Increased use of the cloud and hybrid systems is bringing new challenges for businesses needing to ensure their systems are secure and compliant.
A new Cloud Agent Platform (CAP) from cloud security specialist Qualys provides organizations with a flexible solution to assess the security and compliance of their IT assets in real time, whether they're on-site, cloud-based or mobile endpoints.
D-Link has issued an apology to its customers for an on-going security issue with many of its routers. A problem with the Home Network Administration Protocol (HNAP) means that it is possible to bypass authorization and run commands with escalated privileges.
The list of routers affected by the issue is fairly lengthy, and D-Link has already issued one patch. But rather than fixing the problem, last week's update left routers wide open to exactly the same problem. As it stands at the moment, a firmware patch is still being produced for a total of 17 routers. In the meantime, all D-Link has to offer is an apology.
As more apps move to the cloud business infrastructures are increasingly fragmented. This can make traditional on-site security tools ineffective in fighting off cyber attacks.
The threat of attacks remains, however, and a new release from security software company Radware is aimed at protecting both on-premise and cloud-based applications, using just one solution.
Electronic voting machines used for US elections between 2002 and 2014 would have been extremely easy to hack, according to reports.
The AVS WinVote machines were used during three presidential campaigns in the state of Virginia and would receive an "F-minus" for security, with many using "abcde" or "admin" as passwords.
The endpoint is the most vulnerable link in enterprise security, constantly under attack and prone to human error. Yet the security products designed to protect it are subject to high levels of false positives.
The result is that providing effective protection can be complex and stretch the resources and budget of even quite large organizations.
Internet performance specialist WildPackets is changing its name to Savvius and at the same time is also launching its first security appliance.
"This name change comes at a defining moment in our history," says Tim McCreery, CEO of Savvius. "We are deepening our commitment to network performance management solutions and expanding our focus to include support for security forensics. Our team is united in providing great solutions and world-class support to our customers and partners".
With cyber attacks often being driven by organized crime rings and the tools and expertise behind them widely shared, threat intelligence is more important than ever to fend them off.
Announcing today that it's opening up more than two decades' worth of cyber threat intelligence IBM is seeking to unite, mobilize and rally the private sector to defend itself against increasingly sophisticated and organized cyber threats.
Yesterday was Tax Day in the United States, when we file our federal income tax returns. This has been an odd tax season in America for reasons that aren’t at all clear, but I am developing a theory that cybersecurity failures may shortly bring certain aspects of the U.S. economy to its knees.
I have been writing about data security and hacking and malware and identity theft since the late 1990s. It is a raft of problems that taken together amount to tens of billions of dollars each year in lost funds, defensive IT spending, and law enforcement expenditures. Now with a 2014 U.S. Gross Domestic Product of $17.42 trillion, a few tens of billions are an annoyance at most. Say the total hit is $50 billion per year, well that’s just under three tenths of one percent. If the hit is $100 billion that’s still under one percent. These kinds of numbers are why we tolerate such crimes.
There were 783 reported data breaches in 2014, up 27.5 percent over the previous year and the most in any year of the past decade. The average cost of each of those breaches was $3.5 million, up 15 percent over 2013.
These are among the statistics highlighted in a new infographic from user behavior intelligence specialist Exabeam. Ten breaches each led to more than a million records being reported stolen, the biggest being Home Depot with 56 million records.
Only two weeks ago we reported on the underlying vulnerabilities that put point-of-sale systems at risk. Now acting as part of an investigation by the US Secret Service, researchers at security services company Trustwave have identified a new family of PoS malware.
Cyber criminals are already using the malware -- which researchers have named "Punkey" in an obscure '80s sitcom reference -- to infect businesses. Payment card information and more than 75 active victim IPs were found as part of the investigation.
In the current information security climate it seems that falling victim to some form of cyber attack is just a matter of time. If you haven't been hit yet chances are you will be soon.
The latest Internet Security Threat Report from Symantec shows that five out of six large companies were targeted in 2014, a 40 percent increase over the previous year, and that attackers are shifting their tactics when targeting corporations.
Kaspersky Labs has released CoinVault Decryptor, is a free tool which may help victims of the CoinVault ransomware to decrypt their files.
The program works by using a set of decryption keys recovered by the Danish police. Unfortunately it isn’t a full set, and so the Decryptor won’t work for everyone.
There is no need for cybercriminals to launch sophisticated attacks, or exploit vulnerabilities, to gain access to valuable information; a simple phishing email is all that's needed to convince a worrying number of people to hand over their login credentials. This is just one of the findings of a new security report due to be published by Verizon.
The telco reports that more than two thirds of security breaches involving phishing tactics. The number of people who fall for this type of scam means that phishing remains successful and popular as a means of extracting data from people. In this age of technological enlightenment, it might come as a surprise that more than one in 10 people who receive a phishing email open attachments or click the links they contain.
A serious security hole leaves millions of Windows users open to attack, making it possible to extract encrypted credentials from a target machine. Researchers at Cylance say the problem affects "any Windows PC, tablet or server" (including Windows 10) and is a slight progression of the Redirect to SMB attack discovered by Aaron Spangler way back in 1997.
Redirect to SMB is essentially a man-in-the-middle attack which involves taking control of a network connection. As the name suggests, victims are then redirected to a malicious SMB server which can extract usernames, domains and passwords. Cylance also reports that software from companies such as Adobe, Oracle and Symantec -- including security and antivirus tools -- are affected.
Each time someone reports that antivirus is dead, a hacker gets his wings (and I get furious). With our industries becoming increasingly data-driven, the need to protect our networks, devices, and archives has become more important than ever.
In a world of weaponized emails and polymorphic, self-replicating malware, entertaining the idea that endpoint antivirus protection is dead is both ignorant and dangerous.