Articles about Security

OnePlus has issued a security notice to customers that have used its online store, informing them that their order information has been accessed by an unnamed third party in a security breach.

The company is giving away very little in the way of details about the incident. It is not clear when the data breach happened, who may be responsible, or how many customers are affected. OnePlus says that information such as names, phone numbers, email addresses and shipping addresses have been exposed.

Continue reading →

Ethical human hackers supported by machine learning and artificial intelligence are 73 percent more efficient at identifying and evaluating cyber risks and threats according to a new report.

The study from crowdsourced security platform Synack also finds this combination of cybersecurity talent and AI results in 20 times more effective attack surface coverage than traditional methods.

Continue reading →

When major cybersecurity incidents make the headlines it's easy to assume that defenders are fighting a losing battle, but in fact a new report from threat intelligence company DomainTools shows that in breaches are down and confidence in security programs is up.

More than 500 cybersecurity professionals were surveyed and the results show 30 percent of respondents gave their program an 'A' grade this year, doubling over two years from 15 percent in 2017. Less than four percent reported a 'D' or 'F'.

Continue reading →

A new report from attack surface management company RiskIQ shows attackers will leverage popular brands and unsafe consumer shopping habits in the run up to the peak holiday shopping period.

Of all apps that can be found by searching for terms related to holiday shopping, 951, or two percent, are blacklisted as malicious -- a 20 percent increase.

Continue reading →

A survey of more than 1,000 IT security professionals exposes shortcomings in organizations' approach to managing third-party user identity and access that could leave them vulnerable to compromise.

The study by Dimensional Research for One Identity finds that while 94 percent of organizations grant third-party users access to their network, 61 percent admit they are unsure if those users attempted to or successfully accessed files or data they are not authorized to see.

Continue reading →

Organizations are being targeted by a mixture of simple, low effort and low-cost attacks along with more sophisticated, targeted campaigns, according to the latest quarterly Threat Intelligence Report from security and compliance specialist Mimecast.

Based on analysis of over 200 billion emails, the report looks at the four main categories of attack types discovered in the quarter: spam, impersonation, opportunistic, and targeted. This quarter's report finds that impersonation attacks are on this rise, accounting for 26 percent of total detections -- and now include voice phishing or 'vishing.'

Continue reading →

Migrating sensitive data to the cloud inevitably raises concerns surrounding compliance and security. Most turn to encryption as a solution, but that in itself raises issues over key management.

While many cloud service providers have allowed customers to bring their own keys (BYOK), Google Cloud Platform is linking up with the Fortanix Self-Defending Key Management Service (SDKMS) to become the first public cloud provider to enable customers to bring their own key management system (BYOKMS).

Continue reading →

Software bots are being used to automate repetitive processes in two thirds of businesses, but this can present risks depending on how properly their access to data is governed.

New research from SailPoint finds many organizations do not have the correct oversight into their day-to-day bot activities. Only five percent of respondents say they have 100 percent of bots, and their access, accounted for in their identity process.

Continue reading →

Ten organizations including Avira, the Electronic Frontier Foundation, Kaspersky, Malwarebytes and NortonLifeLock, have joined in a global initiative called the Coalition Against Stalkerware.

Stalkerware programs carry the possibility for intrusion into a person’s private life and are being used as a tool for abuse in cases of domestic violence and stalking. By installing these apps, abusers can get access to their victim's messages, photos, social media, geolocation, audio or camera recordings, and in some cases, this can be done in real-time.

Continue reading →

The camera applications within Google, Samsung and other Android smartphones could be vulnerable to attack, according to some new research.

Researchers at security platform Checkmarx found that in certain circumstances adversaries can take over smartphone camera apps to record videos, take photos, eavesdrop on conversations, and identify GPS coordinates, all without the user knowing.

Continue reading →

Digital identity platform ForgeRock is launching an Identity Platform-as-a-Service solution to help developers embed modern identity capabilities into their apps.

ForgeRock Identity Cloud provides a full suite of capabilities for identity requirements in any business environment utilizing the same APIs and SDKs as the ForgeRock Identity Platform, so customers can use ForgeRock in any deployment model, on premises, hybrid cloud, public cloud, or as-a-service.

Continue reading →

Joining the likes of Mozilla and Google, Microsoft has announced that it will support DNS over HTTPS (DoH).

The company says that the adoption of encrypted DNS is important for the overall health of the internet ecosystem. It goes on to set out a number of principles that will be at the heart of adopting DoH in the Windows DNS client.

Continue reading →

New research launched today by data erasure and mobile device diagnostics specialist Blancco Technology Group finds end-of-life devices are leaving businesses at risk of data breaches.

The survey of 1,850 senior leaders from the world's largest enterprises in APAC, Europe and North America finds 73 percent agree that the large volume of different devices at end-of-life leaves their company vulnerable to a data security breach, while 68 percent say they are very concerned about the risk of data breach from this equipment.

Continue reading →

The smart home concept is one of the best uses of modern technology. Not only do these home devices make your life easier, but they can make you and your family safer too. For instance, thanks to Wi-Fi cameras, smart smoke detectors, and internet-connected alarm systems, you can be alerted to danger.

Video doorbells are all the rage these days, and owning one is an essential part of any smart home strategy. Unfortunately, the most popular model -- Ring by Amazon -- has close ties with law enforcement, making it hard to trust from a privacy perspective. Luckily, today, we are getting yet another option -- The Arlo Video Doorbell. Arlo home cameras are quite popular, and it is good to see a doorbell being added to its product lineup.

Continue reading →

Kubernetes is one of the leading choices for container users, but its benefits of scalability and abstraction also lead to increased complexity, which can make companies reluctant to deploy the technology.

Chaos engineering platform Gremlin is launching support for Kubernetes -- Docker support was launched last year -- so engineers can now use Gremlin to automate the process of identifying and targeting Kubernetes primitives such as nodes and pods, to find issues that can prove difficult to pinpoint at a given moment.

Continue reading →