Articles about Security

Millions of people and hundreds of thousands of businesses in the UK are using cracked or weak passwords for their online accounts according to new research.

Cybersecurity and data analytics CybSafe has conducted a blind-analysis of the passwords used by over 21,000 staff at a sample group of 250 UK businesses, and finds that three quarters are employing staff with vulnerable password combinations -- either passwords which are too simple, or which have been compromised in previous data breaches.

Continue reading →

Poor passwords frequently provide hackers with a way into networks. In order to help security teams and penetration testers identify them, Trustwave is launching a new cracking tool.

CrackQ is a queuing system to manage password cracking that works with the Hashcat tool which uses the power of GPUs to crack passwords.

Continue reading →

It's no secret that there is a huge talent gap in the cybersecurity industry. Everyone is talking about it, including Forbes Magazine, TechRepublic, CSO Online, DarkReading, and SC Magazine, among many others. Additionally, Fortune CEO's like Microsoft's Satya Nadella, McAfee's CEO Chris Young, Cisco's CIO Colin Seward and others shine a light on it from time to time.

Cybersecurity: The Beginner's Guide puts together all the possible information regarding cybersecurity, such as why you should choose it, and how can you can get involved with it.

Continue reading →

Mass cyber attacks are now being outnumbered by targeted attacks, with 65 percent of the total in the third quarter of 2019 being targeted, compared to 59 percent in the previous quarter.

The latest threatscape report from Positive Technologies also shows data theft grew to 61 percent of all attacks on organizations and 64 percent of all attacks on individuals (compared to 58 and 55 percent respectively in the second quarter). The share of attacks with direct financial motivation was 31 percent.

Continue reading →

Digital transformation is becoming an essential part of many business initiatives and of course security is a high priority too. You would think that two such essential areas would exist in close harmony, but it isn't always the case.

In the age of digital transformation security can get left behind. So, what can businesses do to ensure that new digital initiatives are secured from the start? We spoke to John Worrall, CEO at application and infrastructure security specialist ZeroNorth to find out more.

Continue reading →

A huge database of text messages and user data has been discovered online, completely unprotected and free for anyone to browse.

Found by researchers from vpnMentor, the database belongs to US communications company, TrueDialog. Among the exposed data are not only tens of millions of SMS messages, but also private information including usernames and passwords.

Continue reading →

Security experts from Security Research Labs (SRLabs) have warned that carriers are implementing RCS (Rich Communication Services which will supersede SMS) in ways that risk leaving users exposed to all manner of attack.

The German hacking research collective issues the stark warning that "RCS technology exposes most mobile users to hacking". This is not because of inherent problems with the messaging protocol, but with the ways in which it is being implement.

Continue reading →

Cyber-attacks represent a real threat to unprotected healthcare mobile apps. The overall operational integrity of these apps is at risk, but there's also a significant risk of malicious attacks on the medical devices themselves, personal health information, and intellectual property.

We spoke to Rusty Carter, VP of product management at Arxan to find out more about the risks and how they can be addressed.

Continue reading →

Almost one in four of UK SMEs -- around 1.4 million businesses -- don't have an IT disaster recovery plan in place. Yet, 80 percent of businesses who suffered a major incident ended up failing within within 18 months, according to the Association of British Insurers.

A survey of over 1,100 IT workers by technology services provider Probrand also finds 54 percent reveal that their disaster plan isn't regularly tested to identify and fix any potential flaws in their DR process.

Continue reading →

Every year, threat actors will continue to evolve their current tactics, techniques, and procedures (TTPs) that they use in order to exfiltrate customer, company and partner data, interrupt business operations, implant ransomware, and more. In fact, cybercrime damage costs are predicted to hit $6 trillion annually by 2021, according to research from Cybersecurity Ventures. In 2020, as cybercriminals refine their methods, we will continue to see a plethora of breaches occur due to a common vulnerability: misconfigurations.

Despite organizations running an average of 40 percent of their workloads in the public cloud, most companies fail to be able to accurately identify the risk of misconfiguration in public cloud as higher than the risk in traditional IT environments. In the new year we will also see a greater focus placed on identity in cloud security -- a challenge that’s easier said than done, since approaches that worked in traditional data center environments do not translate to the cloud.

Continue reading →

Chief information security officers (CISO) are regularly being summoned by the board of directors to provide recommendations for the business, but this doesn’t mean cybersecurity is being prioritized.

A new study of over 300 cybersecurity executives by 451 Research for Kaspersky finds 60 percent of respondents say business leaders need input from their CISO most often when an internal cybersecurity incident happens, while 57 percent schedule meetings with the board on a regular basis, and 56 percent are requested to provide their expert opinions on future IT projects.

Continue reading →

Fraudulent browser push notifications as a means of delivering phishing and advertising are becoming more common, up from 1.7 million in January to 5.5 million in September this year according to the latest Kaspersky research.

Push notifications were introduced several years ago as a useful tool to keep site visitors informed with regular updates, but today are often used to bombard people with unsolicited advertisements or encourage them to download malicious software.

Continue reading →

We hear a lot about the use of AI in improving security products, but in most cases the assumption is that it will in some way mimic human intelligence.

Finnish company F-Secure is challenging that assumption with an initiative it calls Project Blackfin. This aims to use collective intelligence techniques, such as swarm intelligence, to create adaptive, autonomous AI agents that collaborate with each other to achieve common goals.

Continue reading →

There's a lot to be said for enhancing account security with two-factor authentication (2FA) but Twitter has long-insisted that this be done by handing over your phone number -- not something everyone is happy with.

But now the company has announced a change of heart. With immediate effect, Twitter says "you can Starting today, you can enroll in 2FA without a phone number". The move comes after Jack Dorsey's account was hijacked and used to send racist tweets, and just two months after Twitter revealed that 2FA data had 'inadvertently been used for advertising purposes'.

Continue reading →

OnePlus has issued a security notice to customers that have used its online store, informing them that their order information has been accessed by an unnamed third party in a security breach.

The company is giving away very little in the way of details about the incident. It is not clear when the data breach happened, who may be responsible, or how many customers are affected. OnePlus says that information such as names, phone numbers, email addresses and shipping addresses have been exposed.

Continue reading →