Articles about Security

Traditional penetration testing solutions often fail to provide the rapid, reliable and fully integrated security testing that fits with businesses' go-to-market timelines.

Crowdsourced security company Bugcrowd is looking to change this with the launch of its Classic Pen Test, powered by the Bugcrowd platform and focused on providing customers with on-demand access to methodology-driven pen testing at a fixed price.

Continue reading →

Following the discovery of an SQL injection vulnerability in its XG Firewall product, Sophos has released an emergency patch to protect users against hackers.

The vulnerability affects both physical and virtual XG Firewall units, and signs of attacks were first noticed last week. Attackers exploiting the vulnerability on unpatched firewalls would be able to access all local usernames and hashed passwords of any local user accounts, including local device admins, user portal accounts, and accounts used for remote access.

Continue reading →

Researchers at Check Point have discovered a new variant of Android malware called Black Rose Lucy that, when downloaded, encrypts files on the infected device and displays a ransom note in the browser claiming to be an official message from the FBI.

First discovered by Check Point in September 2018, Lucy is a Malware-as-a-Service dropper that originated in Russia and downloads and installs new threats with ransomware capabilities.

Continue reading →

As attackers become more sophisticated, perimeter defenses are becoming less effective at protecting networks. Particularly so as endpoints may roam from network to network or utilize resources in cloud data centers that are not under direct corporate control.

To give IT security analysts increased visibility into what is happening at their network endpoints, security-as-a-service company Cygilant is launching a new endpoint security solution.

Continue reading →

More than 16,000 COVID-19 related domains have been registered since January and while some are legitimate many have been set up to serve malware, create phishing pages, or scam site visitors.

And malicious domains aren't just a problem during the current pandemic, they're a growing issue across the internet. This is not helped by privacy rules which mean it's become harder for security researchers to use Whois to see who owns a domain.

Continue reading →

A security flaw in Microsoft Teams made it possible for attackers to take over accounts just by getting a victim to view a GIF. The vulnerability stemmed from the way in which Teams handles images and could allow for account takeovers and data theft.

Security firm CyberArk discovered the issue over a month ago and then worked with the Microsoft Security Research Center under Coordinated Vulnerability Disclosure to get the vulnerability fixed. With COVID-19 leading to a huge increase in the number of people working remotely and relying on the likes of Zoom and Teams, the prospect of such an easily exploitable vulnerability is concerning.

Continue reading →

Well known for its endpoint protection and malware removal solutions, Malwarebytes is now moving into the online privacy space with the launch of its own VPN.

Malwarebytes Privacy aims to offer best-in-class encryption without compromising on performance. It doesn't log the user's online activities and it offers a choice of virtual servers from over 30 countries in order to protect their real location.

Continue reading →

The ever changing landscape of cybersecurity means it can be hard for any one organization to stay on top of all the latest threats.

To address this problem, Trustwave is expanding its cybersecurity collaboration platform to help businesses around the world meet security challenges.

Continue reading →

It is a little while since Proton Technologies announced that ProtonVPN was being open sourced to help build trust in the service. Now the company has done the same for the Android version of ProtonMail, and this means that all ProtonMail and ProtonVPN apps are now open source

Just as with ProtonVPN, the open sourcing of ProtonMail opens it up not only to the scrutiny of anyone who cares to trawl through the source code, but it has also been subjected to a third-party security audit.

Continue reading →

Researchers at Check Point have revealed how a sophisticated cybercrime gang managed to trick three UK private equity firms to steal hundreds of thousands of pounds.

The gang, named 'The Florentine Banker,' got away with over £500,000 following a complex business email compromise (BEC) attack.

Continue reading →

Security firm ZecOps has published research about security vulnerabilities affecting iPhones and iPads. The critical flaws are yet to patched by Apple and are said to be actively used to target high-profile users such as journalists, employees of Fortune 500 companies and VIPs.

What's particularly worrying about the flaws is that they can be exploited by sending a message that appears to be blank. Opened in iOS Mail, the message can be used to run code and spy on activity without the need for any interaction from the victim. There is a suggestion that a nation-state could be involved.

Continue reading →

Zoom Video Communications has announced details of Zoom 5.0, a major update to its video conferencing client which goes a long way to addressing many of the security and privacy issues that have been found in recent weeks.

With the upcoming release, users can benefit from the addition of AES 256-bit GCM encryption, as well as the ability to choose routing options for calls.

Continue reading →

The need to protect remote working is exercising many organizations at the moment. Abnormal Security is launching a new Microsoft Teams Protection product to help guard the platform against social engineering attacks.

It automatically detects suspicious messages sent within a customer's Microsoft Teams environment, lowering the risk of phishing attacks infiltrating internal Teams communication channels.

Continue reading →

The latest Global Security Report from Trustwave, based on analysis of more than a trillion logged events in 2019, reveals that corporate systems continue to be most targeted by cybercriminals, at 54 percent.

This is followed by e-commerce at 22 percent down five percent when compared to 2018. Cloud services have seen the biggest increase and are now the third most targeted environment accounting for 20 percent of investigated incidents up significantly from seven percent the previous year.

Continue reading →

New research from vulnerability management specialist Kenna Security seeks to quantify the comparative risk of using assets based on Microsoft, Apple, Linux, or Unix platforms, as well as network devices.

The study finds that asset mix plays a key role in determining the number of security vulnerabilities an organization has to contend with every month along with its ability to minimize cyber risk.

Continue reading →