Articles about Security

Three-quarters of organizations not confident in dealing with SSL-based attacks


Despite 39 percent of businesses suffering an SSL-based attack in 2016, only 25 percent feel confident in their ability to deal with one according to a new study.

The report from cyber security company Radware shows that cyber attacks are becoming the norm, with 98 percent of organizations experiencing some form of attack in 2016.

Continue reading

Uncovering the cost and profitability of DDoS attacks

DDoS keyboard

DDoS attacks are a popular cyber criminal technique, used either to cause a distraction for a different crime or demand a ransom for calling off or not launching an attack.

New research from Kaspersky Lab reveals how profitable this activity can be. Researchers studied the DDoS services on offer on the black market and looked at how far the illegal business has advanced, as well as the extent of its popularity and profitability.

Continue reading

Instagram ups security with two-factor authentication


Just about every app and online service offer two-factor authentication (2FA) as a security measure these days, and Instagram is the latest to join the party.

After numerous instances of hacking for other services, it's little surprise that Instagram wants to offer its users an extra level of protection. Once enabled, users are required to enter a six-digit code that is sent to their mobile via SMS, greatly eliminating the risk of unauthorized access.

Continue reading

Apple says it has already fixed CIA's Mac and iPhone hacks revealed by WikiLeaks


Yesterday WikiLeaks published the second batch of its Vault 7 documents, Dark Matter, revealing information about Apple-related hacks used by the CIA. This time around, the documents focus on hacks for MacBooks and iPhones, and comes two weeks after the initial batch of documents came to light.

Apple previously said that it had addressed "many of the issues" from the first Vault 7 leaks, and now the company has said much the same regarding the second batch. Despite promises from Julian Assange, it seems that WikiLeaks has not been in contact with Apple to provide further details about the exposed vulnerabilities.

Continue reading

WikiLeaks' Dark Matter documents reveal CIA hacks for Macs and iPhones


It's only a couple of weeks since WikiLeaks unleashed the first batch of its Vault 7 CIA documents, revealing the agency's spying and hacking capabilities. Now the organization has released a second cache of files dubbed Dark Matter, and they show that the CIA has developed tools for hacking Apple products.

Bold and exciting names like Sonic Screwdriver, DerStarke, Triton and DarkSeaSkies are the monikers given to attack the firmware of MacBooks and iPhones. What's particularly interesting about the documents is that they appear to show that the CIA had the ability to exploit Apple hardware and software a full decade ago.

Continue reading

eBay now recommends mobile over token-based two-factor authentication -- should you switch?


Two factor authentication strikes the right balance between convenience and security, which is why so many services offer it nowadays. But its implementation differs. Many companies have SMS or app-based systems, others prefer tokens, and some offer both as an option.

eBay falls in the third category, allowing users to receive the security code for the second authentication stage via SMS or a token. However, the company is now recommending users switch to the former method, touting its convenience as the main reason to abandon the token. But, should you take the advice?

Continue reading

New generation of cyber highwaymen could threaten parcel drones

ParcelHero pirate drone

Robbing the mail has a long and dishonorable history dating back to the days of the stagecoach. But UK-based online parcel broker ParcelHero is warning that automated delivery drones and droids could see the rise of a new breed of high-tech highwaymen.

The development of devices that alter the drone or droid's instructions, or simply stop them dead, is seen as inevitable. With UK online retail sales now worth more than £130 billion a year, if deliveries are to become largely automated and just one percent of items are waylaid using new technology, that's over £1bn of goods stolen a year.

Continue reading

Apple: iCloud is safe, but your passwords may not be


A group of hackers that goes by the name Turkish Crime Family, claims to have access to hundreds of millions of iCloud accounts, and it wants Apple to pay $75,000 in Bitcoin or Ethereum or $100,000 in iTunes gift cards to delete the compromised credentials.

This may lead one to believe that the collective has managed to hack iCloud, but according to Apple there "have not been any breaches" in any of its systems. "The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services."

Continue reading

New platform protects industrial IoT devices

Internet of Things

Internet of Things devices are the latest threat vector that businesses have to deal with, introducing a potential extra weakness into corporate networks and leading experts to warn of increased risk.

To help guard against the threat, Mocana Corporation is introducing a new security platform designed to protect IoT devices and associated device-to-cloud communications.

Continue reading

71 percent of Android phones on major US carriers have out of date security patches

Android logo phone

Slow patching of security flaws is leaving many US mobile users at risk of falling victim to data breaches according to the findings of a new report.

The study from mobile defense specialist Skycure analyzed patch updates among the five leading wireless carriers in the US and finds that 71 percent of mobile devices still run on security patches more than two months old.

Continue reading

User-Agent based attacks are a low-key risk that shouldn't be overlooked

security eye

Old, unpatched vulnerabilities allow hackers to take over systems using the User-Agent string -- an elementary part of virtually every HTTP request.

It is a known fact that while the majority of vulnerabilities discovered or reported are fixed by the vendor and a patch is issued, many systems end up not being patched in a timely manner or even at all, for that matter. There are many possible reasons for that, the most common being:

Continue reading

DoubleAgent exploit uses Windows' Microsoft Application Verifier to hijack antivirus software


Security researchers at Cybellum have revealed details of a zero-day exploit that makes it possible for an attacker to take full control of antivirus software. The technique can be used to take control of just about any application, but by focusing on antivirus tools, the illusion of safety offered to victims means they are likely to be completely unaware of what is happening.

The attack works by exploiting the Microsoft Application Verifier that's built into Windows. It is possible to replace the tool with a custom verifier which can then be used to inject malicious code into any chosen application. A number of well-known antivirus tools -- including Avast, BitDefender, ESET, Kaspersky, and F-Secure -- are vulnerable, while patches have been released for others.

Continue reading

Three penetration testing tips to out-hack hackers

Hacker silhouette

It should come as no surprise that hackers have been busy lately. According to my go-to resource on hacking stats, the Identify Theft Resource Center, breaches jumped from 780 in 2015 to 1,093 in 2016. Is there a way to take a proactive approach to data security that doesn’t involved investing in more firewalls or virus protection software and ultimately get to the real-source of vulnerabilities?

Yes and yes. The answer is penetration testing, or pen testing for short. It’s a white-hat approach that challenges organizations to expose the vulnerabilities inside their own systems by understanding how a cybercriminal could exploit their internal information.

Continue reading

Three UK suffers new data breach


A couple of bizarre incidents happened to Three users in the UK recently, and the media are suspecting the company might be facing a new data breach.

According to a report by The Guardian, some customers, logging into their accounts, were "presented with the names, addresses, phone numbers and call histories of strangers."

Continue reading

Businesses make automated security a part of DevOps

Security Lock

Mature development organizations make sure automated security is built into their DevOps practice early, everywhere and at scale, according to a new report by Sonatype.

The report, entitled 2017 DevSecOps Community Survey, is based on a poll of 2,292 IT professionals, and also says IT organisations continue to struggle with data breaches.

Continue reading

© 1998-2017 BetaNews, Inc. All Rights Reserved. Privacy Policy.