Articles about Security

Thousands of WordPress, Joomla and Drupal sites threatened by CryptoPHP backdoor

Thousands of WordPress, Joomla and Drupal sites threatened by CryptoPHP backdoor

A large proportion of websites are built on a CMS rather than raw HTML. Three of the most common are WordPress, Joomla and Drupal, and security researchers at Fox-It warn that site administrators are at risk of being socially engineered into installing the CryptoPHP backdoor on their server.

Distributed through pirated themes and plugins, CryptoPHP's spread is thanks to the light-fingeredness of site admins. It was first detected in 2013 and is still actively spreading. The capabilities of the "well developed" backdoor include remote control of an infected server, and Blackhat SEO -- a form of illegal search engine optimization.

Continue reading

E-cigarettes can damage your PC's health


Using e-cigarettes, or vaping, is widely touted as being healthier for you than smoking tobacco, however, it may not be so healthy for your PC.

Many e-cigarettes offer a USB charging option but a story on social news site Reddit suggests that this is a potential source of malware attack. An executive's PC became infected after he'd recently given up smoking and the infection was traced to his e-cigarette charger.

Continue reading

Pro-Hong Kong websites hit by massive cyber attacks

DDoS bombs

Websites supporting the Occupy Central movement in Hong Kong have been hit with what is being described as one of the largest cyber attacks ever recorded.

The two sites, Apple Daily and PopVote, have been covering and vocally supporting the pro-democracy movement in Hong Kong. The two even carried out spoof elections for a new chief executive in the region.

Continue reading

Symantec uncovers Regin, a highly advanced stealth spying tool developed by a nation state

Symantec uncovers Regin, a highly advanced stealth spying tool developed by a nation state

Security firm Symantec has released details of an advanced cyberespionage it has discovered. Called Regin, the backdoor Trojan is described as having a structure that "displays a degree of technical competence rarely seen". Symantec goes as far as saying that the levels of resources required to create such a highly advanced tool indicate that it was created by a nation state -- although there is no suggestion about who it might be.

The report says that Regin has already been used in mass surveillance programs not by but against government organizations. Symantec estimates that the tool may have been years in development, as it delivers multi-stage attacks, and great lengths are taken to hide each stage. The framework was designed to facilitate long-term surveillance, and the concealment techniques used make Regin difficult to fully understand.

Continue reading

Businesses are failing to take security seriously enough


Companies are still failing to properly protect themselves from potential attacks and hackers, with security not being given enough weight of consideration -- and indeed, many firms haven’t even covered the fundamentals of keeping intruders out of their networks and data.

This is according to Neira Jones, a security expert who chairs the Global Advisory Board for the Centre for Strategic Cybercrime & Security Science, who criticized businesses for failing to "fix the basics" of protecting data, and lacking sufficient "cyber-security awareness programs".

Continue reading

The security challenge of business mobile devices

photo by Slavoljub Pantelic, Shutterstock

The trend towards mobile devices and BYOD is great for productivity but it creates new challenges in terms of keeping information secure.

Identity and access management specialist Ping Identity has produced an infographic looking at the vulnerabilities introduced by letting employees use mobile devices.

Continue reading

XSS vulnerabilities open the door to drive-by downloads

Web script

Cross-site scripting (XSS) vulnerabilities allow attackers to inject script into web pages in order to infect client computers.

Security company High-Tech Bridge has released a report revealing that 95 percent of XSS vulnerabilities can be used to perform sophisticated drive-by-download attacks, which infect users who open harmless-looking URLs that they trust. More worrying is that 90 percent of vulnerabilities can be exploited in such a way that even advanced users and IT professionals won't suspect anything. The structure and architecture of more than 70 percent of web applications allows the creation of a sophisticated XSS exploit that can perform several fully-automated actions, ultimately giving full administrative access to the attacker. This access can then be used by hackers to compromise the entire website and even the web server.

