Articles about Security

In a sea of messaging apps, WhatsApp remains one of the most widely used, its popularity buoyed by end-to-end encryption. Meta has now added a new feature aimed at "those who are particularly privacy-conscious".

There is a new option to protect your IP address by hiding it from other WhatsApp users during calls. This is important as IP addresses can reveal quite a lot, including location. While the new call relaying privacy measures are likely to be welcomed, there are a couple of significant caveats to keep in mind.

Continue reading →

It’s no secret the depreciation of third-party cookies has been a popular topic of conversation in the industry. Now, however, Google is making changes that will eventually lead to the demise of third-party cookies. The tech giant is rolling out its Privacy Sandbox initiative in the latest version of Chrome and for Android. With any big privacy change, there is a ton of controversy and impending regulations that may mean the Privacy Sandbox is not the futureproof solution brands hope it is.

So, what can IT teams do to help marketers take back control of their data collection strategies and ethically reach customers during this time of change?

Continue reading →

"Are we secure?" For most security leaders, this is one of the most daunting questions they can be asked. While it may seem like a basic inquiry for those in leadership positions, for those on the ‘cybersecurity front line’, thinking in these terms is far too vague and oversimplifies a complex and ever-evolving threat landscape.

Instead, management and IT teams need to shift their thinking to a far more appropriate measure of security:  "Are we adversary aligned?" But what does adversary alignment really mean?

Continue reading →

With the release of the latest Canary build of Windows 11, Microsoft has introduced welcome new security options. The first gives administrators the option of requiring encryption of all outbound SMB client connections.

The second is the arrival of support for Discovery of Network-designated Resolvers (DNR) which allows for the automatic discovery of encrypted DNA servers. Eliminating the need for manual configuration is an ease-of-use move that makes adoption more likely.

Continue reading →

It’s almost impossible to escape the hype around artificial intelligence (AI) and generative AI. The application of these tools is powerful. Text-based tools such as OpenAI’s ChatGPT and Google’s Bard can help people land jobs, significantly cut down the amount of time it takes to build apps and websites, and add much-needed context by analyzing large amounts of threat data. As with most transformative technologies, there are also risks to consider, especially when it comes to cybersecurity.

AI-powered tools have the potential to help organizations overcome the cybersecurity skills gap. This same technology that is helping companies transform their businesses is also a powerful weapon in the hands of cybercriminals. In a practice, that’s sometimes referred to as offensive AI, where cybercriminals use AI to automate scripts that exploit vulnerabilities in an organization’s security system or make social engineering attacks more convincing. There’s no doubt that it represents a growing threat to the cybersecurity landscape that security teams must prepare for.

Continue reading →

Google is preparing to launch a new Chrome feature which will give users the ability to hide their IP address. Previously known as Gnatcatcher, the feature is now called IP Protection and makes use of proxies to help prevent online tracking.

IP Protection is described as "a privacy proxy that anonymizes IP addresses for qualifying traffic". One of its primary aims is to limit the possibility for fingerprinting as a means of tracking users online, which is something that has become increasingly common as steps are taken to block, and even kill off, third-party cookies.

Continue reading →

The news last month of yet another cyberattack on MGM Resorts, initiating a system shutdown and disrupting its operations, is yet another in a very long list of attacks that we have witnessed in the past couple of years.  Having the right preventive and defensive cybersecurity measures in place for such attacks is a given, and it is what most organizations focus on. But it is also about understanding how the organization will recover from an incident and how they can limit the extent of an attack. 

Today, being impacted by a cyberattack is almost inevitable. The global average cost of a data breach in 2023 was $4.45 million, a 15 percent increase over 3 years, according to IBM. Therefore, companies also need to think about how they can proactively recover, how quickly they can recover, and the cost of recovery to the business.

Continue reading →

Today, Global Encryption Day 2023, marks the perfect opportunity to reflect on what has been a highly challenging year for the technology.

Encryption acts as a fundamental safeguard of data privacy, securing data both during transmission and while at rest. It often serves as a primary defense against hackers and is indispensable in preventing unauthorized access to sensitive information. With the risk of reputational damage and massive fines for those who are breached, it is essential for any organizations looking to ensure regulatory compliance.  

Continue reading →

In this new era of generative artificial intelligence, one of the biggest security risks involves business email compromise attacks. Countless malicious phishing emails are already being cloned, refined, and delivered by smart AI bots around the world.

A business email compromise (BEC) is a sophisticated cybercrime that uses emails to trick the receiver into giving up funds, credentials, or proprietary information through social engineering and computer intrusion techniques. Many BEC attacks combine multi-channel elements to make the frauds seem more convincing, such as incorporating fake text messages, web links, or call center numbers into the mix with email payloads. For example, the attackers might spoof a legitimate business phone number to confirm fraudulent banking details with a victim.

Continue reading →

A new report goes some way to showing that the BitLocker security feature of Windows 11 could be massively reducing the performance of SSDs.

An investigation found that the data encryption tool, which is enabled by default in Windows 11 Pro, can slow solid state drives by as much as 45 percent. While it would be reasonable to expect a bit of a performance drop overall as the software works away encrypting and decrypting files, few people would expect the hit to be quite so significant.

Continue reading →

Cybersecurity Awareness Month does precisely what its name suggests. It serves as a reminder of the sector's importance for businesses and consumers across the globe.  

As we look back on yet another year where threats have continued to evolve, and the task at hand seems greater than ever -- it's important to take cognizance of the cyber-dangers out there and recognize our roles in the fight against 'hackers'. 

Continue reading →

It’s the 20th anniversary of Cybersecurity Awareness Month, and it’s safe to say a lot has changed in the cybersecurity industry since then. For example, just over the last year, we have seen the meteoric rise of generative AI and the huge impact it is already having on the cybersecurity industry.

Aaron Kiemele, CISO at Jamf, argues that now with the rise of generative AI, the threat posed by techniques such as phishing has completely changed: "With the advancements in large language models for machine learning, such as ChatGPT, cybercriminals are leveraging AI to automate attacks, analyze vast amounts of data, and craft more effective phishing emails or malware to achieve their nefarious ends. We can no longer rely on bad spelling or sketchy formatting."

Continue reading →

The Meta-owned messaging app WhatsApp has joined the growing legions of apps and services to support passkeys.

Initially available to Android users, the passwordless authentication feature makes it possible to secure a WhatsApp account with face recognition, a fingerprint or a PIN. It is a security feature that is billed as not only offering greater protection than passwords, but also being faster to use.

Continue reading →

It can be frustrating to buy a new phone only to discover that there is an OS update to install before you can start using it. For iPhone users this could soon be a thing of the past thanks to an innovative new system developed by Apple.

The recently released iPhone 15 suffered with an overheating issue that was later fixed with a software update, putting the onus on owners of new devices to download and install the patch. But a new "proprietary pad-like device" will allow Apple Stores to install the latest software on handsets without the need to open the box.

Continue reading →

Microsoft now has a bug bounty program that aims to find issues in artificial intelligence. Specifically, the Microsoft AI Bounty Program is focused on tracking down vulnerabilities in the company’s own AI-powered "Bing experience". This catch-all term covers a surprising number of products and services.

Interestingly, with this bounty program Microsoft is only offering rewards for the discovery of vulnerabilities considered Critical or Important. Those that are deemed of Moderate or Low severity will go unrewarded.

Continue reading →