Companies are still failing to properly protect themselves from potential attacks and hackers, with security not being given enough weight of consideration -- and indeed, many firms haven’t even covered the fundamentals of keeping intruders out of their networks and data.
This is according to Neira Jones, a security expert who chairs the Global Advisory Board for the Centre for Strategic Cybercrime & Security Science, who criticized businesses for failing to "fix the basics" of protecting data, and lacking sufficient "cyber-security awareness programs".
The trend towards mobile devices and BYOD is great for productivity but it creates new challenges in terms of keeping information secure.
Identity and access management specialist Ping Identity has produced an infographic looking at the vulnerabilities introduced by letting employees use mobile devices.
Cross-site scripting (XSS) vulnerabilities allow attackers to inject script into web pages in order to infect client computers.
Security company High-Tech Bridge has released a report revealing that 95 percent of XSS vulnerabilities can be used to perform sophisticated drive-by-download attacks, which infect users who open harmless-looking URLs that they trust. More worrying is that 90 percent of vulnerabilities can be exploited in such a way that even advanced users and IT professionals won't suspect anything. The structure and architecture of more than 70 percent of web applications allows the creation of a sophisticated XSS exploit that can perform several fully-automated actions, ultimately giving full administrative access to the attacker. This access can then be used by hackers to compromise the entire website and even the web server.
Free software that can detect the presence of surveillance spyware has been launched by a global coalition of human rights and tech organizations.
Organizations including Amnesty International, Privacy International, Digitale Gesellschaft and Electronic Frontier Foundation have teamed up to unveil the open source tool Detekt.
It has been a long time coming, but the web is slowly transitioning away from HTTP to HTTPS. Google has done it with Gmail, and Yahoo did the same with its webmail service, and security advocates would like other websites to follow suit. The problem, for smaller sites at least, is the cost involved. But a new venture between Electronic Frontier Foundation (EFF), Mozilla, Cisco, the University of Michigan and IdenTrust will eliminate the cost obstacle when it launches next summer.
The partnership has brought about the creation of Let's Encrypt, a new certificate authority that will provide free security certificates to those who need them. It is hoped that handing out cost-free certificates will encourage more sites to adopt the HTTPS protocol. But Let's Encrypt does not just eliminate the financial hurdle.
Up to now cyber security has generally taken a defensive approach to protecting data and intellectual property.
That’s set to change as a team of industry experts has got together to create a system that's aimed at dramatically improving the reliability and security of enterprise data and applications running in both cloud and conventional environments.
Microsoft is giving Office 365 users an early glimpse of what it hopes will become the future of enterprise video sharing. Office 365 Video harnesses the power of SharePoint and Azure Media Services to create a tool that gives businesses a one-stop-shop for uploading, sharing, delivering and streaming videos.
A number of possible scenarios are set out by Mark Kashman, a senior product manager in the Office 365 group. From providing employees with access to training videos to delivering CEO messages, this is a flexible tool that has been designed with security and simplicity in mind. Office 365 Video is not expected to launch until early next year, but a sneak peak is available right now.
Malware developers are constantly shifting the goal posts in order to evade detection mechanisms. Part of this involves changing the domain names used to communicate with command and control servers and spread infections.
The latest trick identified by security company Seculert is the increasing use of Domain Generating Algorithms (DGAs).
New research from DDoS protection specialist Black Lotus shows that cyber attack incidents have continued to decline throughout this year.
There were 201,721 incidents in the third quarter of this year (down from 462,621 in Q1 2014 and 276,447 in Q2). This can be attributed to the security industry's increased knowledge and filtering against NTP DrDoS types of attacks, as well as more proactive activity to stop malicious attacks before or as soon as they're detected.
The past year has seen a number of high profile security breaches involving retail businesses and there’s no sign of the trend slowing down.
Security ratings company BitSight Technologies has released some new research looking at the performance of 300 major US retailers over the past 12 months. It shows that 75 percent of retailers that suffered a data breach have improved their security effectiveness.
According to the third annual State of Mobile App Security report from application protection company Arxan Technologies, 87 percent of the top 100 paid iOS apps have been hacked.
Don’t feel smug if you're an Android user though as the report reveals 97 percent of the top 100 paid Android apps have been too. But whilst the Android figure is in line with previous years, the iOS percentage represents a jump from 2013 when 56 percent were found to have been hacked.
The recent spate of payment card breaches that have plagued the retail industry this year has prompted many merchants to consider investing in cybersecurity liability insurance policies to offset the costs associated with a breach recovery. These companies often make this choice based on the belief that the money they’ve spent to comply with industry security standards has failed to prevent these breaches from occurring, and there seems to be no other alternative. At least one recently filed claim has led to a lawsuit that will put these cybersecurity insurance policies to the test.
The key element of such lawsuits is determining liability -- who is at fault -- to determine whether the claims are justified and if the insurance companies will pay out. Finding a party liable for something means determining if the party was taking reasonable steps to prevent such actions from happening.
Credit card giants Visa and Mastercard are planning to get rid of their current online security verification system, and replace it with something a bit more modern and secure.
You’re probably familiar with either Verified by Visa or MasterCard SecureCode, which pop up when you make an online purchase, just before the payment is officially put through. They ask you to input letters from an extra password to verify that it’s actually the card owner making the purchase -- but in contemporary terms, this is a relatively unsophisticated security measure.
Reports from Associated Press reveal that the State Department has closed down its email system following a security attack. The news comes after the details of a hack attack on the White House in October were made public. It seems that the State Department's unclassified email system was attacked at the same time, and technicians are currently working to repair the damage.
It was suggested that last month's White House hack was linked to Russia, but it is not yet clear whether the attack on the email system is part of the same security breach. The email closure is described as "unprecedented", but officials insist that classified data systems have not been affected.
With more and more data stored in the cloud or accessed from corporate systems on mobile devices, security and regulation becomes a major concern.
Enterprise file sharing specialist WatchDox has announced a new solution to both detect and protect sensitive files everywhere, on every device.