There is lots of talk surrounding the level of protection offered by leading mobile operating systems Android and iOS. Whether it is about a new vulnerability, or new security features, it does not take you long to find an authoritative comment assessing their security capabilities.
That is, however, not the case with Windows Phone, which is hardly -- if ever -- given similar levels of attention. It can be argued that this is due to the low popularity of the tiled smartphone operating system, which borders on 3 percent market share, making it a significantly less-attractive target. Nonetheless, there is now an assessment of Windows Phone's security that we can rely on, coming from Eugene Kaspersky.
Users of iOS, beware. An unfixed vulnerability has been found in the Mail app, which allows hackers to steal passwords by sending an email.
The flaw was first noticed by Ernst and Young forensic bod Jan Soucek. He has created a tool capable of generating slick iCloud password phishing emails he says exploits an unpatched bug.
Security firms are supposed to keep us safe from threats like malware and hacker attacks, but occasionally they fall foul of the bad guys too. A year ago Avast was hacked, and some 400,000 user details were stolen. Two years ago, AVG and Avira had their websites taken over by pro-Palestinian hackers.
The latest security firm to be hacked is Russian anti-virus software maker Kaspersky Lab.
As the role of Information Technology continues to grow and evolve within business, the potential risks associated with accessing, storing, sharing and protecting information are similarly increasing. In order to better equip themselves to adjust to these kind of threats, businesses need to consider the various risks they might be vulnerable to and implement a reliable strategy to deal with these effectively and efficiently.
Firstly, let’s consider a few threats. In each of the scenarios below, a vulnerability can result in a serious risk to your business:
We reported last month that new security standards for the payment card industry, known as PCI DSS, were coming into force by the end of June.
Security company Rapid7 has produced an infographic looking at PCI compliance, cybersecurity and new related requirements for penetration testing. Based on data from the Verizon 2015 PCI Compliance Report it sets out four things enterprises should know about going into PCI compliance.
Microsoft’s past attempts at protecting Windows users from malware have been patchy at best. However, with Windows 10 the company is offering a new way to help protect its customers from dynamic script-based malware and other forms of cyberattack.
AMSI (Antimalware Scan Interface) is an interface standard that allows applications and services to integrate with any existing antimalware product on your PC. Those apps can call the new Windows AMSI APIs at any time to scan for malware.
As the launch of Windows 10 draws ever-nearer, we're hearing more about Microsoft Edge and less about Internet Explorer. Edge (formerly known as Project Spartan) may be the default browser in the upcoming version of Windows, but the browsing stalwart that is IE will live on nonetheless.
Anyone using the Windows 10 preview has had a chance to use the HTTP Strict Transport Security (HSTS) in Microsoft Edge, and today the security feature comes to Internet Explorer 11 in Windows 7 and Windows 8.1. This security protocol protects against man-in-the-middle attacks and is being delivered to users of older versions of Windows through an update in the form of KB 3058515.
The first quarter of this year saw a 165 percent increase in new ransomware driven largely by the new, hard-to-detect CTB-Locker ransomware family, a new ransomware family called Teslacrypt, and the emergence of new versions of CryptoWall, TorrentLocker and BandarChor.
This is the main finding of the latest McAfee Labs Threats Report released today by Intel Security. Among other highlights are a 317 percent increase in Adobe Flash malware samples and the emergence of new efforts to exploit hard drive and SSD firmware.
Networking specialist Cisco is announcing new products to provide embedded enterprise security from the data center out to endpoints, branch offices and the cloud.
The company used this week's Cisco Live conference to announce that it's adding more sensors to increase visibility; more control points to strengthen enforcement; and pervasive, advanced threat protection to reduce time-to-detection and time-to-response, limiting the impact of attacks.
Mobile security is starting to get attention, but still doesn't garner the same amount as the computer does. That doesn't mean it shouldn't be a concern, only that the average user isn't looking at it that way. However, we're starting to see that landscape slowly changing, with phones coming with built-in security software.
The latest will be devices from Chinese manufacturer ZTE, as the company has partnered with security firm AVG, which has long offered mobile apps to protect consumers.
The latest DDoS Threat Landscape Report from security specialist Incapsula reveals that whilst 71 percent of network layer attacks last under three hours, 20.4 percent last for more than five days.
At an estimated cost of $40,000 per hour according to Incapsula, the total cost of these attacks can run into millions of dollars. The longest attack recorded lasted for 64 days.
With iOS 9, Apple is improving the mobile operating system in a number of areas. As well as optimizing battery life and storage efficiency, making Siri more intelligent and beefing up multitasking, Touch ID-enabled iPhone and iPad owners will feel the benefit of improved security.
When iOS 9 launches in the fall, the minimum length of passcodes increases from four digits to six. It is already possible to use passcodes of more than four digits, but enforcing a stronger policy from the offset illustrates the importance Apple now places on security.
When it comes to the web, you expect U.S. Government sites to be very secure. Hell, with all of the money we taxpayers pay, the websites should be the most secure in the world. Unfortunately, this is not the case. You see, not only are many .gov websites not secure, they do not even universally use HTTPS. In other words, there are shopping sites more secure than those of the most powerful nation in the world.
Today, however, this changes. Barack Obama's White House has completed a new standard that all U.S. government websites will be forced to follow. While it is embarrassing that this is only happening in 2015, it is better late than never.
According to Gartner, businesses spent more than $70 billion on cyber security tools in 2014, and collectively lost nearly $400 billion as a result of cyber crime. This suggests that existing security technologies are struggling to cope with the growing number of cyber threats.
Californian company Menlo Security is launching an new approach which it calls Isolation Platform, a technology that claims to eliminate the threat of malware from key attack vectors, including web and email.
Skype users, beware. There are nefarious links being spread around through Skype, and if you click them you will be presented with a lot of adware. However, there are good news, and bad news here.