Ancestry.com claims no harm from security vulnerability in Family Tree Maker


If you’re at all familiar with genealogy then you'll likely know both Ancestry and Family Tree Maker -- they an integral part of the pastime. Unfortunately, independent review site WizCase recently discovered an open and unencrypted ElasticSearch server that belonged to Software MacKiev, the owners of Family Tree Maker.
The leak exposed thousands of records including email addresses, user locations, and other sensitive personal information. FTM was owned by Ancestry.com until 2016 when Software MacKiev took it over, and the software is still used to upload databases to the Ancestry online trees.
How cybercrime impacts the charity sector [Q&A]


Charities handle billions in funds every year and hold financial and personal information that cybercriminals increasingly see as a tempting target. Yet, according to the UK's Charity Commission only 58 percent of charities think they are at risk from cybercrime.
But for a sector, whose success is built on its reputation and the goodwill of its supporters, the loss of any sensitive information or fraud through phishing attempts can be devastating.
Huge BootHole flaw in GRUB2 bootloader leaves millions of Windows and Linux systems at risk from hackers


A serious vulnerability dubbed BootHole has been discovered in the GRUB2 bootloader. Millions of systems run the risk of being exposed to hackers -- primarily those running Linux, but Windows is also affected. Discovered by security researchers at Eclypsium, the BootHole vulnerability has been assigned CVE-2020-10713 ("GRUB2: crafted grub.cfg file can lead to arbitrary code execution during boot process") and a CVSS rating of 8.2.
The flaw can be exploited to gain arbitrary code execution during the boot process, even when Secure Boot is enabled and virtually all Linux distributions are affected. But more than this, the vulnerability also leaves Windows systems that make use of Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority open to attack.
New solution delivers faster detection of and response to threats


It's important for security teams to be able to respond quickly and effectively to threats and part of being able to do that is having good intelligence.
With this in mind, Netenrich is launching two new tools, Knowledge Now (KNOW), a free global threat intelligence tool, and Attack Surface Intelligence (ASI) combine to deliver rich, actionable context for faster, more proactive response to known and emerging cyber threats.
Cybersecurity skills crisis is affecting 70 percent of organizations


We've been talking about the cybersecurity skills gap for more than a decade, but new research from the Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG) reveals it's not going away.
The shortage has impacted 70 percent of organizations, with consequences including increasing workloads, unfilled open job vacancies and an inability to learn or use cybersecurity technologies to their full potential.
Microsoft Defender warns that CCleaner is a 'potentially unwanted application'... here's why


If you have tried to install the Windows cleanup utility CCleaner recently, you may have noticed that Microsoft Defender springs into action warning you that it is a potentially unwanted application (PUA).
This is not the first time Piriform CCleaner has got on the wrong side of Microsoft -- it was previously blocked from being mentioned in the Microsoft Community forums. The Avast-owned software has been popular with people seeking to tidy up and optimize Windows 10 for a number of years, so what's going on and why does Microsoft flag it up as a PUA?
10 billion exposed credentials and where to find them


Researchers at password manager NordPass have identified a total of 9,517 unsecured databases containing 10,463,315,645 entries with such data as emails, passwords, and phone numbers.
The databases are found across 20 different countries, with China being at the top of the list -- the country has nearly 4,000 exposed databases. This means that potentially more than 2.6 billion users could have had their accounts breached.
The role of SASE in securing the modern workforce [Q&A]


Digital transformation combined with a shift to more remote working has presented considerable challenges for enterprises when it comes to securing their systems.
One of the technologies being increasingly used to enable remote access is Secure Access Services Edge (SASE). We spoke to Anurag Kahol, CTO and co-founder of cloud security company Bitglass to find out more about SASE and how it can help businesses deliver their transformation projects.
New solution delivers zero trust for multi-cloud and hybrid access


As more organizations move their operations to the cloud and networks become more fragmented, ensuring safe, secure access to systems becomes more difficult.
Secure access specialist Pulse Secure is launching a new Pulse Zero Trust Access (PZTA) solution. A cloud-based, multi-tenant secure access platform that enables organizations to provide users with easy, anywhere access to multi-cloud and data center applications.
Security professionals don't have the tools they need to detect threats


A new survey of over 300 security professionals reveals that 93 percent feel they lack the tools to detect known security threats, and 92 percent say they are still in need of appropriate preventative solutions to close current security gaps.
The study from security operations center specialist LogRhythm also finds that 75 percent of security professionals now experience more work stress than they did just two years ago.
Forcepoint SASE solution helps protect enterprise clouds


Secure Access Service Edge (SASE) technology is increasingly being used to enable secure and fast cloud adoption, helping ensure both users and devices have safe cloud access to applications, data and services from anywhere.
Cybersecurity company Forcepoint is entering this market with a new suite of SASE solutions, including a Cloud Security Gateway and zero trust Private Access features.
New Chrome extension provides security check on open source code


Developers frequently make use of open source components in order to speed up projects and save them having to reinvent tasks. But this can lead to the introduction of hidden security risks.
Now though open source marketplace xs:code is launching a new, free Chrome extension, xs:code Insights, which provides users with intuitive, in-depth analytics on open source repositories, including repository score, security analysis, maintenance and activity status, reviews, ratings and more.
Gmail to start showing authenticated brand logos to fight phishing scams


The DMARC standard for email verification has been around for several years. Domain-based Message Authentication, Reporting and Conformance has the potential to rebuild trust in email communications plagued by spam and phishing.
Google's announcement this week that it's about to start piloting the display of authenticated brand logos in Gmail could mark the start of the technology's mainstream adoption.
How traffic analysis can help protect business networks [Q&A]


One of the biggest challenges that cybersecurity teams face at the moment is alert noise which can blind them to real threats.
Corporate performance management (CPM) specialist Prophix Software recently chose to adopt a network traffic analysis (NTA) solution to address this issue. We spoke to Kristofer Laxdal, the company's director of information security to discover why it chose invest in NTA technology and what benefits it's seeing.
We're too boring to be hacked say millennials


Research into changing 'digital comfort zones' during the pandemic shows that 37 percent of millennials think they're too boring to be a victim of cybercrime.
The study from Kaspersky finds that millennials are now spending almost two extra hours online every day and almost half say this has made them more aware of their digital security, with 36 percent saying that they should be doing more to strengthen it.
BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.
© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.