Articles about Security

Another data breach... Yeah, yeah, whatever

yawning

It seems like data breaches are seldom out of the news these days, but whilst that means we're more likely to be aware of their existence it also means there's a risk that individual threats begin to fade into the general day-to-day techy chatter and we don't give them the attention they deserve.

The growing number of breaches -- up 10 percent over last year according to a recent study by the Ponemon institute -- means they're less likely to catch our attention. Security training firm KnowBe4 refers to this phenomenon as "breach fatigue" and warns that it may be placing companies at risk.

Continue reading

Weak passwords are still a major problem for business security

Obvious password

According to data released by security company Trustwave which has analyzed evidence from almost 700 security breaches that took place in 2013, retail is the most compromised industry, accounting for 35 percent of attacks investigated.

The food and drink industry ranks second on 18 percent followed by hospitality on 11 percent. Perhaps not surprisingly e-commerce is most at risk, making up 54 percent of assets targeted whilst data centers account for only 10 percent. Point of sale breaches made up 33 percent of Trustwave’s investigations.

Continue reading

The Fappening goes on: Hundreds of nude celebrity photos leak once again

secrets shock surprise man woman

For an increasing number of celebrities who have seen their nude photos being leaked online, The Fappening will always be a never-ending nightmare, which will come back to haunt them for a long time to come. Once it's online, it stays there, ready for the world to see. Meanwhile, for others it will serve as a source of frequent enjoyment, in no small part thanks to Apple. Its iCloud service appears to be the source of the leaks for most files, and this includes the latest batch, called The Fappening part 3, which just surfaced.

Reddit and 4chan have served as the gateways to the new leaked photos, with download links showing up this past weekend. It's a recurring theme, as the two community forums have been involved in propagating hundreds of such images since The Fappening hit in early-September. Threads on the topic have been banned and new policies have been implemented, but, despite these efforts, it is all for naught apparently.

Continue reading

Touch ID on iPhone 6: Still hackable

photo-3

Apple's recently released iPhone 6 is susceptible to the same fingerprint forging attack as the iPhone 5s, according to the latest security research.

Mark Rogers, principal security researcher for mobile security firm Lookout, used techniques which are well-known to police officials and prototypers to access the device.

Continue reading

Apple: Most OS X users shouldn't worry about Shellshock

Satisfied Happy Businessman Relaxing Office

Apple has admitted that most OS X users have nothing to be concerned about when it comes to the bug that has been dubbed "worse than Heartbleed".

In a statement the firm admitted that it is already working on a software update for advanced UNIX users that repairs the major exploit that can be used by hackers to gain access to connected devices by inserting malicious code into the "Bash" command shell in OS X and Linux.

Continue reading

How to protect yourself from the Shellshock Bash bug

cyber_defense_800_contentfullwidth

A worrying new security vulnerability has muscled its way onto the Internet, and world-leading security experts are saying it's even worse than this year's Heartbleed fiasco. Called "Bash" or "Shellshock", the security flaw is inherent to a computer's shell. This is the user interface that accesses operating systems like Command Prompt, and means that many Linux, UNIX, and some BSD systems (including Apple's OS X) are vulnerable. Worryingly, the ubiquitous nature of the bug means that a large percentage of software is engaged in constant interaction with the shell. Consequently the bug can infiltrate software in a number of different ways.

So what can you do to protect yourself against this frightening new bug, and how can you avoid Shellshock? Well, the answer is basically the same as it's always been. There's no special tool or patch that'll keep you protected from Shellshock. It's just pure, common-sense cyber security.

Continue reading

Shellshock bug is bad and could take years to eradicate say experts

Despair

Ever since yesterday’s news of the Shellshock Bash bug broke cyber security experts have been lining up to make clear how bad it really is.

Unlike Heartbleed, which affected mainly servers, Shellshock leaves a whole host of systems vulnerable including Apple OSX systems and many internet of things devices with embedded code that’s based on Unix or Linux.

