Articles about Security

Online security and privacy can be difficult to achieve in a household environment, with different people using a range of devices. Proton, the company behind a number of privacy-focused services like Proton Mail and Proton VPN, may have the answer with the launch of a new family plan.

Proton Family offers an all-in-one digital security and privacy solution designed for families. The plan offers up to six family members access to Proton's premium services and features, including end-to-end encryption for emails, calendars, file storage, password management, and VPN protection.

Continue reading →

Bug bounty programs have become a common way for companies to track down issues with software before they start to cause security concerns for users. While Google has various existing programs of this nature, the company has just launched the Mobile Vulnerability Rewards Program.

Google Mobile VRP is a bug bounty program that focuses on the company's own software. It lets security researchers and software detectives submit reports about Google's Android apps, earning financial rewards for discovering security flaws.

Continue reading →

Russia’s invasion of Ukraine in February 2022 signaled many things to the Western world, but perhaps one of the biggest warnings was how precarious energy security really was as oil and gas prices skyrocketed following the start of the war.

As Europe entered winter and the demand for energy increased, it highlighted just how vicious the cycle can be as cyber attacks on critical infrastructure and operation technology increased.

Continue reading →

The global market for commercial spyware is currently estimated at around $12 billion, which over the last 10 years has seen 80 countries purchase the technology. Spyware is used for a range of purposes, allowing operators to gain remote access to devices from across the world. Once a device becomes infected, the perpetrator gains complete control of the device, which can mean unfettered access to messages, audio calls, photos, and remote access to cameras and microphones.

What’s worrying is spyware is becoming accessible even to users lacking advanced tech skills. Cheaper, more rudimentary forms of spyware like stalkerware exist. Stalkerware can be particularly intrusive and abusive as it must be physically installed, meaning attackers need direct access to which ever device they try to infiltrate. In this article, we will expose the threat from digital spying and stalking, and how to maximize protection.

Continue reading →

The security of APIs remains a top cybersecurity concern this year, according to a new study, yet there is still a lack of dedicated API security for many companies.

Research from TraceableAI, carried out at this year's RSA conference, finds that though 69 percent of organizations claim to factor APIs into their cybersecurity strategy, 40 percent of companies do not have dedicated professionals or teams for API security.

Continue reading →

Cybersecurity is an emerging career trend and will continue to become increasingly important.

Despite the lucrative pay and significant career growth opportunities, many people are unsure of how to get started. Cybersecurity Career Master Plan is designed by leading industry experts to help you enter the world of cybersecurity with confidence, covering everything from gaining the right certification to tips and tools for finding your first job.

Continue reading →

Whether security leaders oversee a small security team or an enterprise-scale team spread over numerous security operations centers (SOCs), building and maintaining integrations with other tools in the tech stack can be difficult and time-consuming.

The average business integrates approximately 75 different security products and often multiple public, and private cloud services into its technology stacks. Many dynamic factors are at play with integrations, from versioning and version control to the constant evolution of Application Program Interfaces (APIs).

Continue reading →

A new report shows that 2022 saw a 300 percent increase in 'carpet bomb' DDoS attacks compared to 2021. Carpet bomb attacks, also known as spread-spectrum or spray attacks, distribute traffic across large IP address spaces.

Legacy technology, like standard victim-oriented detection and mitigation detection techniques, often fails to accurately identify these attacks, leading to incomplete mitigation or false positives. Legacy solutions can also simply be overwhelmed by the number of IP addresses involved.

Continue reading →

Security professionals all know that they should test their security hardware and software periodically to make sure it's working as intended. Many normal IT activities have unintended consequences that cause security configurations to 'drift' over time and make the organization more vulnerable.

But testing is frequently postponed or ignored because it never becomes a high enough priority. We spoke to Song Pang, SVP of engineering at NetBrain, to find out how automation can be used to detect when security products or network traffic are no longer behaving as intended.

Continue reading →

WhatsApp has long been one of the more secure messaging apps with mass appeal, largely thanks to end-to-end encryption. This has been boosted further by features such as disappearing messages, and now Meta has added Chat Lock.

The company says that the feature "lets you protect your most intimate conversations behind one more layer of security"; what this means in practice is that message can be password or fingerprint protected. But there is more to Chat Lock than this.

Continue reading →

Microsoft has been spotted scanning for malware within password protected zip files stored on its cloud services.

Security researcher Andrew Brandt was among those to notice that Microsoft appears to be bypassing passwords added to zip archives in order to check for malware. While the intentions of the company may be good, the practice raises serious questions about privacy and security.

Continue reading →

It's human nature to have an, 'it can't happen to me' approach to life's mishaps, whether it's being involved in a traffic accident or falling victim to cybercrime.

But of course these things do happen to someone. When it comes to identity theft, Home Security Heroes has taken a more scientific approach to determining how likely you really are to become a victim.

Continue reading →

Quantum computing is something that seems to have been hovering just out of reach for a decade or so -- in fact research into the concept first began back in the 1980s.

More recently quantum has come closer to a commercial reality, with big players like IBM publishing a road map with a clear, detailed plan to scale quantum processors and build the hardware necessary to take advantage of the technology and other big players like Google, Amazon, and Microsoft having since followed suit.

Continue reading →

Web browser Brave has long had a focus on privacy, making it the browser of choice for those with concerns about online tracking and the like. Although Brave may be regarded as one of the most private browsers available, its developers continue to work on new innovations; the latest is Forgetful Browsing.

This new feature makes it possible to always clear cookies and other storage when a site is closed, helping to eliminate the potential for tracking and bringing other benefits. Forgetful Browsing can be enabled on a site-by-site basis, or applied across the board, and it prevents sites from using trackers to identify you, bypasses article viewing limits, and ensures that you are logged out of sites when you leave them.

Continue reading →

Modern IT environments continue to become more and more distributed, driving the growth of endpoints across the enterprise. Some research estimates that enterprises now manage more than 135,000 endpoints and Enterprise Strategy Group estimates that more than 70 percent of employees use more than four devices daily for work. That’s a lot of endpoints. And when you combine this endpoint growth with the fact that 560,000 new pieces of malware are detected every day, how can you not wonder if your organizations is the next target for a ransomware or phishing attack.

Security pros are overwhelmed by endpoints and struggle to find the right mix of solutions and strategies that can effectively secure their organizations. The more diverse they are, the more difficult they are to manage and secure (especially with mobile and IoT device proliferation). Just look at recent attacks against Twitter, Slack, Taco Bell, and more. For many organizations, endpoint security is really hard. This is why their security teams need to constantly assess and adjust their endpoint security strategies.

Continue reading →