Articles about Security

Privacy: Apple now treats WebKit tracking circumvention as a security issue

Apple logo in squares

Apple has updated its WebKit policy, increasing the company's focus on privacy. The new WebKit Tracking Prevention Policy now states that any circumvention of its anti-tracking feature is treated in the same way, and as seriously, as security issues.

The aim is to prevent web tracking completely because "these practices are harmful to users because they infringe on a user's privacy without giving users the ability to identify, understand, consent to, or control them". Apple says it wants "to see a healthy web ecosystem, with privacy by design".

Continue reading

Deception technology speeds up detection of attacks

Deception man woman

Users of deception technology report a 12X improvement in the average number of days it takes to detect attackers operating within an enterprise network.

New research for Attivo Networks carried out by Enterprise Management Associates suggests attacker dwell times can be as low as 5.5 days with deception in use compared to an average of 78 to 100 days for those not using the technology.

Continue reading

Over 3,800 data breaches reported in the first half of 2019

Data breach

2019 is on track to be another 'worst on record' year for data breaches according to a new report from Risk Based Security which finds the number of reported breaches has gone up by 54 percent and the number of exposed records by 52 percent compared to the first six months of 2018.

It shows 3,813 breaches have been reported in the first six months of 2019, exposing more than 4.1 billion records. Eight breaches alone have exposed over 3.2 billion records, 78.6 percent of the total, between them.

Continue reading

C-Suite in the hot seat -- Execs' responsibility regarding digital security

Are you killing your numbers? Crushing your targets? Growing your team? Leading with authenticity and building a loyal following? What a shame it is that your tenure may already be over.

While you were busy winning and shredding the competition, a cybercriminal breached your network. Don’t be too embarrassed, it happens to almost everyone these days. The average "dwell time" of an intruder is more than 100 days, so it’s hard to know exactly when that bucket of ice water was tossed on your dreams. Unfortunately, even if you’re doing everything right, recent examples illustrate that our jobs are on the line when hackers come a knockin’.

Continue reading

Norman the Cryptominer uses sophisticated techniques to avoid discovery

cryptocurrency mining

Researchers at Varonis have released information on a new cryptominer variant, which the team has dubbed 'Norman', that uses various techniques to hide and avoid discovery.

Norman was discovered during investigations of an ongoing cryptomining infection that had spread to nearly every device at a midsize company.

Continue reading

Education is top target for cyberattacks

teacher and students

The education sector has become one of the most sought after targets for cybercriminals, according to the latest report from Malwarebytes Labs.

In the first half of 2019, the top three largest categories of threats identified among education institutions' devices are adware (43 percent), Trojans (25 percent) and backdoors (three percent). However, ransomware dropped to less than one percent in this period -- though it was higher both before and after the study.

Continue reading

Personal data breaches and securing IoT devices

IoT devices

The Internet of Things (IoT) is taking the world by storm as interconnected devices fill workplaces and homes across the US. While the intention of these devices is always to make our lives easier, their ability to connect to the internet turns them into ticking time bombs, lying in wait until their weaknesses can be exploited by opportunistic hackers.

Personal data breaches are skyrocketing in America, increasing by 60% in the last year and by 157 percent since 2015. As our interconnectivity grows, so do the opportunities that our technology will be hacked. Since every IoT device is connected to the internet, each one is vulnerable to external access if not secured properly. In the rush to manufacture these devices and get them onto the market, security has been an afterthought which needs to be urgently addressed if the number of yearly data breaches is to be tackled.

Continue reading

Free VPN apps pose a privacy risk on both Android and iOS

VPN tiles

Both Apple and Google are allowing numerous potentially unsafe free VPN apps to remain in their app stores, despite being aware of privacy risks according to research from Top10VPN.com.

Among the string of serious privacy issues uncovered but not acted upon is the discovery that nearly 60 percent of the most popular free VPN apps are secretly Chinese-owned.

Continue reading

British Airways e-ticketing leaves passengers' sensitive data at risk

BA plane

Less than a year on from a breach which exposed the details of hundreds of thousands of customers, British Airways systems are still leaving passengers' personal information at risk.

New research from mobile security provider Wandera has discovered an e-ticketing system vulnerability that leaves passengers' personally identifiable information (PII) exposed.

Continue reading

Connectivity could make digital cameras vulnerable to ransomware

Digital camera user

Modern digital cameras with wireless and USB capabilities could be vulnerable to ransomware and malware attacks, enabling attackers to hold precious photos and videos to ransom.

Check Point Research reveals that the standardized protocol known as Picture Transfer Protocol (PTP) used to transfer digital images from camera to PC has critical vulnerabilities.

Continue reading

Apple widens the scope of its bug bounty program, and increases top payout to $1 million

Apple money

Bug bounty programs are a common way for companies to learn about problems with their hardware and software, while giving people the chance to get paid for finding them. Apple is one of the big names to run such a program, and it has at long last expanded it to included macOS.

The iPhone-maker made the announcement at the Black Hat security conference, where it also revealed that not only will its bug bounty program spread to tvOS, watchOS and iCloud as well, but also that the maximum reward is increasing to a cool $1 million.

Continue reading

Almost half of employees have access to more data than they need

Access management

A new study of over 700 full-time US employees reveals that that 48 percent of employees have access to more company data than they need to perform their jobs, while 12 percent of employees say they have access to all company data.

The survey by business app marketplace GetApp also asked employees what classifications of data protection are in place at their company. No more than a third of businesses were found to use any one individual data classification.

Continue reading

Load balancer flaw could lead to major breaches at large organizations

data breach

A security flaw in the F5 Networks’ BIG-IP load balancer, which is popular among governments, banks, and other large corporations, could be exploited to allow network access.

F-Secure senior security consultant Christoffer Jerkeby has discovered the issue in the Tcl programming language that BIG-IP's iRules (the feature that BIG-IP uses to direct incoming web traffic) are written in. Certain coding practices allow attackers to inject arbitrary Tcl commands, which could be executed in the security context of the target Tcl script.

Continue reading

Ransomware turns its sights on large organizations

Ransomware sign

Detections of ransomware aimed at businesses rose by a massive 363 percent between the second quarter of 2018 and the same period this year. Meanwhile consumer ransomware is down 34 percent.

The latest quarterly threat report from Malwarebytes also sees a 235 percent overall increase in threats aimed at organizations from enterprises to small businesses, with ransomware as a major contributor.

Continue reading

Half of companies won't move mission critical workloads to the cloud

cloud stop sign

A new report from enterprise file sharing platform FileCloud looks at cloud and data security and finds that 50 percent of companies don’t plan on moving mission critical workloads to the public cloud.

The survey of 150 professionals from industries including health care, financial services and educational institutions finds that shifts in perceptions of data security are impacting movement to the cloud.

Continue reading

© 1998-2019 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.