Articles about Security

Bug bounty programs are a common way for companies to learn about problems with their hardware and software, while giving people the chance to get paid for finding them. Apple is one of the big names to run such a program, and it has at long last expanded it to included macOS.

The iPhone-maker made the announcement at the Black Hat security conference, where it also revealed that not only will its bug bounty program spread to tvOS, watchOS and iCloud as well, but also that the maximum reward is increasing to a cool $1 million.

Continue reading →

A new study of over 700 full-time US employees reveals that that 48 percent of employees have access to more company data than they need to perform their jobs, while 12 percent of employees say they have access to all company data.

The survey by business app marketplace GetApp also asked employees what classifications of data protection are in place at their company. No more than a third of businesses were found to use any one individual data classification.

Continue reading →

A security flaw in the F5 Networks’ BIG-IP load balancer, which is popular among governments, banks, and other large corporations, could be exploited to allow network access.

F-Secure senior security consultant Christoffer Jerkeby has discovered the issue in the Tcl programming language that BIG-IP's iRules (the feature that BIG-IP uses to direct incoming web traffic) are written in. Certain coding practices allow attackers to inject arbitrary Tcl commands, which could be executed in the security context of the target Tcl script.

Continue reading →

Detections of ransomware aimed at businesses rose by a massive 363 percent between the second quarter of 2018 and the same period this year. Meanwhile consumer ransomware is down 34 percent.

The latest quarterly threat report from Malwarebytes also sees a 235 percent overall increase in threats aimed at organizations from enterprises to small businesses, with ransomware as a major contributor.

Continue reading →

A new report from enterprise file sharing platform FileCloud looks at cloud and data security and finds that 50 percent of companies don’t plan on moving mission critical workloads to the public cloud.

The survey of 150 professionals from industries including health care, financial services and educational institutions finds that shifts in perceptions of data security are impacting movement to the cloud.

Continue reading →

The cybercriminal's most effective weapon in a ransomware attack is the network itself, which enables the malicious encryption of shared files on network servers, especially files stored in infrastructure-as-a-service (IaaS) cloud providers.

This is according to a new report from threat detection specialist Vectra which finds that by encrypting files that are accessed by many business applications across the network, attackers achieve an economy of scale faster and far more damaging than encrypting files on individual devices.

Continue reading →

Phishing threats tend to be fast moving, so the ability to block them quickly is essential for protection.

But a new survey finds that even large companies with multi-layer security controls and multiple threat feeds lack adequate safeguards to protect their employees from phishing attacks that employ links to malicious sites.

Continue reading →

It has been revealed that Microsoft silently pushed out a patch to Windows users to fix a vulnerability that affected Intel CPUs produced since 2012 -- which means everything post Ivy Bridge chips.

The SWAPGS vulnerability is similar to the now-famous Spectre and Meltdown chip flaws, and was discovered by security firm Bitdefender a year ago; the fact that it has now been patched was only revealed at the BlackHat security conference. Red Hat says that an update to the Linux kernel is needed to protect against the flaw which it says affects both Intel and AMD chips, although Bitdefender has not been able to find any issues with AMD's processors.

Continue reading →

Analysis by Mimecast of 67 billion attack emails between April and June this year reveals that opportunistic attacks are dominated by Trojans, which make up 71 percent.

Targeted attacks are lower in volume but are specifically designed to get past commodity malware scanners by using newly detected or updated malware not detectable with file signatures.

Continue reading →

New research from fraud prevention and multi-factor authentication specialist iovation reveals that 49 percent of all risky transactions now come from mobile devices, up from 30 percent in 2018, 33 percent in 2017 and 25 percent in 2016.

Looked at geographically, North America with 59 percent of all risky transactions coming from mobile devices, leads the way. In 2018, it was Asia at 53 percent. In 2017, it was North America with 55 percent, and in 2016, it was North America again with 36 percent.

Continue reading →

Data breaches and misconfigurations come out top of the Cloud Security Alliance's latest Top Threats report which reveals an 'Egregious Eleven' list of cloud security threats.

This year's list no longer includes issues that fall to cloud service providers (CSPs), such as denial of service, shared technology vulnerabilities, CSP data loss and system vulnerabilities. This suggests these are either being well addressed or are no longer perceived as a significant business risk of cloud adoption.

Continue reading →

Supply chain threats are a major problem for enterprises and they are forcing smaller businesses to take security more seriously in order to win contracts.

A study by cyber security awareness platform CybSafe shows nearly 37 percent of organizations have been required to achieve a recognized cyber security standard by their enterprise customers before successfully securing contracts. This represents a nine percent increase over 2017.

Continue reading →

In the second quarter of 2019, the total number of DDoS attacks grew by 18 percent, compared to the same period in 2018 according to a new report from Kaspersky.

There is, however, a drop compared to the first quarter of this year, with attacks down 44 percent. Kaspersky attributes this to seasonal variation with DDoS attack usually declining in late spring and summer.

Continue reading →

Are you one of the millions of Mac users under the impression that your digital security is guaranteed simply due to the fact that you’re using a Mac? Then I’ve got some news for you that you may not want to hear: the popular and long-standing myth that Mac users are immune to security vulnerabilities is just that -- a myth. This myth largely derives from the fact that the global Windows market share dwarfs that of macOS. Hackers and cybercriminals would much rather target an operating system that serves nearly 90 percent of users worldwide than one that accounts for less than 10 percent.

The truth is that Macs are still very much susceptible to vulnerabilities that can be exploited by cybercriminals, or even by developers of apps you may use on a daily basis. So if you’re a Mac user who has been lulled into a false sense of security, it’s time for you to wake up and realize that your security is by no means guaranteed on a Mac. That’s the hard reality of it, and the sooner you come to grips with it, the sooner you can start taking steps to protect your digital security and personal privacy on your Mac.

Continue reading →

Speed of response is critical for security teams, which is why many companies employ Security Orchestration, Automation and Response (SOAR) tools.

Security automation platform LogicHub is looking to take SOAR a step further with the launch of a SOAR+ platform offers autonomous detection and response, advanced analytics and machine learning to automate decision making with accuracy across disparate security operations.

Continue reading →