Articles about Security

Avast makes 'RetDec' machine-code decompiler open source on GitHub

Open source is the future of computing. Don't believe me? Three of the most important technology companies -- Microsoft, Apple, and Google -- not only license open source software, but they contribute to open source projects too. While closed source will likely never go away, it is becoming less important.

Today, popular anti-virus and security company, Avast, announces that it too is contributing to the open source community. You see, it is releasing the code for its machine-code decompiler on GitHub. Called "RetDec," the decompiler had been under development since 2011, originally by AVG -- a company Avast bought in 2016.

Continue reading

Your HP laptop may be harboring a secret keylogger in Synaptics touchpad drivers

HP laptop

If you have an HP laptop, there's a reasonable chance that you have an keylogger installed. The tool is embedded in Synaptics touchpad drivers.

Before you start panicking too much, it's worth noting that the keylogging capabilities of the tool are disabled by default, but that's not to say there's no cause for alarm. This may all sound slightly familiar; back in May, HP hit the headlines for a keylogger that was buried in an audio driver. If you want to check if you are affected by the latest privacy violation -- and what you can do about it -- read on...

Continue reading

ForeScout integrates with IBM to protect IoT devices

Internet of things

The increase in the number and variety of connected devices has made enterprise IT environments much more complex.

Maintaining security and compliance is a tricky problem and IoT security specialist ForeScout is integrating with IBM Security solutions to offer users stringer endpoint protection and automated risk mitigation.

Continue reading

Trump signs bill banning Kaspersky software

Kaspersky Labs logo

The distrust -- at least publicly -- that the US shows for Russia is well-known. Following concerns about potential espionage from the Kremlin, the government has banned the use of Kaspersky software on its systems.

This ban has now been cemented into law as President Trump signed a bill forbidding the use of Kaspersky Lab software on government computers.

Continue reading

Bad office habits increase the chance of a data breach

A new study of over 1000 US office workers finds that 99 percent of those surveyed admit to conducting at least one potentially dangerous security action, from sharing and storing login credentials to sending work documents to personal email accounts.

The survey by cloud business solutions provider Intermedia finds that 24 percent of office workers reuse the same login credentials for their work and personal accounts.

Continue reading

Poor USB security leaves enterprises at risk

flash drive and laptop

Security polices for USB devices are frequently outdated and inadequate, and enterprises are often failing to monitor their use, according to a new survey.

The study by encrypted drive specialist Apricorn reveals that while nine out of 10 employees rely on USB devices today, only 20 percent of them are using encryption on those devices. Eight out of 10 employees use non-encrypted USBs, such as those received for free at conferences, trade events or business meetings.

Continue reading

Malicious mobile apps fool consumers by imitating leading brands

mobile phone malware

By impersonating brands and fooling consumers, malicious mobile apps are on the increase, according to digital threat management leader RiskIQ in its latest Q3 mobile threat landscape report.

Apps available outside of official stores are most likely to be malicious. Google’s percentage of malicious apps decreased to a low of four percent in Q3 after reaching a high of eight percent in Q2. However, one of the most prolific creators of malicious apps worked exclusively in the Play store.

Continue reading

World's biggest botnet delivers new ransomware threat

Bot net

The latest Global Threat Index from cyber security specialist Check Point reveals that the Necurs spam botnet -- reckoned to be the largest in the world -- is being used to distribute one of the latest ransomware threats.

During the Thanksgiving holiday in the US, Necurs sent over 12 million emails in just one morning, distributing the relatively new Scarab ransomware, first seen in June 2017.

Continue reading

Chrome 63 is more secure than ever -- and uses even more memory

Google Chrome logo

Google's Chrome browser has something of a reputation for being memory-hungry. With the release of Chrome 63 this image is not going to be shed -- a new security feature increases memory usage even further.

The latest desktop version of the browser includes a new Site Isolation feature which launches individual sites -- all sites, or a specific list -- in sperate processes. While this is something that will be of particular interest to enterprise users because of the added security it brings, it's something that will appeal to any security-minded user who is willing to shoulder a 10-20 percent increase in Chrome's memory usage.

Continue reading

Huge Janus bug leaves Android apps open to unauthorized code modification

Android phone with apps

Researchers from security firm GuardSquare have discovered an Android vulnerability that allows for app code to be edited without affecting the apps' signature. Dubbed Janus, the vulnerability has massive potential for malicious use, and affects Android 5.0 onwards.

The security hole would allow an attacker to tweak an entirely legitimate app to behave maliciously without triggering any security alerts. Although vulnerability CVE-2017-13156 has been patched in December's Android update, very few people will have access to this security fix.

Continue reading

Deception Security: Modern maturity for automated detection and response

Deception in its various embodiments is becoming a critical part of organizations' security infrastructure. According to Gartner, the need for better detection and response is creating new opportunities for security stack automation, integration, consolidation and orchestration while also driving the emergence of new segments like deception.

These trends set up the perfect match of deception and automated detection and response or ADR.

Continue reading

'New Mafia' cyber attacks on businesses up 23 percent in 2017

A new report from anti-malware specialist Malwarebytes says that the volume and sophistication of cyber attacks is growing thanks to an increase in organized cyber crime it dubs the 'New Mafia'.

Ransomware attacks up to the end of October have surpassed total figures for 2016 by 62 percent. In addition, there has been an almost 2,000 percent increase in ransomware detections since 2015 -- rising to hundreds of thousands in September 2017 from less than 16,000 in September 2015.

Continue reading

Three quarters of retail organizations lack a breach response plan

As online retailers gear up for their busiest period of the year, how prepared are they to face the threat of cyber attacks?

A new study from cyber security company Tripwire reveals that just 28 percent of respondents say they have a fully tested plan in place in the event of a security breach.

Continue reading

Financial services organizations fail to properly secure SSH keys

money lock

Secure Shell (SSH) provides a secure channel for communication over unsecured networks and is therefore a popular technology in the financial services sector.

But a new study for machine identity protection company Venafi shows that even though SSH keys provide the highest levels of administrative access, they are routinely untracked, unmanaged and poorly secured.

Continue reading

'Doppelgänging' attack hides malware from security tools

Endpoint protection company enSilo has used this week's Black Hat Europe conference in London to reveal how Microsoft Windows features can be used to slip malicious ransomware and other threats past most updated, market-leading AV products.

enSilo researchers demonstrated how, by manipulating how Windows handles file transactions, they could pass off malicious actions as benign, legitimate processes, even if they use known malicious code.

Continue reading

© 1998-2017 BetaNews, Inc. All Rights Reserved. Privacy Policy.