Continue reading

Free tool detects 'government surveillance spyware'

snoop spy eye

Free software that can detect the presence of surveillance spyware has been launched by a global coalition of human rights and tech organizations.

Organizations including Amnesty International, Privacy International, Digitale Gesellschaft and Electronic Frontier Foundation have teamed up to unveil the open source tool Detekt.

Continue reading

Mozilla, EFF and others join forces to encrypt the web with free security certificates

Mozilla, EFF and other join forces to encrypt the web with free security certificates

It has been a long time coming, but the web is slowly transitioning away from HTTP to HTTPS. Google has done it with Gmail, and Yahoo did the same with its webmail service, and security advocates would like other websites to follow suit. The problem, for smaller sites at least, is the cost involved. But a new venture between Electronic Frontier Foundation (EFF), Mozilla, Cisco, the University of Michigan and IdenTrust will eliminate the cost obstacle when it launches next summer.

The partnership has brought about the creation of Let's Encrypt, a new certificate authority that will provide free security certificates to those who need them. It is hoped that handing out cost-free certificates will encourage more sites to adopt the HTTPS protocol. But Let's Encrypt does not just eliminate the financial hurdle.

Continue reading

New venture aims to completely rethink enterprise security


Up to now cyber security has generally taken a defensive approach to protecting data and intellectual property.

That’s set to change as a team of industry experts has got together to create a system that's aimed at dramatically improving the reliability and security of enterprise data and applications running in both cloud and conventional environments.

Continue reading

Microsoft unveils Office 365 Video for secure enterprise video sharing and streaming

Microsoft unveils Office 365 Video for secure enterprise video sharing and streaming

Microsoft is giving Office 365 users an early glimpse of what it hopes will become the future of enterprise video sharing. Office 365 Video harnesses the power of SharePoint and Azure Media Services to create a tool that gives businesses a one-stop-shop for uploading, sharing, delivering and streaming videos.

A number of possible scenarios are set out by Mark Kashman, a senior product manager in the Office 365 group. From providing employees with access to training videos to delivering CEO messages, this is a flexible tool that has been designed with security and simplicity in mind. Office 365 Video is not expected to launch until early next year, but a sneak peak is available right now.

Continue reading

DGA malware evolves to get past security solutions

Malware spy

Malware developers are constantly shifting the goal posts in order to evade detection mechanisms. Part of this involves changing the domain names used to communicate with command and control servers and spread infections.

The latest trick identified by security company Seculert is the increasing use of Domain Generating Algorithms (DGAs).

Continue reading

DDoS attacks fall as defenses improve

DDoS attack

New research from DDoS protection specialist Black Lotus shows that cyber attack incidents have continued to decline throughout this year.

There were 201,721 incidents in the third quarter of this year (down from 462,621 in Q1 2014 and 276,447 in Q2). This can be attributed to the security industry's increased knowledge and filtering against NTP DrDoS types of attacks, as well as more proactive activity to stop malicious attacks before or as soon as they're detected.

Continue reading

One third of retail security breaches come from third-party vulnerabilities

cloud commerce shopping

The past year has seen a number of high profile security breaches involving retail businesses and there’s no sign of the trend slowing down.

Security ratings company BitSight Technologies has released some new research looking at the performance of 300 major US retailers over the past 12 months. It shows that 75 percent of retailers that suffered a data breach have improved their security effectiveness.

Continue reading

87 percent of the top 100 paid iOS apps available as hacked versions

mobile security

According to the third annual State of Mobile App Security report from application protection company Arxan Technologies, 87 percent of the top 100 paid iOS apps have been hacked.

Don’t feel smug if you're an Android user though as the report reveals 97 percent of the top 100 paid Android apps have been too. But whilst the Android figure is in line with previous years, the iOS percentage represents a jump from 2013 when 56 percent were found to have been hacked.

Continue reading

© 1998-2014 BetaNews, Inc. All Rights Reserved. Privacy Policy.