Articles about Security

Business workloads are increasingly moving to multi-cloud and SaaS environments and at the same time the endpoint estate is diversifying to include increasing numbers of mobile and IoT devices.

As a result, CIOs and IT teams are struggling to orchestrate and enforce uniform security and compliance policies across distributed workloads and fixed, mobile and IoT devices. Enterprise mobility and connectivity specialist Asavie though has a solution.

Continue reading →

Video conferencing tools like Zoom, Microsoft Teams and Skype have been the center of attention in recent weeks because of companies' increased reliance on them during coronavirus lockdowns. Zoom has been in the headlines for many of the wrong reasons, however, and Microsoft is keen to ensure it doesn't get tarred with the same brush.

The company had made a series of commitments about its Teams software, promising users that their virtual conversations are private and secure.

Continue reading →

After many schools adopted Zoom to conduct online lessons during the coronavirus lockdown, concerns about security and privacy have led to a ban on the video conferencing software across the US.

The chancellor of New York City's Department of Education Richard A Carranza sent an email to school principals telling them to "cease using Zoom as soon as possible". And he is not alone; schools in other parts of the country have taken similar action, and educators are now being trained to use Microsoft Teams as this has been suggested as a suitable alternative, partly because it is compliant with FERPA (Family Educational Rights and Privacy Act).

Continue reading →

Zoom's skyrocketing popularity in recent weeks has been both a blessing and a curse for the company. Clearly it welcomes the additional users and, presumably, the income generated, but the company has also found itself under the spotlight resulting in startling revelations about security and privacy.

Having already apologized for a series of issues, Zoom is not taking steps to improve security. In an email sent out to users, the company explains how the virtual waiting room feature will be enabled by default, and meeting participants will now be required to use passwords to join.

Continue reading →

As if the various privacy and security concerns that have plagued Zoom recently had not been enough, now it has been revealed that the company has been routing some calls made in North America through China.

Asking whether Zoom is a "US company with a Chinese heart", security researchers at Citizen Lab reported their discovery that during test meetings, encryption and decryption keys were routed through a server in Bejing. This raised eyebrows, and the company has now tried to explain what happened and issued its second apology this week.

Continue reading →

After discovering a no fewer than seven security vulnerabilities in Safari for iOS and macOS, a researcher has received a $75,000 bug bounty pay out from Apple.

Ryan Pickren, a former Amazon Web Services (AWS) security engineer, found a series of security flaws in Apple's web browser, some of which could be exploited to hijack the camera of a Mac or iPhone to spy on users. The webcam hacking technique combined a total of three zero-day bugs.

Continue reading →

Zoom has received a lot of attention because of the increased number of people working from home, some good, some bad. There have been various security and privacy issues with the video conferencing app, but there are steps you can take to lock things down a little.

Following numerous controversies, Zoom has not only issued an apology but also put a stop on the development of new features while it gets itself in order. In the meantime, there are a various things you can do to increase your privacy and security when you're using Zoom.

Continue reading →

It's not unusual for phishing attacks to focus their efforts on major events. The end of the tax year is always popular as are major sporting occasions. The latest lure of course is the current COVID-19 pandemic.

The problem for IT admins is how to protect against a sudden deluge of threats and spam messages while ensuring that important legitimate communications aren't accidentally blocked.

Continue reading →

Zoom has been in the headlines a lot recently -- and not always for the reasons the company might have wanted. Thrust into the spotlight due to massively increased usage during the coronavirus pandemic, Zoom has been plagued with numerous security and privacy issues.

Now company CEO Eric S Yuan has issued a lengthy statement to Zoom users, apologizing for "unforeseen issues" and promising to improve things. For now, Zoom will get no new features as the company is focusing on fixing what is wrong, and regaining customer trust.

Continue reading →

Cloudflare's 1.1.1.1 DNS resolver has been around for a couple of years now, helping to cater for those looking for a more private and secure internet connection. Now the company has announced a new version of the product, this time with extra protective layers.

1.1.1.1 for Families is essentially a parental control filter, automatically blocking access to "bad sites". This means not only sites that deliver malware, but also adult sites that might not be suitable for younger internet users. But while parents may welcome this automated filtering, 1.1.1.1 for Families has already come in for criticism for incorrectly blocking sites.

Continue reading →

If you're in the market for a free VPN for your desktop PC or laptop, Cloudflare will soon have a new offering.

Following on from the success of its free VPN for mobile devices, the company that's also behind the 1.1.1.1 DNS resolver is now bringing WARP to Windows and macOS -- and there is a Linux version in the works. Cloudflare's WARP is currently available in beta, but not everyone will be able to get access to it straight away.

Continue reading →

Infected mail attachments and malicious links are common ways for hackers to try to infiltrate organizations.

Researchers at cybersecurity company Varonis have uncovered at new attack route in the form of malicious Azure apps. Azure apps don't require approval from Microsoft and, more importantly, they don't require code execution on the user's machine, making it easy to evade endpoint detection and antivirus systems.

Continue reading →

Security is a serious concern for anyone using the internet, but it most certainly is for businesses. In seeking a video conferencing tool to see them through the home-working coronavirus has forced many people into, Zoom has proved to be an incredibly popular choice, and its proclamation of offering end-to-end encryption very probably swayed a few decisions.

An investigation carried out by the Intercept found that, despite Zoom's claims, the service does not really support end-to-end encryption for video and audio content. In reality, all it offers is TLS, but Zoom has chosen to refer to this as being end-to-end encryption.

Continue reading →

Zoom's popularity has accelerated in recent weeks thanks to the number of people now forced to work from home and conduct meetings online. Now security researchers have discovered a worrying vulnerability in the software that could be used to steal Windows login credentials.

The vulnerability steams from the fact that Zoom converts URLs that are sent in messages into clickable links. The same is true for UNC paths, and if such a link is clicked, it is possible to grab a user's login name and their NTLM password hash and decrypt it.

Continue reading →

Towards the end of 2018, Marriott International suffered a data breach of its Starwood Hotel reservation database. Now the hotel chain has revealed that it suffered a second data breach earlier this year.

The company says that at the end of February it noticed that an "unexpected amount of guest information" could have been accessed using the login credentials of two employees. It is thought that this access started in the middle of January, and up to 5.2 million customers have been affected.

Continue reading →