Articles about Security

Migrating sensitive data to the cloud inevitably raises concerns surrounding compliance and security. Most turn to encryption as a solution, but that in itself raises issues over key management.

While many cloud service providers have allowed customers to bring their own keys (BYOK), Google Cloud Platform is linking up with the Fortanix Self-Defending Key Management Service (SDKMS) to become the first public cloud provider to enable customers to bring their own key management system (BYOKMS).

Continue reading →

Software bots are being used to automate repetitive processes in two thirds of businesses, but this can present risks depending on how properly their access to data is governed.

New research from SailPoint finds many organizations do not have the correct oversight into their day-to-day bot activities. Only five percent of respondents say they have 100 percent of bots, and their access, accounted for in their identity process.

Continue reading →

Ten organizations including Avira, the Electronic Frontier Foundation, Kaspersky, Malwarebytes and NortonLifeLock, have joined in a global initiative called the Coalition Against Stalkerware.

Stalkerware programs carry the possibility for intrusion into a person’s private life and are being used as a tool for abuse in cases of domestic violence and stalking. By installing these apps, abusers can get access to their victim's messages, photos, social media, geolocation, audio or camera recordings, and in some cases, this can be done in real-time.

Continue reading →

The camera applications within Google, Samsung and other Android smartphones could be vulnerable to attack, according to some new research.

Researchers at security platform Checkmarx found that in certain circumstances adversaries can take over smartphone camera apps to record videos, take photos, eavesdrop on conversations, and identify GPS coordinates, all without the user knowing.

Continue reading →

Digital identity platform ForgeRock is launching an Identity Platform-as-a-Service solution to help developers embed modern identity capabilities into their apps.

ForgeRock Identity Cloud provides a full suite of capabilities for identity requirements in any business environment utilizing the same APIs and SDKs as the ForgeRock Identity Platform, so customers can use ForgeRock in any deployment model, on premises, hybrid cloud, public cloud, or as-a-service.

Continue reading →

Joining the likes of Mozilla and Google, Microsoft has announced that it will support DNS over HTTPS (DoH).

The company says that the adoption of encrypted DNS is important for the overall health of the internet ecosystem. It goes on to set out a number of principles that will be at the heart of adopting DoH in the Windows DNS client.

Continue reading →

New research launched today by data erasure and mobile device diagnostics specialist Blancco Technology Group finds end-of-life devices are leaving businesses at risk of data breaches.

The survey of 1,850 senior leaders from the world's largest enterprises in APAC, Europe and North America finds 73 percent agree that the large volume of different devices at end-of-life leaves their company vulnerable to a data security breach, while 68 percent say they are very concerned about the risk of data breach from this equipment.

Continue reading →

The smart home concept is one of the best uses of modern technology. Not only do these home devices make your life easier, but they can make you and your family safer too. For instance, thanks to Wi-Fi cameras, smart smoke detectors, and internet-connected alarm systems, you can be alerted to danger.

Video doorbells are all the rage these days, and owning one is an essential part of any smart home strategy. Unfortunately, the most popular model -- Ring by Amazon -- has close ties with law enforcement, making it hard to trust from a privacy perspective. Luckily, today, we are getting yet another option -- The Arlo Video Doorbell. Arlo home cameras are quite popular, and it is good to see a doorbell being added to its product lineup.

Continue reading →

Kubernetes is one of the leading choices for container users, but its benefits of scalability and abstraction also lead to increased complexity, which can make companies reluctant to deploy the technology.

Chaos engineering platform Gremlin is launching support for Kubernetes -- Docker support was launched last year -- so engineers can now use Gremlin to automate the process of identifying and targeting Kubernetes primitives such as nodes and pods, to find issues that can prove difficult to pinpoint at a given moment.

Continue reading →

Almost a third of US consumers (31 percent) think they are at risk of fraud when contacting a brand's customer service department, with 47 percent saying it's because they have to share personal information with a customer service agent.

In another report released for International Fraud Awareness Week, the Sitel Group and CallMiner have looked at consumers' experience and concerns around customer service fraud, voice assistants and information security.

Continue reading →

Despite high profile data breaches in 2019 and 33 percent of respondents having been a victim of fraud or identity theft, when asked if they update or change passwords following a data breach at a firm they deal with, 28 percent say only sometimes and nine percent say they don't update their passwords at all.

This is one of the findings of a Shred-it report for International Fraud Awareness Week which highlights the need for improvements in both digital and physical security.

Continue reading →

Wizards of the Coast -- publisher of, among other titles, Magic: The Gathering -- has confirmed a security incident that exposed information relating to 452,634 players.

The company left a backup database containing gamer information in a public Amazon Web Services storage bucket where it was accessible from early September. Specifically, the database was used to house data relating to the game's online portal, Magic: The Gathering Arena.

Continue reading →

Some 72 percent of retailers globally have experienced a cyberattack, with 61 percent experiencing one in the last year, yet 50 percent don't have a response plan in place to deal with data breaches.

This is among the findings of a new study carried out by the Ponemon Institute for Keeper Security, which also shows the average cyberattack on a retailer involving the loss of customer/employee data results in 7,772 individual records lost or stolen, with an average price tag of $1.9M from the disruption of normal operations.

Continue reading →

As we head into the peak holiday shopping season, 66 percent of Americans believe they could easily become a victim of fraud, while another 65 percent think they are at a higher risk of having their financial information exposed as a result of their holiday shopping.

A new report from digital risk protection company Terbium Labs also shows that 68 percent would hold their bank at least partly responsible for fraudulent activity, no matter how the compromise occurred.

Continue reading →

Brave, the open-source web browser which focuses on speed, security and privacy, has officially hit version 1.0 and exited beta.

Available for Windows, macOS, Linux, Android and iOS, Brave boasts that it "blocks ads and trackers that slow you down and invade your privacy". The official launch comes three years after Brave first entered beta testing, and the browser has managed to amass millions of users.

Continue reading →