A security researcher has discovered a way to get around Windows' AppLocker security system. Casey Smith found that it was possible to use Regsvr32 to call up a remotely hosted file that could be used to run any application -- malicious or otherwise -- of your choice.
This is something that will be a concern to companies, many of whom rely on AppLocker as it restricts what users are able to run on their computers. What is particularly concerning is the fact that the exploit does not require administrator privileges, and doesn't make any changes to the registry which makes it difficult to detect.
The use of bounty programs to track down security vulnerabilities in websites and software is increasingly common these days, and it's a tactic employed by Facebook. One bounty hunter -- or penetration tester -- hacked his (or her… they are anonymous) way into the social network and made the shocking discovery that someone had already installed a backdoor.
Orange Tsai managed to compromise a Linux-based staff server and found there was already a piece of malware in place syphoning off usernames and passwords. These account details were being transmitted to a remote computer, and after revealing this to Facebook, Tsia pocketed $10,000 as a reward.
When it came to the San Bernardino iPhone, Apple was ready to dig in its heels and refuse to help the FBI to gain access to the encrypted contents. As it turns out, the company needn’t have bothered shouting as a third party helped instead. Now the same thing has happened with another iPhone.
This time around, the Justice Department had been looking for help accessing an iPhone at the center of a drugs case in New York. But now federal prosecutors have said they no longer need Apple’s help as they have managed to get by the lockscreen.
According to a survey by the cloud hosting firm UKFast, nearly half of businesses are clueless as to where their data is located.
To come to its findings, the company surveyed over 300 IT decision makers in EU businesses, with 47 percent of them unaware of where their personal and company data was hosted.
In its latest quarterly Mobile Data Report, Wandera has revealed a significant rise in apps leaking credit card data on enterprise mobile devices.
The company, which specializes in mobile data security and management, compiled the report by analyzing the data usage trends and traffic patterns across its global network of enterprise mobile devices. Between Q4 2015 and Q1 2016, there has been a 17 percent increase in apps and mobile websites leaking credit card data.
There are a lot of questions still to be answered about the San Bernardino iPhone that saw the FBI and Apple go head to head. After something of a battle, the FBI found someone to crack the iPhone. But who exactly did it? How did they do it? Will Apple be told how to do it in private? But one question that has also been lurking in the background is just how much it cost to hack into a single iPhone.
Now we know the answer. Not precisely, but we have a pretty good idea. Perhaps unsurprisingly, cracking the iPhone at the center of one of the most interesting technology cases in recent history, was not cheap. In a somewhat roundabout way, FBI Director James Comey revealed that the cost was more than $1.34 million.
More than a third (38.5 percent) of merchants don’t even know what type of risks new technologies such as mCommerce bring. They most likely wouldn’t recognize a fraud threat even if they were right in the middle of it.
Those are the conclusions written in the new 2016 Mobile Payments & Fraud Survey, released by Kount. The figures are quite a surprise, knowing that mobile fraud increased by 81 percent between 2011 and 2015.
According to Google’s online transparency report, Google.com had been considered a "partially dangerous" website.
In the report under the Safe Browsing section, the company listed its own website as one that could be dangerous to its visitors followed by a list of site safety details along with testing details.
Remote access Trojans (RATs) have been used for many years to allow attackers to gain access to and take control of user’s systems.
Usually RATs are delivered when a user opens an email attachment or downloads a file from a website or peer-to-peer network. This involves direct delivery of the payload which makes detection easier.
Large hospitals often have thousands of workstations used by multiple employees to access confidential patient data, so securing them can be a major challenge.
Endpoint security specialist Duo Security has compared its customers in healthcare with those in other industries to determine how the sector differs in its security requirements.
The modern internet user is somewhat paradoxical -- looking to be more connected and contactable than ever before, whilst simultaneously seeking privacy. Can the two ideas live side by side? It's a tricky balancing act, but many people turn to VPN tools to increase their security and privacy online.
Opera is the first web browser to bundle a free VPN tool as standard (with unlimited VPN data, no less), and it's hard to imagine that the competition won’t follow suit. Nothing has yet been announced, but the appearance of versions of Chrome or Firefox with integrated VPN would hardly be a surprise -- or would it? And how would you feel about a VPN tool supplied by Google?
Free Wi-Fi hotspots are the biggest security threat for mobile workers, according to new reports.
The recently released iPass Mobile Security Report says that 62 per cent of organizations are banning their mobile workers from using free Wi-Fi hotspots, with another 20 percent planning on doing the same in the future.
Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) have collaborated alongside the machine learning startup PatternEx to demonstrate how an artificial intelligence platform that makes use of continuous input from human experts would be able to predict cyber attacks better than the systems that exist today.
CSAIL and PatternEx are calling their new AI platform AI² due to how it combines the intuition of analysts with artificial intelligence.
One in three Americans indulges in some form of risky password practice, such as writing them down, according to the results of a new survey.
The report from access control specialist SecureAuth finds that Americans are exasperated with conventional online password management. It reveals that 74 percent rely on means other than memory to manage their online passwords, 35 percent write passwords down and 25 percent use the same password across several accounts.
EFF (the Electronic Frontier Foundation) has filed a Freedom of Information (FOIA) lawsuit against the Justice Department. The digital rights group wants to learn whether the government has made use of secret court orders to force tech companies to provide access to encrypted user data.
After the Apple vs the FBI battle, there has been renewed interest in how companies handle not only encryption, but government requests for access to such data. With services such as WhatsApp enabling end-to-end encryption, attention has now switched to what might be happening in the background without users' knowledge. While Apple very publicly refused to provide decryption keys, EFF -- and others -- are concerned that secret court orders may be used to hide what is really happening.