Articles about Security

Users know the risks, but connect to Wi-Fi hotspots anyway

vpn_tiles

People are risking a lot when they connect to a free Wi-Fi, which is particularly important knowing how many people use mobile devices for work. According to a new report by NordVPN, a company selling VPN services, Wi-Fi networks can be hacked easily and attackers could steal valuable data, including corporate information, credit card information or identities.

"Hackers often position themselves as Wi-Fi hotspots and easily steal personal information of each individual that logs in", says NordVPN. "In addition, identity thieves have lately been using wireless sniffers, a software designed to intercept and decode data when it is transmitted over a network".

Continue reading

Failing to attract security experts may prove costly for businesses

Security lock

A new report from Kaspersky Lab has found that large businesses that struggle to attract sufficiently skilled security experts end up paying up to three times more to recover from a cyber security incident.

The much talked-about skills gap in the security industry continues to cause problems for businesses, as increasing wages, a general shortage of expert availability and the need for more specialists are all prevalent.

Continue reading

The trouble with open source research on the web

open source keyboard button

Every open source research project -- no matter how simple or complex -- starts with browsing the internet. But researchers should know that their identity can be obtained through a number of basic techniques, which could have consequences ranging from modified data to directed cyber attacks or worse.

Even the simplest of website visits will expose significant details about your location and your device, and pretty much any site you visit will drop code on your computer to track what you’re doing as you traverse the internet. Most of the time, this exchange is benign, but there can be times when content will be modified or attacks launched based on the identity of the user.

Continue reading

HMA! aims to bring VPN to the masses

HMA! VPN

Virtual private networks (VPNs) are an effective way of masking your internet activity when using public networks.

However, they've always seemed a bit geeky, which puts many everyday internet users off using them. VPN specialist Hide My Ass! (HMA!) is aiming to change that with a new version of its product aimed at people who haven't previously used a VPN.

Continue reading

UAC vulnerability in Windows 7 and Windows 10 allows for traceless code execution

broken-window

Windows' User Account Control (UAC) feature was designed to help keep computers safe from malicious software installations, but there are already at least a couple of ways to bypass it. A new technique for circumventing UAC not only makes it possible to execute commands on a computer, but to do so without leaving a single trace.

Security researchers Matt Nelson and Matt Graeber discovered the vulnerability and developed a proof-of-concept exploit. The pair tested the exploit on Windows 7 and Windows 10, but say that the technique can be used to bypass security on any version of Windows that uses UAC.

Continue reading

Hacker group Shadow Brokers auctions off NSA malware

nsa-binary

The NSA has (or had...) a collection of malware in its cyber arsenal. It has been stolen by hackers. It is now available to buy.

A group of hackers going by the name of Shadow Brokers claims to have stolen a range of hacking and malware tools from Equation Group's servers -- Equation Group is itself closely linked with the NSA. The group is offering the tools for auction and will sell them to the highest bidder. If bidding reaches one million Bitcoins, however, the group says it will make the tools publicly available to all.

Continue reading

Ransomware-as-a-service tool generates $195,000 profit in July

ransomware_keyboard_button_dollar

There are a number of high profile ransomware programs doing the rounds at the moment and we know that it can generate lucrative returns for the people behind it.

But just as in the legitimate commercial world, the as-a-service model is starting to gain traction with attackers. Security vendor Check Point is releasing details of Cerber, which it believes is the world's biggest ransomware-as-a-service scheme.

Continue reading

Over 30 percent of employees put their companies at risk by responding to phishing attacks

phishing

Phishing is one of the major security threats that enterprises now face, but according to new research from Duo Security users are putting 31 percent of organizations at risk of a data breach due to phishing attacks.

Based on feedback from the Duo Insight phishing simulation tool, the company finds that 31 percent of users clicked the link in a phishing email and worse still 17 percent entered their username and password, giving an attacker in a real-world scenario the keys to corporate data.

Continue reading

LinkedIn sues 100 individuals for scraping user data from the site

linkedin-mobile

Professional social network LinkedIn is suing 100 anonymous individuals for data scraping. It is hoped that a court order will be able to reveal the identities of those responsible for using bots to harvest user data from the site.

The Microsoft-owned service takes pride in the relationship it has with its users and the security it offers their data. Its lawsuit seeks to use the data scrapers' IP addresses and then discover their true identity in order to take action against them.

Continue reading

Traffic hijacking Linux flaw affects 80 percent of Android devices -- including Nougat

android_security

Android has had something of a rough time of things lately with the discovery of the Quadrooter vulnerability and the revelation that a flaw in version 3.6 of the Linux kernel also affects Google's mobile operating system.

Security firm Lookout estimates that 80 percent of Android devices (around 1.4 billion devices) are affected. While initial reports suggested that devices up to Android 4.4 KitKat are at risk, further testing shows that the problem still exists all the way up to Android 7.0 Nougat.

Continue reading

How to verify your HIPAA compliance

Checklist

Keeping patients’ confidential records secure is of utmost importance to healthcare organizations and the vendors who work alongside them. Not only is the proper safeguarding of information a good practice, it’s the law.

The Health Insurance Portability and Accountability Act (HIPAA) seeks to protect the sensitive data of patients and to empower healthcare practitioners to keep that information safe through strong security and privacy policies.

Continue reading

New key hack exposes 100 million Volkswagen cars

Volkswagen

Back in the day, people had to walk into a bank in order to rob it. They also had to walk into a car in order to steal it. Nowadays, people rob banks from the comfort of their home (or their parents’ basements), and it’s only a matter of time before they start hijacking cars the same way.

According to a couple of researchers, whose work has been covered by Wired recently, we’re already halfway there -- a new vulnerability has been found which allows hackers to remotely unlock 100 million Volkswagen cars.

Continue reading

Asian countries lag behind in data storage security

combination_lock

Asian nations are not very secure places to keep your digital data, a new report by secure data centre Artmotion suggests.

The report was built on data from the UN, World Economic Forum and Transparency International, among other groups. Titled Data Danger Zones, it ranks more than 170 nations on how good they are at keeping data secure.

Continue reading

Linux vulnerability lets 'anyone in the world' hijack Internet traffic

Surprised PC

Security researchers at the University of California, Riverside, have uncovered a major Linux vulnerability that enables hackers to hijack Internet traffic which, if exploited, can be used to intercept communications, launch targeted attacks, and lower Tor's anonymity. The vulnerability impacts iterations of the open-source kernel released in the past four years.

The security researchers believe that this security issue "affects a wide range of devices and hosts" -- the open-source kernel is well known for powering a significant number of servers and being at the heart of Android, the most popular mobile operating system today. The vulnerability was introduced in a TCP specification that is found in Linux versions starting with 3.6, which was released in September 2012.

Continue reading

Predictive risk technology helps fight phishing

Phishing magnified

Phishing attacks are on the increase and are becoming increasingly sophisticated. This means that older technologies such as blacklisting known phishing sites are struggling to keep up with the threat. The Anti Phishing Working Group detected a 250 percent jump in phishing sites between October 2015 and March 2016.

Fraud protection company Easy Solutions is helping to combat the problem with the public beta launch of its Swordphish predictive phishing and malware risk assessment technology.

Continue reading

© 1998-2016 BetaNews, Inc. All Rights Reserved. Privacy Policy.