Bug bounty programs have become a popular way for companies to unearth security issues in software and address them quickly. Google is no stranger to such programs, and it has just announced massive increases to the payouts made for finding vulnerabilities in Chrome.
Some rewards have doubled while others have tripled, taking the maximum compensation for reporting a security flaw in Google's web browser -- and other Chromium-based browsers -- to an impressive $30,000.
Slack has just been made aware of additional information about a security breach that took place back in 2015, forcing the company to reset the passwords of around 1 percent of its users.
The company announced earlier this year that it has a daily userbase of over 10 million people, so this means that a huge number of users are affected by the incident no matter how much Slack tries to downplay it.
Microsoft has revealed that it has issued warnings to nearly 10,000 people that they are the targets or victims of state-sponsored hacking.
The announcement comes as Microsoft showcases election systems running Microsoft ElectionGuard which not only helps to increase security, but also makes voting more accessible. Microsoft reveals that the vast majority of the state-sponsored attacks targeted enterprise customers, but there were still a significant number of regular consumers affected.
This second patch addresses issues with the RingCentral and Zhumu videoconferencing tools. These apps suffered from a very similar vulnerability, putting users at risk, so Apple has stepped in once again to neutralize the problem.
Increasing volumes of business network traffic are now directed at the cloud and companies need a cost effective way to secure them.
Symantec is announcing updates and innovations across its portfolio of products, giving enterprises the ability to enforce zero trust security policies across SaaS applications, corporate applications hosted in the cloud, email and the internet.
Enterprises around the world are gaining control of previously unmonitored and unsupported cloud applications and mobile devices in their IT environments according to a new report.
The 2019 Trusted Access report from Duo Security looks at more than a million corporate applications and resources that Duo protects. Among the findings are that cloud and mobile use has resulted in 45 percent of requests to access protected apps now coming from outside business walls.
I have a confession to make: I’m a PC anti-vaxxer. I just don’t trust all those patches and security "fixes" software companies want to foist upon my innocent little laptop. I mean, how do I know one of those updates won’t harm it? Most software platforms are now so complex, it’s nearly impossible to tell the impact a new library or DLL might have.
What if a patch makes my PC slower? I’ve heard about at least one "fix" -- to some made-up sounding bugaboo called "Spectre" -- that caused PCs to lose compute cycles. My little laptop struggles to handle daily life as it is. The thought of further handicapping it by compromising its processing speed seems downright cruel.
If the word MouseJack seems familiar, it's because it as been around for a while. It is a remote access hack that emerged a few years back that took advantage of a vulnerability in some Logitech wireless dongles, as well as hardware from other manufacturers.
Being at least three years old, you would expect that patches would have been addressed -- and they were. But a large number of devices are still at risk because Logitech failed to recall the affect units that were on sale so there's a chance that if you bought a Logitech wireless keyboard, mouse or standalone dongle in the last few years, you could be at risk.
As data protection legislation tightens and breaches continue to make headlines, there is increased pressure on businesses to implement security by design in their applications.
For many this has meant a move to DevSecOps. We spoke with Rusty Carter, vice president of product management at application security specialist Arxan to find out why this approach is becoming essential.
You may well have suspected it, but now Google has confirmed it -- contractors for the company are able to listen to what you say to Google Assistant.
The revelation came after recordings of people using the AI-powered digital assistant were leaked. Belgian broadcaster VRT News obtained a large number of Dutch language recordings and was able to hear highly personal information about users -- even if they had not used the "OK Google" trigger words.
Microsoft appears to be at it again, adding telemetry components into its operating system. This time around it is Windows 7 that gets the telemetry treatment, and Microsoft seems to have gone about things in a rather sneaky fashion.
The latest "security-only" update for Windows 7 includes a Compatibility Appraiser element (KB2952664) which performs checks to see whether a system can be updated to Windows 10. Hardly what most people would consider a security-only update. So what's going on?
New data from the Capgemini Research Institute reveals that 69 percent of organizations believe that they won't be able to respond to critical cyber threats without AI.
Over half (56 percent) of executives say their cybersecurity analysts are overwhelmed by the vast array of data they need to monitor to detect and prevent intrusion. In addition, the type of cyberattacks that require immediate intervention, or that cannot be dealt with quickly enough by analysts, have increased
You might think that cyber attacks are a constant year round activity, or perhaps that they are focused on peak shopping periods like Christmas. But a new study from threat protection specialist Lastline reveals many security professionals believe their organizations are more at risk in summer.
In a survey of 1,000 security professionals more than half believe cyber attacks are seasonal and 58 percent of those (30.5 percent overall) say that they see more attacks during the summer months.
Apple has disabled the Walkie-Talkie app for Apple Watch after a vulnerability that potentially allows for eavesdropping on iPhone conversations emerged.
The company says that it is not aware of any incidents of the vulnerability being exploited, and it has not shared any details of the security issue. Apple's short-term solution is to simply disable the app while it works on a fix.
A few days ago, a security issue with the Zoom chat tool came to light -- a flaw that made it possible for Mac webcams to be switched on without permission. Despite seemingly suggesting that the flaw was in fact not a flaw, Zoom issued an update that grants users more control over the software.
Apple has also produced an update of its own which nukes the security hole. The silent update has been pushed out to users and is installed without the need for confirmation or user interaction.