Articles about Security

3 data leaks that could be undermining your online privacy

data leak tap

Protecting your online privacy is important. There has been a lot of discussion in recent years about how to stay safe online, and an increasing number of people are turning to Virtual Private Networks to keep their browsing data hidden from advertisers and overzealous intelligence agencies.

However, your privacy could still be at risk even behind the protection of a VPN. There are three common vulnerabilities that can leak information about you online: WebRTC and DNS leaks which affect VPN users, and app data leaks which can affect anyone and everyone. Read on to find out more about these three types of data leak, and what steps you can take to prevent them.

Continue reading

How contact centers have become a prime target for hackers [Q&A]

call center

With growing security threats and compliance being taken seriously, companies are more aware than ever of the need to protect their data.

This means hackers must work harder to try to steal information and contact centers are in the front line. We spoke to Ben Rafferty, chief innovation officer at security and compliance specialist Semafone to find out how contact centers are under threat and what can be done to protect them.

Continue reading

Dark web tags harm website performance and put data at risk

Downloading

Website tags, small pieces of JavaScript code or small images, are often used to collect information about users. But they can add to load times and if misused can be a security risk too.

A new study from digital governance specialist Crownpeak reveals over 1,700 'dark web' tags found on websites belonging to companies in the Fortune 100, causing a total average website latency of 5.2 seconds.

Continue reading

Roses are red, violets are blue, Valentine scammers are out to trick you

Heart phone

A Nigeria-based gang of scam artists, known as Scarlet Widow, have been using romance scams to trick victims out of large amounts of cash.

Secure email company Agari has uncovered the scam which involves posting fake personas on the largest dating websites like Match, eHarmony, and OKCupid.

Continue reading

Only one in three organizations is confident of avoiding a data breach

data breach

A majority of organizations are not confident in their ability to avoid major data breaches according to a new study.

The report for breach avoidance company Balbix, based on research from the Ponemon Institute, shows that 68 percent feel their staffing is not adequate for a strong cybersecurity posture and only 15 percent say their patching efforts are highly effective.

Continue reading

Dirty_Sock vulnerability in Canonical's snapd could give root access on Linux machines

Dirty Sock

A security researcher has discovered a vulnerability in Canonical's snapd package which could be exploited to gain administrator privileges and root access to affected Linux systems. The security issue has been dubbed Dirty_Sock and assigned the code CVE-2019-7304.

Chris Moberly found a privilege escalation vulnerability in the snapd API. This is installed by default in Ubuntu -- under which proofs of concept have been tested and found to work "100% of the time on fresh, default installations of Ubuntu Server and Desktop" -- but may also be present in numerous other Linux distros.

Continue reading

User data exposed in 500px security breach... that happened in the middle of last year

500px

The photo sharing site 500px has revealed details of a security breach that took place in mid-2018.

The company says that its engineering team only became aware of the breach -- which is thought to have taken place around July 5, 2018 -- a few days ago. 500px launched an investigation in conjunction with a third party and police, and says that "an unauthorized party gained access to our systems and acquired partial user data".

Continue reading

Security worries hold back second-hand mobile device market

Mobile security

According to the results of a new study, 58 percent of global consumers have yet to trade in an old mobile device, though 64 percent report they would be willing to do so if more stringent data management processes were in place.

The research by data erasure specialist Blancco shows 66 percent of respondents have some concern that data on their old devices might be accessed or compromised after trade-in.

Continue reading

VFEmail hack wipes out all of the email provider's US servers

Holding email icon

Email provider VFEmail has been hit by a huge attack that resulted in all of the data it stores in the US being wiped out.

Describing the attack as "catastrophic", VFEmail revealed that a hacker had breached its security and succeeded in deleted not only primary data systems, but also the backups. The attacker was caught in the act, and it was possible to intervene before damage was caused to servers in other countries. But for VFEmail users whose data was stored in the US, the news is far from good.

Continue reading

Could the 3D video selfie replace 2FA?

Selfie

The industry is constantly looking for ways to bolster login security. Multi-factor authentication and knowledge-based systems are popular but can be cumbersome, so how about using something you carry around all the time, yourself -- or indeed yourselfie?

Identity specialist Jumio is launching Jumio Authentication, a video-selfie authentication tool enabling users to verify themselves during high-risk transactions and unlock everything from online accounts to rental cars, replacing passwords on any device.

Continue reading

Unmanaged open source code could put companies at risk

code

More than half the code found in commercial software packages is open source, but if it isn’t properly tracked businesses might be in the dark on the number of vulnerabilities and license compliance issues that exist in their applications.

Software supply chain specialist Flexera has released a report looking into the state of open source license compliance, based on analyzing data from 134 software audits.

Continue reading

Phishing gets more personal and harder to detect

Phishing

An analysis of phishing attacks in the final quarter of 2018 reveals the majority of attacks showed an increase in target personalization, making them considerably more difficult to detect.

The study by email protection start up INKY shows 12 percent of phishing attacks in the period took the form of corporate VIP impersonations, 10 percent were sender forgery and six percent were via corporate email spoofing.

Continue reading

Three stages of risk-based vulnerability management: Crawl, Walk, Run

The market is saturated with hundreds of security products, and companies spend billions of dollars each year on cybersecurity spend (expected to top $100 billion by 2020). Yet breaches and hacks are still in the news every day, because cybersecurity is such a tough problem. Organizations have a massive and exponentially growing attack surface -- there are a myriad of ways by which networks can be breached. Analyzing and transforming the enterprise cybersecurity posture is not a human-scale problem anymore. An enterprise vulnerability management program is the cornerstone for any modern cybersecurity initiative and helps security teams proactively understand and improve their security posture to avoid breaches and protect the business from brand and reputation damage, as well as loss of customer trust.

Understanding and acting on data output from your vulnerability assessment scanner is a critical component of your vulnerability management program. However, if your scanner is identifying vulnerabilities by the thousands every time a scan completes, your team will soon be left overwhelmed and struggling with how to proceed. Failure to address vulnerabilities in a timely manner due to the high volume of alerts is very problematic.  And of course, most of these vulnerabilities are bogus or merely theoretical. Traditional vulnerability management programs leave you drowning in data, but starving for insights.

Continue reading

Machine learning tool helps prioritize vulnerabilities

data threat

One of the keys to keeping systems secure is to effectively prioritize vulnerabilities. Given the volume, with 16,500 new vulnerabilities disclosed in 2018 alone, though this is a tough task.

To help businesses focus on the highest risks, Tenable is launching a new Predictive Prioritization tool that uses machine learning to zoom in on the three percent of vulnerabilities with the greatest likelihood of being exploited in the next 28 days.

Continue reading

New cloud app helps businesses understand their IT environments

network

As systems become more complex it can be hard for enterprises to understand their IT environment, which presents a problem for operations and security teams.

Cloud-based security specialist Qualys is launching a new IT Asset Inventory cloud application to provide quick analysis of complex and interconnected global IT environments, and help collaboration on security remediation efforts.

Continue reading

© 1998-2019 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.