Articles about Security

US officials have warned British ministers that using Huawei technology in the UK's 5G network would be "nothing short of madness".

Prime Minister Boris Johnson reacted to the warning saying that he had no intention of putting the UK infrastructure or national security at risk. He also called on critics of Huawei to suggest alternatives.

Continue reading →

The end of Microsoft's support for Windows 7 is now just hours away. It should not come as any sort of surprise, as coverage of the end of life for the operating system has been widespread, but there are still plenty of people and businesses using the decade-old OS.

Some are put off by the hassle of upgrading (although it's easy), while others are discouraged by cost (although you can still upgrade to Windows 10 for free). But the ramifications of sticking with Windows 7 could be serious -- so much so that the UK's National Cyber Security Centre (NCSC) has issued a stark warning not to use the operating system for email or banking.

Continue reading →

Researchers at Malwarebytes have uncovered malware pre-installed on phones offered under the US government-funded Lifeline Assistance program.

Assurance Wireless by Virgin Mobile offers the UMX U686CL phone as their most budget-friendly option at only $35 under the scheme. However, users are getting more than they bargained for. An app called Wireless Update is designed to update the phone's OS but can also install other apps without consent.

Continue reading →

Protecting against cyberattacks and guarding against technology failures is something that most businesses now do as a matter of course. But insuring against the risks is less common and could be leaving companies open to major losses.

We spoke to Jack Kudale, CEO of cyber insurance specialist  Cowbell Cyber to find out more about cyber risk insurance and why it's increasingly being seen as an essential safeguard.

Continue reading →

The vulnerability-finding Project Zero has found Google on the end of both criticism and praise, but there has long been concern about the policy of being very quick to reveal details of vulnerabilities that have been discovered.

Previously Project Zero has given software developers a 90-day window of opportunity to fix bugs before it goes public. Details of vulnerabilities would also be published as soon as a fix was released. For 2020, Google is trying something new. The company will wait a full 90 days before disclosing a vulnerability, regardless of when the bug is fixed.

Continue reading →

Multiple vulnerabilities in the popular TikTok video-sharing app and its back end could have allowed attackers to manipulate content on user accounts, and even extract confidential personal information.

Researchers at Check Point have found that an attacker could send a spoofed SMS message to a user containing a malicious link. If the user clicked on the link, the attacker was able to access the user's TikTok account and manipulate its content by deleting videos, uploading unauthorized videos, and making private or 'hidden' videos public.

Continue reading →

Increasingly IT security is seen as an issue for the entire organization. This means it's often included in business targets, but setting these in a meaningful way -- and being able to meet them -- is a major challenge .

We spoke to Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic, to find out more about the difficulties of setting and measuring the success of targets for security.

Continue reading →

Travelex, the London-based foreign exchange company, has suspended some of its services and taken its UK website offline following a cyber attack that took place on New Year's Eve.

A malware infection caused the company to take the decision to cut the cord on its services. It said that this was merely a "precautionary measure" which was done "in order to protect data". The suspension of services has caused problems for customers around the world and has had a knock-on effect for other companies including Tesco Bank and Asda.

Continue reading →

Apple has long played a game of cat and mouse with the developers of jailbreak tools, constantly amending the code of its mobile operating systems to prevent people from unlocking their iPhones and iPads.

In an ongoing spat with Corellium -- a company which virtualizes iOS for use by security researchers -- Apple has amended the lawsuit it brought against the company this summer saying the tools it produces infringe on copyright. Corellium has responded with an open letter saying that Apple's line of attack "should give all security researchers, app developers, and jailbreakers reason to be concerned".

Continue reading →

JPMorgan Chase is to enforce stricter security measures, banning third-party fintech apps from accessing customer passwords.

The existing method of data sharing provides -- with permission -- numerous apps with access to customers' bank accounts, but concerns have been voiced about the possible dangers. No timetable has been set out, but the American finance giant intends to use a token-based system that will provide third parties with access to "a narrow range of data in a secure form".

Continue reading →

It's now mere weeks until Windows 7 is no longer supported by Microsoft. When January 14, 2020 rolls around, the end date for support will have been reached, and Microsoft is keen for people to upgrade to Windows 10 to avoid having insecure computers that don't receive updates.

But not all security updates are being dropped. Having previously said that Microsoft Security Essentials would no longer receive updates when Windows 7 support ends, the company has indicated that updates will in fact continue to be released.

Continue reading →

Email is suffering an identity crisis. Email’s core protocols make no provisions for authenticating the identities of senders, which has resulted in a worldwide spearphishing and impersonation epidemic, leading to billions of dollars in monetary losses, security mitigation costs, and brand damage. As a result, email security will be a central theme in the new year, both as a source of threats as well as an increasingly urgent issue for cybersecurity professionals to address.

In 2020, we will see email security prove itself to be a weak link in election security as well as corporate security. At the same time, Domain-based Message Authentication, Reporting and Conformance (DMARC) will gain popularity across several industries, driven both by the need to eliminate domain spoofing, and by the desire for brands to take advantage of Brand Indicators for Message Identification (BIMI), a new standard that requires DMARC. Email authentication works -- but it’s up to domain owners to take advantage of it. Increasingly they will do so, as they realize that a failure to proactively defend their domains can leave them vulnerable to convincing exploits from cybercriminals.

Continue reading →

Advanced persistent threats (APTs) have become aggressive in their attempts to breach organizations’ networks. These malicious actors look to gain unauthorized access to infrastructures for prolonged periods of time so that they can perform various acts including mining and stealing sensitive data. Their ability to evade conventional security measures have allowed them to cause costly data breaches against many businesses.

Hackers have even found ways to intensify their malicious activities. According to an Accenture report, threat actors and groups have now teamed up to conduct targeted intrusions and spread malware. Among them are financially motivated groups such as the Cobalt Group and Contract Crew. These increasing cyberattack threats have prompted companies to toughen up their security. Gartner estimates that security spending will grow to $170.4 billion in 2022.

Continue reading →

With deepfake voice fraud an increasing threat, new research shows that 30 percent of Americans are not confident they would be able to detect the difference between a computer generated voice and a human one.

The study from ID R&D, a provider of AI-based biometrics and voice and face anti-spoofing technologies, shows only just over a third (36 percent) are confident they could spot a fake.

Continue reading →

It's the time of year again where the great and good of the tech sector like to consult the tea leaves, gaze into the crystal ball, read the runes -- and of course draw on their industry knowledge -- to give their predictions for the year ahead.

So, what do they think is in store for cybersecurity in 2020?

Continue reading →