Continue reading

What a shocker! FBI head complains about Apple and Google's encryption practices

cry baby

Apple and Google do not want the US Government to be able to access your private data, even when search warrants are involved. It's a bold stand they're taking, which has been applauded by privacy advocates and, quite probably, criminals as well. But, guess what? That does not sit well with the authorities. FBI Director James Comey is troubled by the idea that the all-mighty agency that he runs can be stopped dead in its tracks when trying to see your intimate photos, videos and whatnot. Imagine that.

Here's what the fuss is all about. If encryption is turned on, the encryption key, that is needed in order to access the data that is stored on an Android or iOS 8 device, is in the user's control, instead of Google's or Apple's. As such, this allows the companies to be unable to comply with search warrants. It's clever: you can't give what you don't have.

Continue reading

Shellshock Bash -- What every business needs to know

shellshock_800_theader_contentfullwidth

A worrying new security vulnerability means that all Apple Mac computers, about half of all websites, and even internet connected home appliances are all vulnerable to hackers. Security experts are saying it's even worse than this year's Heartbleed fiasco. But what is Shellshock exactly, and what does it mean for the security of your business?

Shellshock exploits a vulnerability in Bash. Bash, an acronym for Bourne Again Shell, is a command-line shell used by many UNIX computers. UNIX is an operating system on which many others are built, such as Linux and Mac OS. So if any part of your business runs on a Unix-based operating system, it could be vulnerable.

Continue reading

Taiwan could ban Xiaomi smartphones over data security concerns

xiaomi-logo-header_contentfullwidth

Xiaomi has found itself under scrutiny due to concerns that it may be a security threat, with the Taiwanese government expected to make a decision on the smartphone company within three months. It is unclear whether this could lead to a ban on Xiaomi's low-priced smartphones in Taiwan.

A statement on the website of Taiwan's executive branch on Tuesday referred to the fact that some of the company's smartphones automatically send user data back to the Xiaomi servers in Beijing, resulting in a risk of security breaches.

Continue reading

Shellshock Bash bug could be bigger than Heartbleed

hammer disk drive

Although it seems that the Heartbleed bug wasn't exploited before its existence was disclosed, that doesn’t mean the security world can rest on its laurels.

The latest problem to be revealed is a bug in the commonly used Bash command interpreter that poses a critical risk to Linux and Unix systems. And since these form the backbone of the internet and are in many other systems as well it's a threat to the rest of us too.

Continue reading

eBay heavily criticized for leaving user data exposed

ebay_2_contentfullwidth

eBay is being put under intense pressure by leading security researchers to take action over the dangerous listings that are tricking customers into giving away their personal data.

The vulnerability relates to user's ability to insert custom JavaScript and Flash content into their listing pages, which significantly raises the likelihood of malicious code being included through a technique known as cross-site scripting (XSS).

Continue reading

Small businesses lack the security knowledge to protect their mobiles

photo by Slavoljub Pantelic, Shutterstock

Whilst smaller businesses are keeping pace with mobile adoption trends they don't always have the security knowledge needed to protect themselves.

This is among the findings of a survey by Kaspersky Lab which asked 3,900 IT professionals worldwide about the challenges encountered by their businesses over the last year.

Continue reading

Mobile security budgets aren't keeping pace with demand for devices

mobile-security

Although mobile devices are becoming essential in many workplaces security budgets are failing to reflect the growing numbers of devices that need protection.

This is among the findings of a new report by electronics and systems specialist Raytheon. According to the research around one-third of employees use mobile devices exclusively to do their work and this is expected to increase to an average of 47 percent of employees in the next year.

Continue reading

How to keep yourself safe from hacking [Q&A]

login password identity

As we all carry out more of our day-to-day transactions online and access the internet through a wider range of devices, we're opening ourselves up to greater potential risk.

Add in the constant battle of security providers to stay ahead of hackers and malware writers and it's easy to doubt if you can ever stay truly safe online. Joe Siegrist CEO of password management specialist LastPass thinks that although it's not 100 percent possible to hack-proof yourself, you can significantly reduce your risk, we spoke to him to find out how.

Continue reading

© 1998-2014 BetaNews, Inc. All Rights Reserved. Privacy Policy.