New research reveals the US cities that are best at password security, with Minneapolis topping the list.

The study by password manager Dashlane scores cities based on several metrics, including average password strength and average number of reused passwords.

Continue reading →

Researchers at threat prevention specialist Preempt have discovered a flaw in Credential Security Support Provider protocol (CredSSP), which is used by Remote Desktop and WinRM in their authentication processes.

An attacker with man-in-the-middle control over the session could use this to gain the ability to remotely run code on the compromised server masquerading as a legitimate user.

Continue reading →

Off-the-shelf smart devices that include baby monitors, home security cameras, doorbells, and thermostats can be easily hacked according researchers at Israel's Ben-Gurion University of the Negev (BGU).

As part of their ongoing research into detecting vulnerabilities in devices and networks expanding in the smart home and Internet of Things (IoT), the BGU researchers disassembled and reverse engineered many common devices and quickly uncovered serious security issues.

Continue reading →

A new study into privileged access management from account protection specialist Thycotic shows that while over 60 percent of organizations must satisfy regulatory compliance requirements surrounding privilege credential access, a worrying 70 percent would fail an access controls audit.

Access to privileged accounts allows more rights and permissions than those given to standard business users, yet 51 percent fail to use a secure logon process for these accounts.

Continue reading →

Security vulnerabilities in some popular smart cameras, used as baby monitors and for security surveillance, could lead to them being exploited by hackers.

Research from Kaspersky Lab has found multiple issues with cameras, manufactured by Korean company Hanwha Techwin, that could allow attackers to obtain remote access to video and audio feeds from the cameras, remotely disable the devices and execute arbitrary malicious code on them.

Continue reading →

Thanks to a surge in healthcare attacks, cryptocurrency mining and fileless malware, McAfee Labs latest quarterly threat report has seen an average of eight new threat samples per second.

Highlights of the report include the healthcare sector experiencing a 211 percent increase in disclosed security incidents in 2017, and fileless malware leveraging Microsoft PowerShell growing 267 percent in the fourth quarter.

Continue reading →

Cloud platform Dropbox and leading CRM provider Salesforce have announced a new partnership to connect their platforms, allowing companies of all types and sizes to collaborate and connect with their customers across sales, service, marketing, commerce, and more.

Users will be able to create branded, customized Dropbox folders within Salesforce Commerce Cloud and Marketing Cloud using a new digital asset engagement solution. Folders will be available to both internal teams and external partners.

Continue reading →

It's long been known that the Chinese government has links to hacker groups, but new research into the country's national vulnerability database (CNNVD) reveals evidence of data being changed to hide influence by the country’s intelligence service.

Research by security intelligence specialist Recorded Future back in November finds that CNNVD is faster than the US national vulnerability database (NVD) in reporting vulnerabilities -- NVD trails CNNVD in average time between initial disclosure and database inclusion (33 days versus 13 days).

Continue reading →

Microsoft has stopped a large scale malware distribution campaign that tried to infect almost 500,000 Windows PCs with a cryptocurrency miner.

Windows Defender antivirus software detected 80,000 instances of several Trojans with the payload known as Dofoil or Smoke loader, at noon PST on March 6.

Continue reading →

Advertising Trojans were the top mobile malware threat in 2016, however, new figures from Kaspersky Lab show their numbers declined last year but their creators turned to improved monetization methods.

Taking advantage of super-user rights to secretly install various applications or bombard an infected device with ads to make use of the smartphone impossible, ad trojans have become a major threat and are also extremely difficult to detect and remove.

Continue reading →

Among IT professionals Malwarebytes is one of the most trusted names for malware detection and removal.

Perhaps less well known is that it also provides endpoint protection for businesses and it's now extending that to cover Apple Mac computers.

Continue reading →

Almost two-thirds (64 percent) of IT leaders say their security teams are considering implementing consumer-grade access to cloud services for employees.

According to the 2018 Identity and Access Management Index from digital security company Gemalto 54 percent of respondents believe that the authentication methods they implement in their businesses are not as good compared to those found on popular sites including Amazon and Facebook.

Continue reading →

Businesses have been adopting the cloud for many reasons, the results of a new study show that large enterprises are increasingly turning to multiple different clouds despite the complexity this creates.

The report from hybrid cloud management company Scalr shows several reasons for this approach. Half of enterprises rank disaster recovery as the top reason for implementing multiple clouds, with having a secondary platform for test/dev coming in as a close second at 46 percent.

Continue reading →

What's your identity worth? Not very much according to research by VPN comparison service Top10VPN.com.

The site has released its first Dark Web Market Price Index which reveals that an entire personal identity can be bought for just $1,200.

Continue reading →

Azure is a popular cloud platform for business, but firms need to ensure their applications, underlying cloud infrastructure and data are protected.

McAfee is addressing this by extending its Cloud Security Platform to consistently protect Azure, delivering an extensive solution to secure Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS).

Continue reading →