Articles about Security

The shortage of cybersecurity talent is well known and among attempts to address it in the UK is the Cyber Discovery program, backed by the Department for Digital, Culture, Media and Sport (DCMS) and delivered by the SANS institute.

Over 46,000 teenagers have taken part in the last two years, so as the program returns for its third year we spoke to James Lyne, CTO of the SANS institute to find out more about its aims and achievements to date.

Continue reading →

Apple has tried to downplay concerns raised by Google about security vulnerabilities in iOS that could be exploited by malicious websites. Google's Project Zero recently revealed details of flaws in iOS that were being used to target and monitor iPhone users.

Other security researchers went on to warn that the vulnerabilities were being used to target Uyghur Muslims, possibly in a campaign run by the Chinese government. Having remained silent for more than a week after the revelations, Apple finally issued a statement responding to the findings, prompting criticism that the company was trying to downplay the issues.

Continue reading →

Trust in politicians is at something of a low at the moment and at the same time we regularly see them calling for cyber measures, like backdoors to encryption, without seemingly understanding the implications.

The results of a new survey therefore shouldn't come as too much of a surprise.

Continue reading →

Improving security remains the top priority for mid-sized businesses, but they need to be more proactive in their approach to managing IT according to a new report.

The 2019 State of IT Operations for Small and Midsize Businesses report from infrastructure management specialist Kaseya shows 32 percent of respondents experienced a security breach in the past five years, down slightly from 35 percent in 2018 with at least 10 percent of respondents reporting that they were hit by a breach in the past year.

Continue reading →

In its latest privacy lapse, Facebook has exposed the phone numbers of hundreds of millions of users on an unsecured server.

Databases on the server were not password-protected, and included details of 133 million US users, 50 million in Vietnam, and 18 million in the UK. In all 419 million records could be accessed by anyone looking in the right place.

Continue reading →

Traditional cyber security training is often based on out-of-date attack methodologies which means the skills learned quickly becoming outdated. While cybercriminals are continuously innovating, training for security professionals is lagging behind.

Skills development platform Immersive Labs has announced an integration that allows organizations to base cyber skills training on MITRE ATT&CK, meaning organizations can map and manage specific people’s skills, to actual risks.

Continue reading →

New research from internet infrastructure company Nominet finds that 61 percent of security professionals believe the risk of a security breach is the same or lower in cloud environments compared to on-premise.

The study of nearly 300 UK and US C-level security professionals, marks a major shift in the perception of security of the cloud. However, it doesn't mean the cloud is viewed as entirely safe.

Continue reading →

According to a new study 43 percent of UK SMBs have suffered phishing attacks involving attempts to impersonate staff in the last year.

More concerning is that of those attacks 66 percent were successful in compromising data. The study from security and data anlaytics company CybSafe also finds only 47 percent of those surveyed say they have already got a cyber security training and awareness program in place.

Continue reading →

Jack Dorsey's Twitter account was hacked yesterday, and the hackers -- going by the name of the Chuckle Gang -- proceeded to send racist tweets and made reference to a bomb at Twitter headquarters.

The account of the Twitter CEO was back under control relatively quickly, and the tweets sent out by the hackers were deleted. Twitter has said that its security systems were not compromised in the attack, instead blaming the account hijacking on a "security oversight" by a mobile provider which enabled hackers to take control of a mobile number associated with Dorsey's account.

Continue reading →

Foxit Software has revealed that it "recently" suffered a security breach in which private user data was exposed to unnamed third parties. Those whose account have been affected are being contacted and "encouraged to change their passwords".

The company -- famed for PDF applications such as Foxit Reader and PhantomPDF -- does not say when the incident took place, nor how many users are affected, but it explains that "My Account" section of user accounts was exposed. This includes data such as email addresses, passwords, users' names, phone numbers, company names and IP addresses, but not payment information.

Continue reading →

Bug bounty programs have become a popular way for developers to track down security issues in software, but big pay-outs are not something that every company can afford.

In a bid to keep its Android platform secure, Google has announced that its own bug bounty program is being expanded to include all big Android apps, regardless of who develops them. The company will reward security researchers who find bugs in any app in the Google Play Store with 100 million or more installs.

Continue reading →

New research from managed detection and response company CRITICALSTART finds that security operations center (SOC) analysts are being overwhelmed by alerts and this is leading to high rates of analyst turnover.

In the past year, 80 percent of respondents reported SOC turnover of more than 10 percent of analysts, with nearly half reporting between 10 and 25 percent turnover. 35 percent report losing a quarter or more of their SOC analysts in under a year.

Continue reading →

Only 24 percent of organizations are prioritizing security when it comes to technology investment according to a new report from UK-based software company Advanced.

For the report the company surveyed over 500 senior decision makers working in UK businesses, both SMEs and large enterprises, to explore the state of digital transformation. It shows that just 34 percent admit that regulatory change is triggering the purchase of new technology in their organisation, which is surprisingly low given the introduction of GDPR in May last year.

Continue reading →

DDoS attacks remain a major problem for businesses and can have serious consequences.

Data center services supplier US Signal is launching a new cloud-based offering. Building on the company’s partnership with Cloudflare it delivers a robust, customizable service that protects organizations against online threats including DDoS, ransomware, malicious bots and application-layer attacks.

Continue reading →

The Magecart JavaScript attack that captures online payment information has been around since 2016. A new study for Arxan Technologies produced by Aite Group takes a detailed look at the attack.

This research follows the trail of servers compromised by Magecart groups, as well as the collection servers to which the sites were actively sending stolen credit card data, in an effort to examine commonalities between victim websites and the tactics, techniques, and procedures used to compromise the servers.

Continue reading →