Articles about Security

Finance remains top target for phishing attacks as scammers exploit GDPR

credit card phishing

New figures from Kaspersky Lab show that more than a third (35.7 percent) of phishing attempts in the second quarter of 2018 attempts were related to financial services via fraudulent banking or payment pages.

The IT sector was second hardest hit, with 13.83 percent of attacks targeting technology companies, a 12.28 percent increase compared to Q1.

Continue reading

New application helps developers avoid vulnerable GitHub code

code

We reported last week on a new tool to help spot vulnerabilities present in active open source systems.

To prevent problems from being introduced into new systems, open source governance specialist Sonatype is launching a tool to enable developers to identify and avoid using open source components that have known vulnerabilities.

Continue reading

How you can be hacked via your fax machine

Fax machine

Unless you are in regular touch with the 1980s it's probably a while since you gave much thought to using fax machines.

Even then you might think your biggest worry would be a paper jam. But new research from Check Point released at Def Con in Las Vegas reveals organizations and individuals could be hacked via their fax machines, using newly discovered vulnerabilities in the communication protocols used in tens of millions of fax devices globally.

Continue reading

Over 10,000 vulnerabilities disclosed this year so far

data threat

2018 looks like it's on track to be another record year for vulnerabilities, with over 10,000 disclosed in the half year to June.

The newly released 2018 mid-year VulnDB QuickView report from Risk Based Security shows that 16.6 percent of the reported vulnerabilities received CVSSv2 (Common Vulnerability Scoring System) scores of between 9.0 and 10.0, which is a drop from previous years. However, the severity of the vulnerabilities disclosed still remains significant.

Continue reading

Hijack attack aims to grab bank details via routers

Web redirect

Researchers at DDoS protection specialist Radware have uncovered an attack aimed at Brazilian bank customers that seeks to steal credentials via a compromised router.

It employs malware that targets DLink DSL modem routers using exploits dating back to 2015. A malicious agent attempts to modify the DNS server settings in the routers of Brazilian residents, redirecting all their DNS requests through a malicious server.

Continue reading

The most malware infected cities in the US

A new report from EnigmaSoft -- makers of the SpyHunter anti-malware product -- reveals the US cities with the highest rates of malware infection.

Systems in Atlanta, Orlando, and Denver are most likely to be infected, with Louisville, Wichita, and Anchorage having the lowest infection rates.

Continue reading

Free tool checks for critical open source vulnerabilities

Close inspection

Every month details emerge of dozens of new security vulnerabilities, and open source software is not immune from these.

In order to help companies stay up to date and ensure vulnerabilities are patched quickly, open source security specialist WhiteSource is launching a free tool that provides companies with immediate, real-time alerts on the 50 most critical vulnerabilities published in the open source community.

Continue reading

Organizations struggle with 'cyber hygiene’ basics

cyber hygiene

Almost two-thirds of organizations are failing to use established benchmarks to set security baselines and are struggling to maintain visibility into their networks, according to a new report.

The study, carried out for security and compliance specialist Tripwire by Dimensional Research, looks at how organizations are implementing security controls that the Center for Internet Security (CIS) refers to as 'cyber hygiene.'

Continue reading

Manufacturing industry at greater risk of cyberattacks

Industrial internet of things

Manufacturing businesses are seeing higher-than-normal rates of cyberattack-related reconnaissance and lateral movement activity.

This is due to the convergence of IT with IoT devices and Industry 4.0 initiatives, according to a new report from AI-powered attack detection specialists Vectra.

Continue reading

Facial recognition tool helps penetration testing

Facial recognition of mask

Using fake social media profiles is a common technique among hackers in order to gain the confidence of targets and direct them to credential stealing sites.

For security and penetration testing teams to replicate this is time consuming as often people have profiles across multiple sites. Ethical hacking specialist Trustwave is using a new tool called Social Mapper that can correlate profiles across multiple sites and make analyzing a person's online presence easier.

Continue reading

Lure of cybercrime leads security professionals to become 'gray hats'

Cybercrime cash

The attractions and profitability of the digital underworld are leading some security practitioners to become 'gray hats' and get involved in cybercrime according to a new report from Malwarebytes.

The study carried out by Osterman Research finds that in the UK as many as one in 13 security professionals are perceived to be gray hats. Globally, mid-sized organizations (those with 500 to 999 employees) are getting squeezed the hardest, and this is where the skills shortage, and the allure of becoming a gray hat, may be greatest.

Continue reading

Americans value their personal data above their wallets

personal data

When asked which items would concern them most if stolen, 55 percent of Americans responding to a new survey named personal data, compared to 23 percent their wallet, 10 percent their car, and just six percent each their phone or house keys.

The study by cyber security and application delivery company Radware  surveyed over 3,000 US adults finds that social security numbers are the data people value most with 54 percent saying they would be most concerned if this was stolen.

Continue reading

BBC recommends using VPNs after HTTPS switch leaves it blocked in China

BBC breaking news

Since switching all of its sites to secure HTTPS rather than plain old HTTP, the BBC has found that it is completely blocked online in China.

The corporation has issued a statement recommending that people in the region looking to access its services should turn to either a VPN, or the censorship-busting app Psiphon.

Continue reading

92 percent of enterprises struggle to integrate security into DevOps

DevSecOps

A large majority of organizations are struggling to implement security into their DevOps processes, despite saying they want to do so, according to a new report.

The study commissioned by application security specialist Checkmarx looks at the biggest barriers to securing software today depending on where organizations sit on the DevOps maturity curve.

Continue reading

Uncovering the secret life of Twitter bots

Twitter logo over cryptocurrency coins

How do you know if you're reading tweets from a real person or a bot? As bot technology becomes more sophisticated it's increasingly hard to tell.

Researchers at Duo Security have collected and analyzed data from 88 million public Twitter accounts using machine learning to spot the tactics used by malicious bots to appear legitimate and avoid detection.

Continue reading

© 1998-2018 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.