Articles about Security

Why the future of security is biometric

CSZ infog header

With the security of IDs and passwords increasingly under scrutiny, more people are becoming interested in using biometrics to verify their identity and authorize payments.

Technology education course guide Computer Science Zone has produced an infographic looking at the advantages of biometrics and how they are gaining in popularity.

Continue reading

Online retail fraud up nearly a third in the 2019 holiday season

Fraud stop

A new study shows a 29 percent increase in suspected online retail fraud during the start of the 2019 holiday shopping season compared to the same period in 2018, and a 60 percent increase over the same period from 2017 to 2019.

The findings from iovation, the fraud prevention arm of TransUnion, are based on the online retail transactions analyzed for its e-commerce customers between Thanksgiving and Cyber Monday over the last three years.

Continue reading

Your iPhone 11 Pro tries to collect location data even when all location services are disabled

Security researcher Brian Krebs has discovered a peculiarity with the iPhone 11 Pro and its collection of location data.

In what is described as a "possible privacy bug", Krebs found that the iPhone 11 Pro seeks location data even when system services and apps are configured to never request this information -- the location arrow icon can be seen popping into view at unexpected times. Curiously, despite seemingly contradicting its privacy policies, Apple says that it is by design.

Continue reading

Weak passwords leave UK businesses at risk of cyberattack

Stealing password from code

Millions of people and hundreds of thousands of businesses in the UK are using cracked or weak passwords for their online accounts according to new research.

Cybersecurity and data analytics CybSafe has conducted a blind-analysis of the passwords used by over 21,000 staff at a sample group of 250 UK businesses, and finds that three quarters are employing staff with vulnerable password combinations -- either passwords which are too simple, or which have been compromised in previous data breaches.

Continue reading

New tool helps in the fight against weak passwords

Written passwords

Poor passwords frequently provide hackers with a way into networks. In order to help security teams and penetration testers identify them, Trustwave is launching a new cracking tool.

CrackQ is a queuing system to manage password cracking that works with the Hashcat tool which uses the power of GPUs to crack passwords.

Continue reading

Get 'Cybersecurity: The Beginner's Guide' ($29.99 value) FREE for a limited time

It's no secret that there is a huge talent gap in the cybersecurity industry. Everyone is talking about it, including Forbes Magazine, TechRepublic, CSO Online, DarkReading, and SC Magazine, among many others. Additionally, Fortune CEO's like Microsoft's Satya Nadella, McAfee's CEO Chris Young, Cisco's CIO Colin Seward and others shine a light on it from time to time.

Cybersecurity: The Beginner's Guide puts together all the possible information regarding cybersecurity, such as why you should choose it, and how can you can get involved with it.

Continue reading

Cyber attacks become more targeted with data theft as the goal

Cyber attack

Mass cyber attacks are now being outnumbered by targeted attacks, with 65 percent of the total in the third quarter of 2019 being targeted, compared to 59 percent in the previous quarter.

The latest threatscape report from Positive Technologies also shows data theft grew to 61 percent of all attacks on organizations and 64 percent of all attacks on individuals (compared to 58 and 55 percent respectively in the second quarter). The share of attacks with direct financial motivation was 31 percent.

Continue reading

Why digital transformation and security should go hand-in-hand [Q&A]

DevSecOps

Digital transformation is becoming an essential part of many business initiatives and of course security is a high priority too. You would think that two such essential areas would exist in close harmony, but it isn't always the case.

In the age of digital transformation security can get left behind. So, what can businesses do to ensure that new digital initiatives are secured from the start? We spoke to John Worrall, CEO at application and infrastructure security specialist ZeroNorth to find out more.

Continue reading

Unencrypted SMS database found online, exposing millions of US text messages

Text messages

A huge database of text messages and user data has been discovered online, completely unprotected and free for anyone to browse.

Found by researchers from vpnMentor, the database belongs to US communications company, TrueDialog. Among the exposed data are not only tens of millions of SMS messages, but also private information including usernames and passwords.

Continue reading

RCS is being implemented dangerously, leaving users vulnerable to attack

RCS messaging

Security experts from Security Research Labs (SRLabs) have warned that carriers are implementing RCS (Rich Communication Services which will supersede SMS) in ways that risk leaving users exposed to all manner of attack.

The German hacking research collective issues the stark warning that "RCS technology exposes most mobile users to hacking". This is not because of inherent problems with the messaging protocol, but with the ways in which it is being implement.

Continue reading

Why mobile healthcare apps are at risk [Q&A]

health apps

Cyber-attacks represent a real threat to unprotected healthcare mobile apps. The overall operational integrity of these apps is at risk, but there's also a significant risk of malicious attacks on the medical devices themselves, personal health information, and intellectual property.

We spoke to Rusty Carter, VP of product management at Arxan to find out more about the risks and how they can be addressed.

Continue reading

A quarter of UK smaller businesses don't have an IT disaster plan

disaster plan

Almost one in four of UK SMEs -- around 1.4 million businesses -- don't have an IT disaster recovery plan in place. Yet, 80 percent of businesses who suffered a major incident ended up failing within within 18 months, according to the Association of British Insurers.

A survey of over 1,100 IT workers by technology services provider Probrand also finds 54 percent reveal that their disaster plan isn't regularly tested to identify and fix any potential flaws in their DR process.

Continue reading

Forecasting the cloud security landscape in 2020

cloud magnifier

Every year, threat actors will continue to evolve their current tactics, techniques, and procedures (TTPs) that they use in order to exfiltrate customer, company and partner data, interrupt business operations, implant ransomware, and more. In fact, cybercrime damage costs are predicted to hit $6 trillion annually by 2021, according to research from Cybersecurity Ventures. In 2020, as cybercriminals refine their methods, we will continue to see a plethora of breaches occur due to a common vulnerability: misconfigurations.

Despite organizations running an average of 40 percent of their workloads in the public cloud, most companies fail to be able to accurately identify the risk of misconfiguration in public cloud as higher than the risk in traditional IT environments. In the new year we will also see a greater focus placed on identity in cloud security -- a challenge that’s easier said than done, since approaches that worked in traditional data center environments do not translate to the cloud.

Continue reading

Cybersecurity is not top priority for enterprises say CISOs

Enterprise security

Chief information security officers (CISO) are regularly being summoned by the board of directors to provide recommendations for the business, but this doesn’t mean cybersecurity is being prioritized.

A new study of over 300 cybersecurity executives by 451 Research for Kaspersky finds 60 percent of respondents say business leaders need input from their CISO most often when an internal cybersecurity incident happens, while 57 percent schedule meetings with the board on a regular basis, and 56 percent are requested to provide their expert opinions on future IT projects.

Continue reading

Browser push notification scams triple in 2019

Browser push

Fraudulent browser push notifications as a means of delivering phishing and advertising are becoming more common, up from 1.7 million in January to 5.5 million in September this year according to the latest Kaspersky research.

Push notifications were introduced several years ago as a useful tool to keep site visitors informed with regular updates, but today are often used to bombard people with unsolicited advertisements or encourage them to download malicious software.

Continue reading

© 1998-2019 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.