Articles about Security

Hackers have stolen the photographs of travellers entering and leaving the US, as well as photos of their license plates, US Customs and Border Protection (CBP) has said.

The cyberattack was carried out on the network of a federal subcontractor, and the images were taken as part of a "malicious cyberattack". Although the hack attack has only just been revealed publicly, CBP first learned of it on May 31.

Continue reading →

Microsoft has deleted a database containing around 10 million photographs that was being used to train facial recognition systems.

Known as MS-Celeb-1M, the database was created in 2016, and originally contained photos of celebrities. Over time, however, images of writers, journalists and others crept in, and ultimately 100,000 individuals were to be found in it. Microsoft has not made much noise about the deleted content, but has said that the database was wiped as the person maintaining it was no longer a company employee.

Continue reading →

While you might expect Homer Simpson to hand over personal details in exchange for a donut, you wouldn't expect cybersecurity professionals to do the same.

However, technology services provider Probrand has carried out a study at a cyber expo attended by UK security professionals, where attendees voluntarily shared sensitive data including their name, date of birth and favourite football team -- all to get their hands on a free donut.

Continue reading →

The dark net has become a haven for custom-built, targeted malware, with threats tailored to specific industries or organizations outnumbering off-the-shelf varieties by two to one, according to a new study.

The research from application containment company Bromium also finds four in 10 dark net vendors are selling targeted hacking services aimed at FTSE 100 and Fortune 500 businesses.

Continue reading →

It's around three weeks since Microsoft first urged Windows users to patch their systems against the BlueKeep (CVE-2019-0708) vulnerability. Concerned that not enough people were taking notice, the company then issued a further warning stressing the importance of installing a patch.

Now the NSA has got involved, joining Microsoft in begging users to secure their Windows XP and Windows 7 computers. The agency says that is "concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems".

Continue reading →

Secure identity company SecureAuth is launching enhancements to its solution with the announcement of Intelligent Identity Cloud.

This gives CISOs and IT professionals the ability to deploy the same capabilities in the cloud, on-premises, or as a hybrid of the two, addressing business demands of agility and dramatically improving identity security.

Continue reading →

Despite Apple mandating developers to build end-to-end encryption into their apps, a high number of apps don't comply, according to a new report.

The study from mobile security company Wandera analyzed more than 30,000 of the iOS apps most commonly used by employees and found that more than two-thirds of apps don't enable App Transport Security (ATS).

Continue reading →

Contact center data security specialist Semafone is making its Cardprotect available as a cloud solution in the US for the first time.

Companies now have the choice of running Cardprotect on premise, as a managed appliance, in a hybrid could or fully cloud solution. The new, cloud version enables a much faster, more scalable, flexible and cost-effective deployment, as there is no need for contact centers to purchase or manage equipment.

Continue reading →

A global survey of over 1,000 IT security decision makers by privileged access management specialist BeyondTrust reveals that 64 percent believe they've had either a direct or indirect breach due to employee access in the last year, and 62 percent believe they've had a breach due to vendor access.

Employee behavior continues to be a challenge for a majority of organizations. Writing down passwords, for example, is cited as a problem by 60 percent of organizations, while colleagues telling each other passwords was also an issue for 58 percent of organizations in 2019.

Continue reading →

Medical testing firm and clinical laboratory Quest Diagnostics has revealed that a data breach has led to the records of nearly 12 million of its customers being exposed. The data includes financial data, Social Security numbers and medical information.

Quest Diagnostics was itself not the target of hackers, but the American Medical Collection Agency (AMCA) was. The company is used by Optum360 for billing collections services, and Optum360 is used by Quest Diagnostics.

Continue reading →

New data from digital identity platform ForgeRock reveals that data breaches cost US organizations over $654 billion as well as exposing more than 2.8 billion consumer records.

Personally identifiable information (PII) was the most targeted data for breaches in 2018, accounting for 97 percent of all breaches, with unauthorized access encompassing 34 percent of all attacks.

Continue reading →

Despite businesses investing in next-gen technologies, phishing threats continue to become more sophisticated and effective according to a new report.

The study from intelligent phishing defense company Cofense shows how threat actors, armed with an ever-growing arsenal of tactics and techniques, continue to tweak their campaigns and enhance their capacity to deliver malware, ultimately getting more messages past perimeter controls to user inboxes.

Continue reading →

Traditionally, network architectures were designed and secured according to the "castle-and-moat" model. Like a medieval fortress, an enterprise data center was imagined to have impregnable and unbreachable walls. All traffic entering or exiting would pass through a single access point, where a security gateway appliance would sit, like a knight in shining armor. This device would police the network traffic on a packet-by-packet basis, allowing traffic it deemed ‘safe’ unrestricted access to the network’s trusted interior.

Although this model is as outdated as chain mail is for 21st-century military combat, its legacy endures in assumptions and presuppositions that can prevent business decision makers from choosing the most effective cybersecurity tools and solutions for today’s complex threat landscape.

Continue reading →

New research from threat detection specialist Senseon looking at the state of cyber security in SMEs reveals increasing uncertainty about whether the investment into the security solutions they’re currently using is worth the cost.

The survey also reveals that SMEs have been slow to implement AI solutions, despite the vast majority of SMEs surveyed (81 percent) thinking that AI will be fundamental to the future of cyber security.

Continue reading →

Two weeks after warning about a critical Remote Code Execution vulnerability in Remote Desktop Services, Microsoft is concerned that around a million internet-connected computers remain unpatched and vulnerable to attack.

The company says that there is a risk that CVE-2019-0708, or BlueKeep, could turn into the next WannaCry if steps aren't taken to secure systems. While there is not yet any sign of a worm that exploits the vulnerability, proofs of concept do exist, and it could only be a matter of time before this changes. Microsoft is taking the matter so seriously, that it even released security patches for the unsupported Windows XP, Vista and 2003 -- people just need to install them.

Continue reading →