Articles about Security

Android is the most popular smartphone OS, but new research suggests that its security landscape is fragmented due to region-specific issues that affect users in some countries but not others.

Researchers at F-Secure examined devices including the Huawei Mate 9 Pro, the Samsung Galaxy S9, and the Xiaomi Mi 9 to understand the exploitation process for vulnerabilities and configuration issues, as well as the impact, and found it varies from device to device.

Continue reading →

Two percent of transactions in online banking and online retail were carried out by fraudsters, and 16 percent of transactions were suspicious and required further investigation according to new analysis by Kaspersky.

Based on anonymized statistics of events detected by Kaspersky's anti-fraud solution from January to December 2019, the most common case of fraud (63 percent) was attempts to access personal accounts using malware or legitimate remote control software.

Continue reading →

With the current focus being very much on the shift to remote working and the challenges and opportunities it offers, it’s easy to overlook the fact that there's a whole world of other security issues out there, and it isn't standing still.

Ireland-based telecommunications company Paradyn has created an infographic looking at what it sees as the important cybersecurity trends of this year.

Continue reading →

Cybercrime can hit any business and the costs of an attack can prove crippling. In order to protect themselves companies need to adopt best practices, but where to start?

Cloud-based customer identity access management (CIAM) platform LoginRadius has created an infographic looking at the risk and what organizations can do to protect themselves.

Continue reading →

Suffering a data breach is bad enough, but arguably worse is not knowing how much of your organization's data has been exposed as a result.

Now you can find out thanks to ImmuniWeb launching a free online service to check how bad a company/organisation's exposure is on the Dark Web and hacking resources.

Continue reading →

For around two decades now, hackers have exploited the design of the memory management system used by Linux programs in order to take control of a target's computer.

Now though researchers at Check Point have introduced a new security mechanism for Linux users called 'safe-linking' which means attackers will need more than one vulnerability in order to take over the program.

Continue reading →

With more and more people expressing concern about privacy and security online, companies have had to start to take notice and deliver tools to help. This is particularly noticeable in the browser market, and with the latest version of Chrome, Google has doubled down on security.

Having tested DNS over HTTPS (DoH) for some time, Google has added enhanced support for DNS lookups over an encrypted HTTPS connection to Chrome 83.  In the Windows, macOS and Linux versions of the browser, Google's implementation of the security feature is called Secure DNS; here's how to use it.

Continue reading →

We've already seen that Dark Web marketplaces are seeking to cash in on the COVID-19 pandemic, but new research from Positive Technologies also shows a lot of interest in accessing corporate networks.

In the first quarter of this year the number of postings advertising access to these networks increased by 69 percent compared to the previous quarter. This is likely to pose a significant risk to corporate infrastructure, especially now that many employees are working remotely.

Continue reading →

Email compromise via spoofed domains or compromised accounts is a major problem. But a new cloud platform from Abnormal Security tracks the reputations of an organization's vendors and customers, and improves detection accuracy of advanced social engineering attacks.

VendorBase is a global database that gives organizations the ability to see detailed views of all vendors, including profile information, the VendorBase risk assessment score, explanations on risk scores, a timeline view of relevant email communication and security activity for that vendor.

Continue reading →

Over 76 percent of CEOs are consistently losing sleep over the fear of becoming the next headline-grabbing security breach, yet less than half of them have a firm cybersecurity strategy in place.

A new study from cybersecurity company Forcepoint in partnership with WSJ Intelligence surveyed 200 senior executives from a range of industries to find the major cybersecurity stresses and areas of disconnect for business and security leaders.

Continue reading →

With cybercriminals ever keen to exploit the latest trends to their advantage, it should come as no surprise that the latest research from Trustwave SpiderLabs shows a raft of Dark Web activity based around COVID-19.

Scams range from adverts for supposed vaccines to malicious infection maps. But there's also evidence that Dark Web activities are being hit by the pandemic in much the same way as legitimate businesses.

Continue reading →

Budget airline easyJet has fallen victim to a cyberattack in which personal information of 9 million customers was exposed. Included in this personal data were details of travel plans, email addresses and, in some cases, credit card information.

The company is now in the process of contacting all of those who have been affected by the data breach, but says that anyone whose credit card details were stolen by hackers has already been contacted.

Continue reading →

Public Key Infrastructure (PKI) is essential to handling the issuing of digital certificates and managing public-key encryption, but it can prove a burden for businesses.

To make the process easier, certificate authority GlobalSign is launching a new automated PKI platform called Atlas.

Continue reading →

New research from application security specialist Veracode finds seven in 10 applications have a security flaw in an open source library on initial scan, highlighting how use of open source can introduce flaws, increase risk, and add to security debt.

The study analyzed the component open source libraries across the Veracode platform database of 85,000 applications, accounting for 351,000 unique external libraries. Nearly all modern applications, including those sold commercially, are built using some open source components.

Continue reading →

As we wrote about yesterday, with build 19628 Microsoft has added support for DNS over HTTPS to Windows 10. DoH is a great way to increase privacy and security online, and its arrival in Windows 10 has been widely welcomed.

At the moment the feature is only available to Windows Insiders, but it won't be long before it rolls out to everyone. But when you have it up and running, how do you know if DNS over HTTPS is working? Here's how to find out.

Continue reading →