Articles about Security

Details of a nine-year-old security vulnerability with the sudo utility found in numerous Unix and Linux based operating systems have been revealed.

The flaw, which affects the likes of Linux Mint and Elementary OS, could be exploited to give users root privileges on a vulnerable system. Sudo versions 1.7.1 to 1.8.30 are at risk if the pwfeedback option is enabled.

Continue reading →

Landing the role of Chief Information Security Officer might make you think you've made it into a plum job, but 88 percent of CISOs are stressed and it's impacting on their health and relationships according to new research.

The second annual CISO stress report from Nominet shows that 48 percent say work stress has had a detrimental impact on their mental health, almost twice as high as last year (27 percent). 31 percent also report that their stress has impacted their physical health.

Continue reading →

Many organizations lack the resources to effectively implement 24x7 security operations on their own, and while automation solutions can help, they typically require extensive expertise to implement and manage.

Security automation specialist LogicHub is launching a new automation driven Managed Detection and Response solution called MDR+ to help address this issue.

Continue reading →

Researchers at Varonis have uncovered a new ransomware variant that spreads and tracks its progress via SYSVOL share on Active Directory Domain Controllers.

The ransomware encrypts files and appends them with the extension, '.SaveTheQueen' and creates a file called 'hourly' on the SYSVOL share folder.

Continue reading →

Researchers at managed security services provider Nuspire have released their latest quarterly threat report which looks at the top botnet, malware and exploit activity throughout 2019, focusing in on the fourth quarter.

Among the findings are that malicious cyber-activity declined towards the end of the year, partly as a result of hectic holiday schedules and vacations with fewer employees around to interact with malicious activity.

Continue reading →

If it's a Philips Hue bulb the answer to the question in the headline above is just one according to new research from Check Point which has uncovered vulnerabilities that could enable a hacker to deliver ransomware or other malware to business and home networks by taking over the smart lightbulbs and their controller.

Researchers focused on the market-leading Philips Hue smart bulbs and bridge, and found vulnerabilities that enabled them to infiltrate networks using a remote exploit in the ZigBee low-power wireless protocol that is used to control a wide range of IoT devices.

Continue reading →

2019 was the third year in a row that Microsoft technology was most affected by vulnerabilities, with eight of the top 10 vulnerabilities identified targeting its products.

This is a key finding of the Recorded Future annual vulnerability report which also shows that for the first time six of the vulnerabilities, all impacting Microsoft, were repeats from the prior year.

Continue reading →

To combat growing cyber risks, 72 percent of businesses plan to implement zero trust technology this year, yet 47 percent of security professionals lack confidence in their ability to apply it.

A new report from Cybersecurity Insiders and Pulse Secure, based on a survey of more than 400 cyber security decision makers, finds a striking confidence divide among cybersecurity professionals in applying zero trust principles.

Continue reading →

According to a new study, 36.5 percent of all organizations have experienced a malware incident on a mobile device in the past year, which represents a 142 percent increase from 2018.

Research from mobile security specialist Wandera finds 57 percent of organizations have experienced a mobile phishing incident, with 60 percent of mobile phishing attacks occurring over HTTPS.

Continue reading →

If you used Google Takeout to download an archive of your Google Photos content, there's a chance that someone else may have ended up with your videos.

The company has admitted that for a few days in November last year, "some videos in Google Photos were exported to unrelated users' archives". This means that not only could your videos have ended up on a stranger's computer, but also that you may have received random videos belonging to someone else.

Continue reading →

There are expected to be more than 70 billion connected devices by 2025, which means the opportunity for hackers to infiltrate connected devices, and to get onto networks, is going to get much larger.

So how can businesses prepare for this influx, train their staff and get ahead in order to protect their critical data from cybercriminals who are always keen to update their tactics and strategies? We spoke to Jonathan Langer, CEO of healthcare device security specialist Medigate to find out.

Continue reading →

Just 17 percent of organizations worldwide are considered 'leaders' in cyber resilience, meaning under a fifth are effectively stopping cyberattacks and finding and fixing breaches fast enough to lower the impact, according to a new report from Accenture.

Based on a survey of more than 4,600 enterprise security practitioners, Accenture's report looks at how businesses prioritize security, the effectiveness of their current security efforts, and the impact of new security-related investments.

Continue reading →

Microsoft has introduced a new feature to its Edge browser that blocks "potentially unwanted apps" from being downloaded.

At the moment, the security feature is available in the beta version of Microsoft Edge, but it will also be making its way to the stable version of Chromium-based Edge later this month. Strangely, Microsoft has chosen not to switch on the feature by default.

Continue reading →

Microsoft is no stranger to using bug bounty programs to track down security problems and other issues with its software and services. Now the company has launched an Xbox bug bounty program, offering payouts of up to $20,000 to anyone finding vulnerabilities.

The particular aim of this bounty program is to find issues with the Xbox Live network and services. Microsoft says the amounts it will pay gamers and security researchers who report problems will depend on the severity and impact of the vulnerability, as well as the quality of the submission.

Continue reading →

Microsoft may have dropped Windows 7 like a hot stone, but that doesn't mean everyone is. Recognizing the fact that large numbers of people are going to continue using the aged operating system, most antivirus firms are going to continue to offer support.

Support from the likes of AVG, Avira, Kaspersky and Trend Micro for at least two years is great news for those concerned about the security of sticking with Windows 7. Of course, this doesn't mean that the operating system is entirely safe to use now that it has reached end of life, but with the right software installed, hangers-on can secure their systems somewhat.

Continue reading →