Computers come with a lot of pre-installed software these days -- it's a trade-off for low pricing that forces OEMs to make deals with companies like McAfee, Norton and others. However, some of what comes with that new desktop or laptop is actually there to help you. Dell pre-installs diagnostic software to aid in a problematic situation.
Apparently Malwarebytes doesn't see it that way. The security software is recognizing this as a problem for your system -- and it is, or was. The problem is that older versions had a vulnerability that could allow malicious code execution. Dell has since updated its software to close the hole, which was recently discovered by a security researcher.
Malware is something computer users -- and even mobile and tablet owners -- are now more aware of than ever. That said, many people do not give a second thought to installing a browser extension to add new features to their most frequently used application. Despite the increased awareness, malware is not something a lot of web users think of in relation to extensions; but they should.
Since the beginning of 2015 -- just over three months -- Google has already received over 100,000 complaints from Chrome users about "ad injectors" hidden in extensions. Security researchers have also discovered that a popular extension -- Webpage Screenshot -- includes code that could be used to send browsing history back to a remote server. Google is taking steps to clean up the extension store to try to prevent things like this from happening, but security still needs to be tightened up.
Traditional endpoint protection is usually reliant on the use of signature-based detection systems. But of course these don't spot zero day attacks that can slip in before the antivirus software catches up.
Security solutions provider Endgame is using its extensive experience providing security intelligence and analytics solutions to the US government to offer an enterprise solution focusing on protecting critical infrastructure, enabling customers to detect and respond faster to unknown threats, and preventing damage and loss.
Amazon's AWS cloud offering is hugely popular, with over a million users. But it presents a security challenge for IT teams as it uses a 'shared security model' protecting the underlying infrastructure but relying on users to secure anything they place on there.
Security startup AlienVault is aiming to make protecting AWS systems easier with the launch of its Unified Security Management for AWS, offering asset discovery, vulnerability assessment, behavior monitoring, alerting and integrated threat intelligence.
Companies are constantly on the lookout for new methods of interacting with their customer base but it can be hard to integrate these with existing systems.
Cloud communications firm Nexmo is launching a new API that allows a chat application to interact with a customer service platform.
Largely due to the exposés in the media following Edward Snowden's NSA revelations, there is now great interest in security and privacy. From this sprang a new breed of report -- transparency reports detailing the number of data requests legal and governmental agencies made about a particular service.
Google, Facebook, Yahoo, Microsoft and Apple are among the companies who have released transparency reports, and the latest name on the list is Snapchat. As with other similar reports there is a limit to what they are able to reveal, but it does show that various agencies had an interest in no fewer than 666 Snapchat accounts.
When The Pirate Bay was taken down in late 2014, IsoHunt announced the Open Bay Project, a way for internet users to collaborate and make sure the torrenting service was always available on a domain.
Now that The Pirate Bay is back online, it looks like some of these pet projects are being used by hackers as a way to steal users’ bank information. The hackers are using the iFrames plugin for WordPress to embed malicious content on WordPress sites without the current update.
A security audit of TrueCrypt has determined that the disk encryption software does not contain any backdoors that could be used by the NSA or other surveillance agencies. A report prepared by the NCC Group for Open Crypto Audit Project found that the encryption tool is not vulnerable to being compromised.
However, the software was found to contain a few other security vulnerabilities, including one relating to the use of the Windows API to generate random numbers for master encryption key material. Despite this, TrueCrypt was given a relatively clean bill of health with none of the detected vulnerabilities considered severe enough to lead "to a complete bypass of confidentiality in common usage scenarios".
Google says that it is keen for Android to be a secure platform for developers and end users alike. It's not a unique claim; Apple would likely say much the same about iOS, and Microsoft about Windows Phone/Windows 10 for Phones.
To demonstrate how fervently it has been working away at improving security and introducing new security-focused features, Google today published a report looking back on Android security in 2014. Dubbed the Android Security State of the Union 2014, it makes for interesting reading. It includes the revelation that nearly 10 million Android devices have potentially harmful apps installed.
Google no longer recognizes security certificates issued by CNNIC, China's domain name registry. The news comes after unauthorized certificates were issued for Google domains, and at the time Google said that CNNIC contractor MCS Holdings had issued the certificates.
What was worrying was the fact that MCS Holdings installed private security keys in a man-in-the-middle proxy rather than keeping them secure. MCS said that human error was to blame, but Google is taking no chances. The search giant is, for now at least, no longer recognizing certificates from the agency.
Keeping systems secure is still heavily reliant on the use of passwords. But in order to be secure these need to be complex which makes them hard to remember.
An answer to the problem may lie with a product from enterprise software platform suppler MicroStrategy. Called Usher it replaces traditional passwords with biometric mobile identity and multi-factor authentication, and offers streamlined security administration.
Cloud security firm Skyhigh Networks has released its Cloud Adoption and Risk Report for Q1 2015, with some unsettling findings in terms of the risks businesses are taking.
The report is compiled by analyzing real-world cloud usage over some 17 million employees, and for the first time in this sixth report, it delved into the risk to enterprises posed by business partners connected via the cloud. This follows a spate of recent data breaches which have been the fault of a third-party, of course.
Last week we reported on the PoSeidon malware threatening credit card security by stealing transaction details.
Charles Henderson vice president of managed security testing at information security specialist Trustwave believes that there's a bigger underlying problem with the way retailers implement PoS systems putting them at risk.
People are becoming increasingly concerned about their security. They use two-step authentication, login alerts, and third-party security services to better protect their email and social media accounts. One would hope for a similar -- if not more secure -- level of protection from our banks. After all, this is the place where we put most of our earnings and savings. However, apparently we are all mistaken. Mobile security firm Appvigil is reporting that as many as 70 percent of the top 100 mobile banking apps on the Android operating system in the APAC region are vulnerable to security attacks and data leaks. Don’t live in the said region? That’s no reason to relax. The report further pinpoints vulnerabilities in mobile banking apps found in other regions as well.
The security firm tested the mobile banking apps of the top 29 Indian banks and 71 more in the Asia Pacific region and the results are staggeringly bad. "Most of the mobile banking apps failed and many didn’t employ even the basic security checks expected. The communication between the apps & their servers is still in the unencrypted format i.e. in HTTP instead of HTTPS", the report reveals.
We're all increasingly concerned about our privacy and the footprint that we leave on the internet. It's not surprising then that more of us are turning to anonymous proxies to hide our origin IP and HTTP details.
But new research from website security company Incapsula has uncovered a darker side to the use of anonymizers as a source of DDoS attacks.