Articles about Security

Increasingly IT security is seen as an issue for the entire organization. This means it's often included in business targets, but setting these in a meaningful way -- and being able to meet them -- is a major challenge .

We spoke to Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic, to find out more about the difficulties of setting and measuring the success of targets for security.

Continue reading →

Travelex, the London-based foreign exchange company, has suspended some of its services and taken its UK website offline following a cyber attack that took place on New Year's Eve.

A malware infection caused the company to take the decision to cut the cord on its services. It said that this was merely a "precautionary measure" which was done "in order to protect data". The suspension of services has caused problems for customers around the world and has had a knock-on effect for other companies including Tesco Bank and Asda.

Continue reading →

Apple has long played a game of cat and mouse with the developers of jailbreak tools, constantly amending the code of its mobile operating systems to prevent people from unlocking their iPhones and iPads.

In an ongoing spat with Corellium -- a company which virtualizes iOS for use by security researchers -- Apple has amended the lawsuit it brought against the company this summer saying the tools it produces infringe on copyright. Corellium has responded with an open letter saying that Apple's line of attack "should give all security researchers, app developers, and jailbreakers reason to be concerned".

Continue reading →

JPMorgan Chase is to enforce stricter security measures, banning third-party fintech apps from accessing customer passwords.

The existing method of data sharing provides -- with permission -- numerous apps with access to customers' bank accounts, but concerns have been voiced about the possible dangers. No timetable has been set out, but the American finance giant intends to use a token-based system that will provide third parties with access to "a narrow range of data in a secure form".

Continue reading →

It's now mere weeks until Windows 7 is no longer supported by Microsoft. When January 14, 2020 rolls around, the end date for support will have been reached, and Microsoft is keen for people to upgrade to Windows 10 to avoid having insecure computers that don't receive updates.

But not all security updates are being dropped. Having previously said that Microsoft Security Essentials would no longer receive updates when Windows 7 support ends, the company has indicated that updates will in fact continue to be released.

Continue reading →

Email is suffering an identity crisis. Email’s core protocols make no provisions for authenticating the identities of senders, which has resulted in a worldwide spearphishing and impersonation epidemic, leading to billions of dollars in monetary losses, security mitigation costs, and brand damage. As a result, email security will be a central theme in the new year, both as a source of threats as well as an increasingly urgent issue for cybersecurity professionals to address.

In 2020, we will see email security prove itself to be a weak link in election security as well as corporate security. At the same time, Domain-based Message Authentication, Reporting and Conformance (DMARC) will gain popularity across several industries, driven both by the need to eliminate domain spoofing, and by the desire for brands to take advantage of Brand Indicators for Message Identification (BIMI), a new standard that requires DMARC. Email authentication works -- but it’s up to domain owners to take advantage of it. Increasingly they will do so, as they realize that a failure to proactively defend their domains can leave them vulnerable to convincing exploits from cybercriminals.

Continue reading →

Advanced persistent threats (APTs) have become aggressive in their attempts to breach organizations’ networks. These malicious actors look to gain unauthorized access to infrastructures for prolonged periods of time so that they can perform various acts including mining and stealing sensitive data. Their ability to evade conventional security measures have allowed them to cause costly data breaches against many businesses.

Hackers have even found ways to intensify their malicious activities. According to an Accenture report, threat actors and groups have now teamed up to conduct targeted intrusions and spread malware. Among them are financially motivated groups such as the Cobalt Group and Contract Crew. These increasing cyberattack threats have prompted companies to toughen up their security. Gartner estimates that security spending will grow to $170.4 billion in 2022.

Continue reading →

With deepfake voice fraud an increasing threat, new research shows that 30 percent of Americans are not confident they would be able to detect the difference between a computer generated voice and a human one.

The study from ID R&D, a provider of AI-based biometrics and voice and face anti-spoofing technologies, shows only just over a third (36 percent) are confident they could spot a fake.

Continue reading →

It's the time of year again where the great and good of the tech sector like to consult the tea leaves, gaze into the crystal ball, read the runes -- and of course draw on their industry knowledge -- to give their predictions for the year ahead.

So, what do they think is in store for cybersecurity in 2020?

Continue reading →

Financial services business tend to be attacked more than those in any other sector, but a new study finds that 75 percent of respondents in this industry are over confident in their data management practices.

A worrying 24 percent of respondents to Integris Software's 2019 FinServ Data Privacy Maturity Study only update their personal data inventory once a year. Even more concerning, 13 percent only inventory sensitive data when audited or in response to regulation requests.

Continue reading →

Security segmentation limits the ability for attacks to move laterally inside an organization by breaking data center and campus networks or clouds into smaller segments. But a new study reveals that only 19 percent currently implement segmentation solutions today.

The study of 300 IT professionals carried out by Virtual Intelligence Briefing for Illumio also shows that while approximately 25 percent are actively planning a project, more than half are not protecting with segmentation at all or planning to in the next six months.

Continue reading →

In the retail sector particularly the line between online and offline worlds is increasingly blurred. But how can businesses protect their customer data effectively in this world?

We spoke to, Gary Barnett, CEO of secure payment systems specialist Semafone to discuss this, the effect of the upcoming CCPA legislation and more.

Continue reading →

A new survey of almost 300 IT security professionals in large enterprises finds 53 percent of respondents say most or all cybersecurity vendors rely on unclear, opaque, and ambiguous data to promote their products.

In addition the study from Valimail, a provider of identity-based anti-phishing solutions, finds 42 percent of respondents say cybersecurity products deliver value 'sometimes,' but it is difficult or impossible to prove that value.

Continue reading →

Data usage and analysis are now key drivers of innovation and competitive advantage, but increased data use raises issues surrounding security, privacy and compliance.

Israeli company Satori Cyber is launching a new Secure Data Access Cloud to offer continuous visibility and control of data flows across all cloud and hybrid data stores.

Continue reading →

DNS amplification attacks have grown by over 4,000 percent over the last year according to Nexusguard's latest threat report.

DNSSEC (Domain Name System Security Extensions) remains the main source of growth in DNS amplification attacks in the quarter, but Nexusguard analysts have also detected a sharp and concerning rise in TCP SYN Flood attacks.

Continue reading →