Articles about Security

If you’re at all familiar with genealogy then you'll likely know both Ancestry and Family Tree Maker -- they an integral part of the pastime. Unfortunately, independent review site WizCase recently discovered an open and unencrypted ElasticSearch server that belonged to Software MacKiev, the owners of Family Tree Maker.

The leak exposed thousands of records including email addresses, user locations, and other sensitive personal information. FTM was owned by Ancestry.com until 2016 when Software MacKiev took it over, and the software is still used to upload databases to the Ancestry online trees.

Continue reading →

Charities handle billions in funds every year and hold financial and personal information that cybercriminals increasingly see as a tempting target. Yet, according to the UK's Charity Commission only 58 percent of charities think they are at risk from cybercrime.

But for a sector, whose success is built on its reputation and the goodwill of its supporters, the loss of any sensitive information or fraud through phishing attempts can be devastating.

Continue reading →

A serious vulnerability dubbed BootHole has been discovered in the GRUB2 bootloader. Millions of systems run the risk of being exposed to hackers -- primarily those running Linux, but Windows is also affected. Discovered by security researchers at Eclypsium, the BootHole vulnerability has been assigned CVE-2020-10713 ("GRUB2: crafted grub.cfg file can lead to arbitrary code execution during boot process") and a CVSS rating of 8.2.

The flaw can be exploited to gain arbitrary code execution during the boot process, even when Secure Boot is enabled and virtually all Linux distributions are affected. But more than this, the vulnerability also leaves Windows systems that make use of Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority open to attack.

Continue reading →

It's important for security teams to be able to respond quickly and effectively to threats and part of being able to do that is having good intelligence.

With this in mind, Netenrich is launching two new tools, Knowledge Now (KNOW), a free global threat intelligence tool, and Attack Surface Intelligence (ASI) combine to deliver rich, actionable context for faster, more proactive response to known and emerging cyber threats.

Continue reading →

We've been talking about the cybersecurity skills gap for more than a decade, but new research from the Information Systems Security Association (ISSA)  and independent industry analyst firm Enterprise Strategy Group (ESG) reveals it's not going away.

The shortage has impacted 70 percent of organizations, with consequences including increasing workloads, unfilled open job vacancies and an inability to learn or use cybersecurity technologies to their full potential.

Continue reading →

If you have tried to install the Windows cleanup utility CCleaner recently, you may have noticed that Microsoft Defender springs into action warning you that it is a potentially unwanted application (PUA).

This is not the first time Piriform CCleaner has got on the wrong side of Microsoft -- it was previously blocked from being mentioned in the Microsoft Community forums. The Avast-owned software has been popular with people seeking to tidy up and optimize Windows 10 for a number of years, so what's going on and why does Microsoft flag it up as a PUA?

Continue reading →

Researchers at password manager NordPass have identified a total of 9,517 unsecured databases containing 10,463,315,645 entries with such data as emails, passwords, and phone numbers.

The databases are found across 20 different countries, with China being at the top of the list -- the country has nearly 4,000 exposed databases. This means that potentially more than 2.6 billion users could have had their accounts breached.

Continue reading →

Digital transformation combined with a shift to more remote working has presented considerable challenges for enterprises when it comes to securing their systems.

One of the technologies being increasingly used to enable remote access is Secure Access Services Edge (SASE). We spoke to Anurag Kahol, CTO and co-founder of cloud security company Bitglass to find out more about SASE and how it can help businesses deliver their transformation projects.

Continue reading →

As more organizations move their operations to the cloud and networks become more fragmented, ensuring safe, secure access to systems becomes more difficult.

Secure access specialist Pulse Secure is launching a new Pulse Zero Trust Access (PZTA) solution. A cloud-based, multi-tenant secure access platform that enables organizations to provide users with easy, anywhere access to multi-cloud and data center applications.

Continue reading →

A new survey of over 300 security professionals reveals that 93 percent feel they lack the tools to detect known security threats, and 92 percent say they are still in need of appropriate preventative solutions to close current security gaps.

The study from security operations center specialist LogRhythm also finds that 75 percent of security professionals now experience more work stress than they did just two years ago.

Continue reading →

Secure Access Service Edge (SASE) technology is increasingly being used to enable secure and fast cloud adoption, helping ensure both users and devices have safe cloud access to applications, data and services from anywhere.

Cybersecurity company Forcepoint is entering this market with a new suite of SASE solutions, including a Cloud Security Gateway and zero trust Private Access features.

Continue reading →

Developers frequently make use of open source components in order to speed up projects and save them having to reinvent tasks. But this can lead to the introduction of hidden security risks.

Now though open source marketplace xs:code is launching a new, free Chrome extension, xs:code Insights, which provides users with intuitive, in-depth analytics on open source repositories, including repository score, security analysis, maintenance and activity status, reviews, ratings and more.

Continue reading →

The DMARC standard for email verification has been around for several years. Domain-based Message Authentication, Reporting and Conformance has the potential to rebuild trust in email communications plagued by spam and phishing.

Google's announcement this week that it's about to start piloting the display of authenticated brand logos in Gmail could mark the start of the technology's mainstream adoption.

Continue reading →

One of the biggest challenges that cybersecurity teams face at the moment is alert noise which can blind them to real threats.

Corporate performance management (CPM) specialist Prophix Software recently chose to adopt a network traffic analysis (NTA) solution to address this issue. We spoke to Kristofer Laxdal, the company's director of information security to discover why it chose invest in NTA technology and what benefits it's seeing.

Continue reading →

Research into changing 'digital comfort zones' during the pandemic shows that 37 percent of millennials think they're too boring to be a victim of cybercrime.

The study from Kaspersky finds that millennials are now spending almost two extra hours online every day and almost half say this has made them more aware of their digital security, with 36 percent saying that they should be doing more to strengthen it.

Continue reading →