Articles about Security

If the word MouseJack seems familiar, it's because it as been around for a while. It is a remote access hack that emerged a few years back that took advantage of a vulnerability in some Logitech wireless dongles, as well as hardware from other manufacturers.

Being at least three years old, you would expect that patches would have been addressed -- and they were. But a large number of devices are still at risk because Logitech failed to recall the affect units that were on sale so there's a chance that if you bought a Logitech wireless keyboard, mouse or standalone dongle in the last few years, you could be at risk.

Continue reading →

As data protection legislation tightens and breaches continue to make headlines, there is increased pressure on businesses to implement security by design in their applications.

For many this has meant a move to DevSecOps. We spoke with Rusty Carter, vice president of product management at application security specialist Arxan to find out why this approach is becoming essential.

Continue reading →

You may well have suspected it, but now Google has confirmed it -- contractors for the company are able to listen to what you say to Google Assistant.

The revelation came after recordings of people using the AI-powered digital assistant were leaked. Belgian broadcaster VRT News obtained a large number of Dutch language recordings and was able to hear highly personal information about users -- even if they had not used the "OK Google" trigger words.

Continue reading →

Microsoft appears to be at it again, adding telemetry components into its operating system. This time around it is Windows 7 that gets the telemetry treatment, and Microsoft seems to have gone about things in a rather sneaky fashion.

The latest "security-only" update for Windows 7 includes a Compatibility Appraiser element (KB2952664) which performs checks to see whether a system can be updated to Windows 10. Hardly what most people would consider a security-only update. So what's going on?

Continue reading →

New data from the Capgemini Research Institute reveals that 69 percent of organizations believe that they won't be able to respond to critical cyber threats without AI.

Over half (56 percent) of executives say their cybersecurity analysts are overwhelmed by the vast array of data they need to monitor to detect and prevent intrusion. In addition, the type of cyberattacks that require immediate intervention, or that cannot be dealt with quickly enough by analysts, have increased

Continue reading →

You might think that cyber attacks are a constant year round activity, or perhaps that they are focused on peak shopping periods like Christmas. But a new study from threat protection specialist Lastline reveals many security professionals believe their organizations are more at risk in summer.

In a survey of 1,000 security professionals more than half believe cyber attacks are seasonal and 58 percent of those (30.5 percent overall) say that they see more attacks during the summer months.

Continue reading →

Apple has disabled the Walkie-Talkie app for Apple Watch after a vulnerability that potentially allows for eavesdropping on iPhone conversations emerged.

The company says that it is not aware of any incidents of the vulnerability being exploited, and it has not shared any details of the security issue. Apple's short-term solution is to simply disable the app while it works on a fix.

Continue reading →

A few days ago, a security issue with the Zoom chat tool came to light -- a flaw that made it possible for Mac webcams to be switched on without permission. Despite seemingly suggesting that the flaw was in fact not a flaw, Zoom issued an update that grants users more control over the software.

Apple has also produced an update of its own which nukes the security hole. The silent update has been pushed out to users and is installed without the need for confirmation or user interaction.

Continue reading →

June's Global Threat Index from Check Point reveals that the botnet behind the Emotet banking Trojan has been inactive for most of the month.

Check Point's researchers believe that Emotet's infrastructure could be offline for maintenance and upgrade operations, and that as soon as its servers are up and running again, it will be reactivated with new, enhanced threat capabilities.

Continue reading →

The ability to adequately assess and understand the risks that vendors pose is a problem for healthcare providers, and a costly one at that, according to a new report.

The study by risk management platform Censinet and the Ponemon Institute  shows the yearly hidden cost of managing vendor risk is $3.8 million per healthcare provider, higher than the $2.9 million that each data breach costs providers. This adds up to a total cost across the industry of $23.7 billion.

Continue reading →

Having cloud storage is a reality of living and working in an ever more connected world, where we expect to have access to our data anywhere with an internet connection at the drop of a hat. Cloud storage makes it easier for us to travel, to share and most importantly keep our data safe. However, not all cloud storage solutions are created equal. While many commercial services are more quick and convenient, they sacrifice security in order to be more accessible. If you deal with sensitive data such as financial documents for clients, are you using a cloud solution that’s secure enough?

When using cloud services for storing and sharing critical documents it’s important to know if you’re using a solution that employs the highest levels of protection. To know if a cloud solution is secure enough, you need to determine if it has any of the following features:

Continue reading →

Financial services are at greater risk of phishing and man-in-the-middle attacks on mobile devices than businesses in other industries according to a new report.

The study from mobile security specialist Wandera analyzed mobile device data from 225 financial services customers and reveals financial services organizations are experiencing a higher volume of phishing attacks than their peers in other sectors (57 percent compared to 42 percent cross-industry).

Continue reading →

Time to dig out the tape and cover up your webcam. The Mac version of the video conferencing tool Zoom has been found to have a flaw that enables a website to switch on your webcam without permission, and without notification.

Despite having been discovered and reported to Zoom by a security researcher three months ago, the vulnerability is yet to be patched. In fact, Zoom disagrees that there is a security issue, although it does say that users will be granted greater control over videos in an update due for release later this month.

Continue reading →

Cybercriminals are getting better at monetizing their activities, with more than two million cyber incidents in 2018 resulting in over $45 billion in losses, with actual numbers expected to be much higher as many cyber incidents are never reported.

The Internet Society's Online Trust Alliance (OTA) has released a report which finds the financial impact of ransomware rose by 60 percent last year, and losses from business email compromise doubled, despite the fact that overall breaches and exposed records were down.

Continue reading →

Offensive Security has released Kali Linux for Raspberry Pi 4.

The new build of the security-focused distro comes just two weeks after the launch of the Raspberry Pi 4, the most powerful version of the mini-computer yet. Offensive Security says that the new build takes advantage of everything the Pi 4 has to offer.

Continue reading →