Articles about Security

SMBs around the world continue to cite budget constraints, paired with a lack of time and personnel to research new security threats, as the main obstacles facing the implementation of their IT security according to a new report.

The study from Untangle Inc studied over 300 SMBs, compiling data on budget and resource constraints, breaches, IT infrastructure, cloud adoption and more.

Continue reading →

Apple has released an update to iOS 12.4, plugging a vulnerability that had been reintroduced which allowed for jailbreaking.

iOS 12.4.1 repatches a security flaw which Apple previously fixed and then, inexplicably or accidentally, unpatched. iPhone owners now face a dilemma: upgrade to iOS 12.4.1 and have the most up-to-date, secure operating system, or stick with iOS 12.4 and retain jailbreak.

Continue reading →

Social media sites are a popular target for cybercriminals. It shouldn't come as too much of a surprise therefore to find that 53 percent of logins on social media sites are fraudulent and 25 percent of all new account applications are too.

These are among the findings of a study by anti-fraud platform Arkose Labs  which analyzed over 1.2 billion transactions spanning account registrations, logins and payments from financial services, e-commerce, travel, social media, gaming and entertainment industries, in real time.

Continue reading →

It's widely acknowledged that there's a skills shortage in the cybersecurity field. Many businesses are looking to address this by training their own security talent, but this in itself can be a challenge.

We spoke to Zvi Guterman, founder and CEO of virtual IT labs company CloudShare to find out how the cloud can help address security training issues.

Continue reading →

Hosting company Hostinger has reset passwords for all of its customers after a data breach in which a database containing information about 14 million users was accessed "by an unauthorized third party".

Hostinger says that the password reset is a "precautionary measure" and explains that the security incident occurred when hackers used an authorization token found on one of the company's servers to access an internal system API. While no financial data is thought to have been accessed, hackers were able to access "client usernames, emails, hashed passwords, first names and IP addresses".

Continue reading →

Just five major vendors account for 24.1 percent of disclosed vulnerabilities in 2019 so far, according to a new report from Risk Based Security.

The report also reveals that 54 percent of 2019 vulnerabilities are web-related, 34 percent have public exploits, 53 percent can be exploited remotely and that 34 percent of 2019 vulnerabilities don't yet have a documented solution.

Continue reading →

Microsoft, Google, Red Hat, IBM and Intel are among those to join the newly formed Confidential Computing Consortium (CCC). The new organization will be hosted at the Linux Foundation, having been established to help define and accelerate the adoption of confidential computing.

The company explains that, "confidential computing technologies offer the opportunity for organizations to collaborate on their data sets without giving access to that data, to gain shared insights and to innovate for the common good". Microsoft will be contributing the Open Enclave SDK that allows developers to build Trusted Execution Environment (TEE) applications using a single enclaving abstraction.

Continue reading →

With a new beta of the Chromium-based version of Edge now available, Microsoft has unveiled details of a new bug bounty program for the browser.

Through the Microsoft Edge Insider Bounty it is possible to earn a maximum payout of $30,000 for discovering vulnerabilities in the Dev and Beta builds of Edge. Microsoft says that it intends to complement the Chrome Vulnerability Reward Program, meaning that any report that affects the latest version of Microsoft Edge but not Chrome will be eligible.

Continue reading →

Hacktivism has its origins in small groups of people banding together to achieve common goals. In recent years, however, it's become associated with larger groups and even nation states using the guise of hacktivism for geopolitical purposes.

A new report from the Insikt Group at Recorded Future though suggests that overall hacktivism is in decline.

Continue reading →

The companies most effectively managing security vulnerabilities are those using a patch tool, relying on risk-based prioritization tools, and having multiple, specialized remediation teams that focus on specific sectors of a technology stack.

A new report from cyber risk specialist Kenna Security, produced in conjunction with the Cyentia Institute, reveals that businesses with mature, well-funded vulnerability management programs are more likely to patch vulnerabilities faster.

Continue reading →

Hackers have taken advantage of a vulnerability in iOS 12.4 to release a jailbreaking tool. This is the first time in many years that it has been possible to jailbreak iPhones running the most recent version of iOS.

Security researchers discovered that in iOS 12.4, Apple has unpatched a vulnerability it previously fixed and it didn't take long for hacker Pwn20wnd to release a free jailbreak tool.

Continue reading →

Because of the volumes and types of data that it holds the healthcare industry is a prime target for cybercriminals.

So it's a little concerning that a new survey of healthcare staff from Kaspersky shows 32 percent of respondents in North America say that they have never received cybersecurity training from their workplace.

Continue reading →

Service accounts are specialized non-human accounts used by applications or other services to access data and network resources to perform specific tasks.

Because they tend to be set and then forgotten they often slip under the radar of conventional account management processes. Privileged access management specialist Thycotic is launching a new Account Lifecycle Manager to automate the management of these accounts.

Continue reading →

Apple has updated its WebKit policy, increasing the company's focus on privacy. The new WebKit Tracking Prevention Policy now states that any circumvention of its anti-tracking feature is treated in the same way, and as seriously, as security issues.

The aim is to prevent web tracking completely because "these practices are harmful to users because they infringe on a user's privacy without giving users the ability to identify, understand, consent to, or control them". Apple says it wants "to see a healthy web ecosystem, with privacy by design".

Continue reading →

Users of deception technology report a 12X improvement in the average number of days it takes to detect attackers operating within an enterprise network.

New research for Attivo Networks carried out by Enterprise Management Associates suggests attacker dwell times can be as low as 5.5 days with deception in use compared to an average of 78 to 100 days for those not using the technology.

Continue reading →