


Credit card giants Visa and Mastercard are planning to get rid of their current online security verification system, and replace it with something a bit more modern and secure.

You’re probably familiar with either Verified by Visa or MasterCard SecureCode, which pop up when you make an online purchase, just before the payment is officially put through. They ask you to input letters from an extra password to verify that it’s actually the card owner making the purchase -- but in contemporary terms, this is a relatively unsophisticated security measure.

Continue reading

State Department email system shut down after hacker attack

State Department email system shut down after hacker attack

Reports from Associated Press reveal that the State Department has closed down its email system following a security attack. The news comes after the details of a hack attack on the White House in October were made public. It seems that the State Department's unclassified email system was attacked at the same time, and technicians are currently working to repair the damage.

It was suggested that last month's White House hack was linked to Russia, but it is not yet clear whether the attack on the email system is part of the same security breach. The email closure is described as "unprecedented", but officials insist that classified data systems have not been affected.

Continue reading

WatchDox finds and protects sensitive documents anywhere

Security Lock

With more and more data stored in the cloud or accessed from corporate systems on mobile devices, security and regulation becomes a major concern.

Enterprise file sharing specialist WatchDox has announced a new solution to both detect and protect sensitive files everywhere, on every device.

Continue reading

© 1998-2014 BetaNews, Inc. All Rights Reserved. Privacy Policy.