Articles about Security

Opera for Android now includes a free and unlimited VPN

Opera VPN

Opera has added a free VPN service to the Android version of its mobile web browser. Opera 51's newly-added VPN is not only free from charges, it is also free from limitations.

The feature has been added as the Norwegian software developer seeks to improve the security and privacy of web browsing for its users. The company says that it "marks a new standard for privacy and security in mobile browsing".

Continue reading

SoftNAS vulnerability lets attackers bypass authentication

cloud lock

Researchers have uncovered a vulnerability in the SoftNAS Cloud data storage platform that could be used to gain access to the webadmin interface without valid user credentials.

Security technology company Digital Defense found the previously undisclosed vulnerability which arises if customers have not followed SoftNAS deployment best practices and have openly exposed SoftNAS StorageCenter ports directly to the internet.

Continue reading

Free tool protects businesses against ransomware and other threats

ransomware key

Ransomware and other threats like adware and cryptominers are still a major threat to businesses. But smaller companies may be struggling to find the resources to combat them.

To address this problem Kaspersky Lab is today releasing the next generation of its free Kaspersky Anti-Ransomware Tool for Business.

Continue reading

Insider threats pose the biggest security risk

insider threat

According to a new study 91 percent of IT and security professionals feel vulnerable to insider threats, and 75 percent believe the biggest risks lie in cloud applications like popular file storage and email solutions including Google Drive, Gmail and Dropbox.

The report from SaaS operations management specialist BetterCloud also shows 62 percent of respondents believe the biggest security threat comes from the well-meaning but negligent end user.

Continue reading

8 out of 10 top vulnerabilities target Microsoft products

Black Microsoft shop logo

Prioritizing vulnerabilities can be difficult if you don't know which ones are being actively exploited. The latest annual research from Recorded Future looks at the top vulnerabilities and which products they are targeting.

In 2018, the company observed more exploits targeting Microsoft products compared to Adobe ones. Eight out of 10 vulnerabilities exploited via phishing attacks, exploit kits, or RATs were targeting Microsoft products.

Continue reading

Addressing the skills gap with advanced web attack training now available online

training key

There is a shortage of cybersecurity professionals and coupled with the exponential growth in web applications used within businesses and by consumers around the world, there's a growing risk of flaws being exploited.

To combat this problem penetration testing specialist Offensive Security is making its Advanced Web Attacks and Exploitation (AWAE) training available as an online course.

Continue reading

Hackers are exploiting critical WinRAR bug exposed last month

WinRAR

Towards the end of last month, security researchers revealed details of a critical bug in that stalwart of the compression world, WinRAR. The bug is many years old and although it relates to the rarely-used ACE format and has since been patched, it has been discovered hackers are actively exploiting it since it was made public.

The 19-year-old bug in the file UNACEV2.DLL (CVE-2018-20250) allows for an attacker to execute malicious files hidden in compressed archives. Over 100 exploits have been found that take advantage of people who are yet to update to a secure version of the software... and that number is growing. McAfee reports attackers using Ariana Grande's album "Thank U, Next" as a lure to encourage victims to extract dangerous archives, but other security researchers report the use of images.

Continue reading

Gearbest issues response to data breach

Sorry

Following on from yesterday's story about eCommerce site Gearbest leaking customer data the company has issued an official response to ethical hacker Noam Rotem’s report.

It says that its own servers are secure but that, "external tools we use to temporarily store data" may have been accessed by others leading to security having been compromised.

Continue reading

A fifth of Americans don't trust anyone to protect their data

Broken trust

Around 20 percent of Americans suffer from security fatigue and don’t trust anyone to protect their personal data according to a new study.

The research from hardware security company nCipher Security reveals that many people want more control over their personal data privacy and most want tighter controls on how others handle and safeguard their personal data.

Continue reading

Gearbest security flaw leaks millions of order and user details

Gearbest site

A badly configured server at Gearbest, the Chinese purveyor of technology and other stuff online, has leaked millions of user profiles and order details.

White hat hacker Noam Rotem discovered an Elasticsearch server that was -- indeed still is at the time of writing -- leaking millions of records each week. These include customer data, orders, and payment records. The server wasn't protected with a password, potentially allowing anyone to search its data.

Continue reading

Businesses plan to use more AI and machine learning in cybersecurity this year -- even though they don't understand it

AI security

The use of more artificial intelligence to improve security has been touted for a while. New research from Webroot reveals that a majority of business are now actively exploring the technology.

It finds 71 percent of businesses surveyed in the United States plan to use more artificial intelligence and machine learning in their cybersecurity tools this year. However, a worrying 58 percent say that aren't sure what that technology really does.

Continue reading

Analysis of Remote Access Trojans helps understand third-party business risk

Recorded Future RAT header

Remote Access Trojans (RATs) are often used to steal information from enterprise networks. By looking at network metadata, analysts at threat intelligence firm Recorded Future have been able to identify RAT command-and-control (C2) servers, and more crucially, which corporate networks are communicating to those controllers.

This offers insight about third-party organizations that Recorded Future clients can use to get a better understanding of potential third-party risk to their own data.

Continue reading

Brits are more scared of spiders than cybercrime

Spider web

Cybercrime and hacking has overtaken flying, dogs and clowns in the top 10 list of things the British are most scared of, but still only ranks in sixth place behind spiders, heights, snakes, dentists and small spaces.

Arachnids top the list despite there being less than a one-in-a-million chance of being bitten by a spider badly enough to warrant going to hospital in the UK.

Continue reading

Stricter payment requirements in Europe could drive fraud elsewhere

mobile payments

From September this year the second Payment Services Directive (PSD2) comes into force across the EU. This will require payment service providers to offer strong customer authentication (SCA) and third-party access to bank accounts or risk losing their their payment provider license.

But a new report today from fraud prevention company iovation suggests that stricter requirements for fraud prevention in Europe will drive fraud to other regions such as the US.

Continue reading

Researchers find two Android malware campaigns with over 250 million downloads

app frustration

Check Point Research has uncovered two massive mobile adware and data stealing campaigns, which have already had a combined total of over 250 million downloads globally.

Both target mobiles using Android, and exploit the mobile app development supply chain to infect devices and perform malicious actions.

Continue reading

© 1998-2019 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.