Articles about Security

Internet Explorer may be a relic from the past, but it's still out there and used by surprising numbers of people. Not all versions of it are supported by Microsoft anymore, so when a critical bug was discovered in the Windows 7, 8.x, 10, Windows Server 2008 and 2012 versions of the browser, there were questions about who was going to be protected.

The bug was revealed just days after support ended for Windows 7, and it wasn't clear whether Microsoft would stick to its guns and leave those people still using this operating system out in the cold and unprotected. The company has now confirmed what's going to happen.

Continue reading →

Owners of Sonos devices were disappointed when they were told by the company that as of May 2020, there would be no more software updates released for older equipment. Sonos offered customers two options for "legacy products": keep using them without updates, or brick them by putting them in Recycle Mode in return for a 30 percent discount on a future purchase.

There was an understandable backlash from Sonos' userbase, and now the company's CEO has been forced to pen a letter in which he assures customers that devices will work for "as long as possible". Patrick Spence concedes that "we did not get this right from the start". He continues: "My apologies for that and I wanted to personally assure you of the path forward".

Continue reading →

SMB network security specialist Untangle has released the results of a survey of its channel partners looking at current trends and barriers that they face when protecting clients against emerging threats.

It also examines how these companies will shape future strategic business decisions for Managed Security Providers (MSPs) and Value-Added Resellers (VARs).

Continue reading →

Apple's Safari web browser was found to have multiple security flaws that allowed for user's online activity to be tracked, say Google researchers.

In a yet-to-be-published paper, the researchers reveal issues in a Safari feature which is actually supposed to increase user privacy. The Intelligent Tracking Prevention (ITP) feature found in the iOS, iPadOS and macOS version of the browser is meant to block tracking, but vulnerabilities mean that third parties could have accessed sensitive information about users' browsing habits.

Continue reading →

It can hardly have escaped your attention that Windows 7 has now reached end of life. For companies and enterprise customers unwilling to pay for Extended Security Updates, this means there will be no more updates. The average home user who has decided to stick with Windows 7 has been completely abandoned by Microsoft, leaving them with an operating system that could be found to contain an endless number of security vulnerabilities.

But, actually, there is another option for home users, and it does not involve paying any money to Microsoft. We're talking micropatches. Specifically, we're talking about micropatches from 0patch. We've covered the work of this company in the past, including its recent fix for the Internet Explorer vulnerability.

Continue reading →

At the end of last week, a serious vulnerability was discovered in Internet Explorer, affecting all versions of Windows. Not only is the bug (CVE-2020-0674) being actively exploited, but for Windows 7 users the vulnerability was exposed right after their operating system reached the end of its life.

Even for users of newer versions of Windows, and despite the severity of the security flaw, Microsoft said it would not be releasing a patch until February. Stepping in to plug the gap comes 0patch with a free micropatch for all versions of Windows affected by the vulnerability.

Continue reading →

A new report reveals how Microsoft exposed nearly 250 million Customer Service and Support records online late last year.

The security research team at Comparitech discovered five servers, each of which contained the same 250 million logs of conversations with Microsoft support agents and customers. The records, which spanned 2005 to December 2019, were accessible to anyone with internet access; no password protection or encryption was used.

Continue reading →

Proton Technologies has announced that it is open sourcing its VPN tool, ProtonVPN.

The Swiss firm says that not only is it releasing the source code for its VPN tool on all platforms, but also that it has conducted an independent security audit. Created by CERN scientists, ProtonVPN has amassed millions of users since it launched in 2017 and the decision to open source the tool gives users and security exports the opportunity to analyze the tool very closely.

Continue reading →

Microsoft says it is working on a fix for a serious security vulnerability in Internet Explorer. The bug affects versions 9, 10 and 11 of the browser in Windows 7, 8.x, 10, Windows Server 2008 and 2012.

The memory handling bug can be exploited by an attacker to run malicious code on a target computer, but despite its severity, Microsoft is unlikely to release the fix before next month's Patch Tuesday. News of the vulnerability comes just days after Microsoft ended support for Windows 7.

Continue reading →

Using analysis of the last three year's worth of data breach information from the UK's Information Commissioner's Office (ICO), cyber security awareness platform CybSafe has revealed that phishing breaches have jumped significantly.

In 2019, UK organizations reported more cyber security breaches to the ICO than ever before. A total of 2,376 reports were sent to the public body last year, up from 540 in 2017, and 1,854 reports in 2018.

Continue reading →

A new online fraud scheme is designed to trick people into thinking they are owed compensation for data leaks only to scam them out of cash.

Researchers at Kaspersky uncovered the scam which tries to get users to purchase 'temporary US social security numbers' at a cost of around $9 each. Victims have been found in Russia, Algeria, Egypt and the UAE, as well as other countries.

Continue reading →

A lot has been written about the consumerization of IT, but when it comes to personal security Josh Wyatt, VP of global services engagement at Optiv Security, believes consumers would be well served to take a page from the corporate cybersecurity playbook and adopt a 'zero trust' security strategy.

We recently spoke with Josh to find out how zero trust security can help consumers defend against cyberattacks, what types of threats we need to be aware of, and how this all relates to the business world.

Continue reading →

Check Point Research has released its 2020 Cyber Security Report, looking at the key malware and cyber-attack trends during 2019.

Even though cryptomining declined during 2019, linked to cryptocurrencies' fall in value and the closure of the Coinhive operation in March, 38 percent of companies globally were impacted by crypto-miners in 2019, up from 37 percent the previous year. Crypto-miners remain a low-risk, high-reward activity for criminals.

Continue reading →

It can hardly have escaped your attention that yesterday was the day Microsoft stopped supporting Windows 7.

To make sure anyone who was unaware is alerted to the fact that no more security updates will be available, full-screen warnings are now being displayed. Microsoft had previously advised Windows 7 users that this message would appear, and as of today the company is making good on its promise.

Continue reading →

Two-factor authentication is a handy means of securing accounts, and now iPhone users are able to use their handsets as a security key for their Google accounts.

An update to the Google Smart Lock app brings the functionality to Apple fans, several months after the feature was made available to Android users. It's a security method that has been welcomed by many as it does not require the use of any additional hardware, just something you always tend to have with you -- your phone.

Continue reading →