Security

Online fraud has gained in sophistication in recent years. As consumers have moved to using mobile devices and have come to expect a consistent shopping experience across platforms,  so the fraudsters have never been far behind.

We spoke to Michael Reitblat, co-founder and CEO of eCommerce fraud prevention specialist Forter, which recently published its latest Fraud Attack Index, to find out more about the fraud landscape and how businesses can protect themselves.

With attackers often targeting individuals and their credentials to gain unauthorized access to accounts, people are increasingly at the center of security.

This is one of the conclusions of a new report from identity solutions provider Okta which finds that when deploying security tools a third of businesses start with a tool focused on protecting their people, as opposed to devices, infrastructure, and networks.

The UK government has announced that -- despite being considered a "high-risk vendor" -- Huawei will be permitted to contribute to the 5G network infrastructure in Britain.

The US recently warned that allowing the Chinese firm to be involved in the rollout of 5G would be "madness", but the UK has chosen to ignore this. Huawei will have limits placed on its contributions, meaning that it will only be able to supply "non-core" elements of the network.

Increasingly the boundaries between operational technology and business networks are breaking down as businesses seek access to the real time data that industrial IoT devices hold.

But that leads to increased risk to critical infrastructure as devices become more exposed. To combat these threats, Cisco is introducing an IoT security architecture that provides enhanced visibility across both IT and OT environments, and helps protect industrial processes.

A self-described "reverser/pwner [and] Windows kernel hacker" has demoed a working exploit for two recently discovered vulnerabilities in Windows Remote Desktop Gateway (RD Gateway).

The exploit takes advantage of the CVE-2020-0609 and CVE-2020-0610 vulnerabilities which have already been shown to make a denial of service attack possible. Now Luca Marcelli has shown how the same vulnerabilities can be exploited in a Remote Code Execution attack.

When you install an antivirus program -- even a free one -- you have a reasonable assumption that it's going to help keep your data safe.

But a joint investigation by Motherboard and PCMag has discovered that Avast's free antivirus is harvesting user data. Although this is supposedly 'de-identified' it is being sold to marketers in a way that can be linked back to an individual.

The use of voice for authentication has been limited in IoT applications and devices because of storage and processing limitations.

But new technology from ID R&D looks set to change that, offering voice biometric optimization with an AI-based SDK of under 1MB, enabling voice biometrics to be implemented at the edge.

Internet Explorer may be a relic from the past, but it's still out there and used by surprising numbers of people. Not all versions of it are supported by Microsoft anymore, so when a critical bug was discovered in the Windows 7, 8.x, 10, Windows Server 2008 and 2012 versions of the browser, there were questions about who was going to be protected.

The bug was revealed just days after support ended for Windows 7, and it wasn't clear whether Microsoft would stick to its guns and leave those people still using this operating system out in the cold and unprotected. The company has now confirmed what's going to happen.

Owners of Sonos devices were disappointed when they were told by the company that as of May 2020, there would be no more software updates released for older equipment. Sonos offered customers two options for "legacy products": keep using them without updates, or brick them by putting them in Recycle Mode in return for a 30 percent discount on a future purchase.

There was an understandable backlash from Sonos' userbase, and now the company's CEO has been forced to pen a letter in which he assures customers that devices will work for "as long as possible". Patrick Spence concedes that "we did not get this right from the start". He continues: "My apologies for that and I wanted to personally assure you of the path forward".

SMB network security specialist Untangle has released the results of a survey of its channel partners looking at current trends and barriers that they face when protecting clients against emerging threats.

It also examines how these companies will shape future strategic business decisions for Managed Security Providers (MSPs) and Value-Added Resellers (VARs).

Apple's Safari web browser was found to have multiple security flaws that allowed for user's online activity to be tracked, say Google researchers.

In a yet-to-be-published paper, the researchers reveal issues in a Safari feature which is actually supposed to increase user privacy. The Intelligent Tracking Prevention (ITP) feature found in the iOS, iPadOS and macOS version of the browser is meant to block tracking, but vulnerabilities mean that third parties could have accessed sensitive information about users' browsing habits.

It can hardly have escaped your attention that Windows 7 has now reached end of life. For companies and enterprise customers unwilling to pay for Extended Security Updates, this means there will be no more updates. The average home user who has decided to stick with Windows 7 has been completely abandoned by Microsoft, leaving them with an operating system that could be found to contain an endless number of security vulnerabilities.

But, actually, there is another option for home users, and it does not involve paying any money to Microsoft. We're talking micropatches. Specifically, we're talking about micropatches from 0patch. We've covered the work of this company in the past, including its recent fix for the Internet Explorer vulnerability.

At the end of last week, a serious vulnerability was discovered in Internet Explorer, affecting all versions of Windows. Not only is the bug (CVE-2020-0674) being actively exploited, but for Windows 7 users the vulnerability was exposed right after their operating system reached the end of its life.

Even for users of newer versions of Windows, and despite the severity of the security flaw, Microsoft said it would not be releasing a patch until February. Stepping in to plug the gap comes 0patch with a free micropatch for all versions of Windows affected by the vulnerability.

A new report reveals how Microsoft exposed nearly 250 million Customer Service and Support records online late last year.

The security research team at Comparitech discovered five servers, each of which contained the same 250 million logs of conversations with Microsoft support agents and customers. The records, which spanned 2005 to December 2019, were accessible to anyone with internet access; no password protection or encryption was used.

Proton Technologies has announced that it is open sourcing its VPN tool, ProtonVPN.

The Swiss firm says that not only is it releasing the source code for its VPN tool on all platforms, but also that it has conducted an independent security audit. Created by CERN scientists, ProtonVPN has amassed millions of users since it launched in 2017 and the decision to open source the tool gives users and security exports the opportunity to analyze the tool very closely.