Articles about Security

Ransomware attacks are a major problem and they often gain access to systems via brute-force attacks against open and exposed remote access points such as Remote Desktop Protocol.

Cloud-native virtual application delivery platform Cameyo is launching its new RDP Port Shield security technology, along with a free, open source monitoring tool that any organization can use to identify attacks taking place over RDP in their environment.

Continue reading →

Human error has become one of the biggest contributors to data breaches. Organizations have traditionally relied on the effectiveness of technology controls but haven't addressed the fundamental reasons why humans make mistakes and are susceptible to manipulation.

A new report from the Information Security Forum finds that by helping staff understand how these vulnerabilities can lead to poor decision making and errors, organizations can better manage risk.

Continue reading →

Researchers at cybersecurity company Symantec have uncovered a new threat group dubbed 'Tortoiseshell' that is attacking IT providers.

The research has identified 11 targets, most of them in Saudi Arabia. In two cases hundreds of hosts were infected, probably because the attackers were hunting for machines that were of particular interest.

Continue reading →

The healthcare sector collects a lot of detailed information about its clients and that makes it a prime target for cybercriminals.

A new report from SecurityScorecard confirms this, aggregating data from a number of different sources it reveals that healthcare remains the most breached industry.

Continue reading →

Security researchers at TrendMicro have discovered a rootkit-like strain of malware that is striking Linux users. Called Skidmap, the malware is a cryptocurrency miner, but there is much more to it than that.

Skidmap is clever. Very clever. It goes out of its way to disguise itself, going as far as faking system statistics to hide the tell-tale high CPU usage that might give it away. More than this, the Monero-mining malware can also give attackers unlimited access to an infected system.

Continue reading →

The browser extensions for password management tool LastPass suffered from a vulnerability that meant users' passwords could be leaked, a Google Project Zero researcher reported.

Affecting the Chrome and Opera extensions, the vulnerability meant that malicious websites could trick LastPass into exposing usernames and passwords. LastPass explains that the problem stemmed from a "limited set of circumstances" that allowed for clickjacking. The good news is that the security flaw has been patched.

Continue reading →

Protecting sensitive data and meeting compliance rules is an issue for all companies. A new cloud-based module offers on-demand encryption to allow businesses to meet their security needs.

The hardware security module (HSM) from nCipher Security is called nShield and, delivered as a service, can be used in cloud-first strategies, selective cloud migration, or to add HSM capacity to handle workload spikes.

Continue reading →

As businesses dash towards digital transformation initiatives and the cloud, the pressure to secure both systems and data becomes more intense.

One answer to this is a security automation approach that enables growth while providing visibility across all cloud environments, responding to critical incidents and protecting for governance, risk and regulation compliance.

Continue reading →

The second quarter of 2019 saw DNS amplification DDoS attacks up more than 1,000 percent over the same period last year according to the latest threat report from Nexusguard.

Nexusguard researchers attribute Domain Name System Security Extensions (DNSSEC) with fueling the new wave of DNS amplification attacks, which accounted for more than 65 percent of the attacks last quarter according to the team's evaluation of thousands of worldwide DDoS attacks.

Continue reading →

People are spending more of their time and managing more of their lives on the internet, so it's little wonder that the web is a rich hunting ground for cybercriminals and scammers.

In order to make using the internet safer, Malwarebytes is launching Browser Guard, a free browser extension aimed at safeguarding consumers from scammers, and allowing them to browse up to four times faster.

Continue reading →

Sandboxie -- the sandboxing tool with the tagline "Trust no program" -- has been made into a free utility. But more than this, Sophos also plans to make the software open source in the near future.

The company says that it was a difficult decision to make, pointing out that Sandboxie has never been a significant component of its business. While simply shutting down the app would have been the easiest and cheapest thing to do, Sophos says: "we love the technology too much to see it fade away".

Continue reading →

Cyber criminals have upped the intensity of IoT attacks and those using Windows SMB in the first half of 2019, according to a new F-Secure report.

F-Secure's honeypot servers measured a twelvefold increase in such events compared to the same period a year ago. The increase was driven by traffic targeting the Telnet and UPnP protocols, which are used by IoT devices, as well as the SMB protocol, which is used by the Eternal family of exploits to propagate ransomware and banking Trojans.

Continue reading →

There have been 1.6 million phishing attacks targeting the Apple brand name in the first half of 2019. This is up nine percent on the total number of attacks seen last year, revealing a growing trend.

These figures come from Kaspersky's Threats to Mac Users Report 2019, released this week, which shows the number of cases where users faced fraudulent web pages utilising the Apple brand as a decoy has increased significantly in the first six months of the year.

Continue reading →

A security researcher has revealed details of a series of vulnerabilities in routers made by D-Link and Comba which make it easy to see usernames and passwords.

Simon Kenin from Trustwave SpiderLabs -- an "elite team of ethical hackers, forensic investigators and researchers" -- found a total of five security flaws which involve the insecure storage of credentials. In some instances, passwords are stored in plain text and can be seen by anyone with network or internet access to the routers in question.

Continue reading →

Most websites within the Alexa 1000 ranking in the US are not prepared to face advanced client-side attacks like Magecart according to analysis carried out by Tala Security.

Findings from the Tala 2019 State of the Web Report show the average website relies on 31 third-parties. Nearly two-thirds (63 percent) of the externally loaded JavaScript code executed in the browser is either written by and/or managed by third-parties.

Continue reading →