Articles about Security

Apple has disabled the Walkie-Talkie app for Apple Watch after a vulnerability that potentially allows for eavesdropping on iPhone conversations emerged.

The company says that it is not aware of any incidents of the vulnerability being exploited, and it has not shared any details of the security issue. Apple's short-term solution is to simply disable the app while it works on a fix.

Continue reading →

A few days ago, a security issue with the Zoom chat tool came to light -- a flaw that made it possible for Mac webcams to be switched on without permission. Despite seemingly suggesting that the flaw was in fact not a flaw, Zoom issued an update that grants users more control over the software.

Apple has also produced an update of its own which nukes the security hole. The silent update has been pushed out to users and is installed without the need for confirmation or user interaction.

Continue reading →

June's Global Threat Index from Check Point reveals that the botnet behind the Emotet banking Trojan has been inactive for most of the month.

Check Point's researchers believe that Emotet's infrastructure could be offline for maintenance and upgrade operations, and that as soon as its servers are up and running again, it will be reactivated with new, enhanced threat capabilities.

Continue reading →

The ability to adequately assess and understand the risks that vendors pose is a problem for healthcare providers, and a costly one at that, according to a new report.

The study by risk management platform Censinet and the Ponemon Institute  shows the yearly hidden cost of managing vendor risk is $3.8 million per healthcare provider, higher than the $2.9 million that each data breach costs providers. This adds up to a total cost across the industry of $23.7 billion.

Continue reading →

Having cloud storage is a reality of living and working in an ever more connected world, where we expect to have access to our data anywhere with an internet connection at the drop of a hat. Cloud storage makes it easier for us to travel, to share and most importantly keep our data safe. However, not all cloud storage solutions are created equal. While many commercial services are more quick and convenient, they sacrifice security in order to be more accessible. If you deal with sensitive data such as financial documents for clients, are you using a cloud solution that’s secure enough?

When using cloud services for storing and sharing critical documents it’s important to know if you’re using a solution that employs the highest levels of protection. To know if a cloud solution is secure enough, you need to determine if it has any of the following features:

Continue reading →

Financial services are at greater risk of phishing and man-in-the-middle attacks on mobile devices than businesses in other industries according to a new report.

The study from mobile security specialist Wandera analyzed mobile device data from 225 financial services customers and reveals financial services organizations are experiencing a higher volume of phishing attacks than their peers in other sectors (57 percent compared to 42 percent cross-industry).

Continue reading →

Time to dig out the tape and cover up your webcam. The Mac version of the video conferencing tool Zoom has been found to have a flaw that enables a website to switch on your webcam without permission, and without notification.

Despite having been discovered and reported to Zoom by a security researcher three months ago, the vulnerability is yet to be patched. In fact, Zoom disagrees that there is a security issue, although it does say that users will be granted greater control over videos in an update due for release later this month.

Continue reading →

Cybercriminals are getting better at monetizing their activities, with more than two million cyber incidents in 2018 resulting in over $45 billion in losses, with actual numbers expected to be much higher as many cyber incidents are never reported.

The Internet Society's Online Trust Alliance (OTA) has released a report which finds the financial impact of ransomware rose by 60 percent last year, and losses from business email compromise doubled, despite the fact that overall breaches and exposed records were down.

Continue reading →

Offensive Security has released Kali Linux for Raspberry Pi 4.

The new build of the security-focused distro comes just two weeks after the launch of the Raspberry Pi 4, the most powerful version of the mini-computer yet. Offensive Security says that the new build takes advantage of everything the Pi 4 has to offer.

Continue reading →

Canonical -- the company behind the Ubuntu Linux distro -- is investigating an attack on its GitHub account over the weekend.

On Saturday, hackers were able to break into Canonical's GitHub account and create a number of new repositories. Named CAN_GOT_HAXXD, the eleven repositories were empty and have now been removed. Canonical says that no source code was accessed, but it is not yet known who carried out the attack.

Continue reading →

In a new study of IT decision makers by Barracuda Network, 94 percent of participants admit that email is still the most vulnerable part of their organization's cyber security.

The survey of 280 decision makers focused on the email threat landscape and email security practises. It discovered that 75 percent have been hit with brand impersonation emails, the largest threat as identified in the survey with ransomware coming in second on 47 percent.

Continue reading →

Scheduled vulnerability scanning can leave blind spots between scans leaving organizations vulnerable.

In response to this problem, Microsoft has partnered with a number of enterprise customers to create a new Threat and Vulnerability Management solution as a built-in feature of Microsoft Defender Advanced Threat Protection.

Continue reading →

EA has fixed a series of security issues on its Origin gaming service which could have been exploited by attackers to take control of user accounts and gain access to personal data.

EA Origin's security flaws meant that more than 300 million gamers were put at risk. Israeli security firms Check Point said that attackers could take advantage of a "chain of vulnerabilities" to attack players of games such as FIFA, Maden NFL, NBA Live, UFC, The Sims, Battlefield, Command and Conquer, and Medal of Honor.

Continue reading →

According to a 2018 IBM study, the average cost of a data breach for a U.S. company is $7.91 million, while the average cost of a lost or stolen record that contains sensitive or confidential information is $148. Unfortunately, these figures are only rising.

Cyber attacks continue to not only cost companies more money but have also grown larger and more aggressive because of how profitable cybercrime has become. Despite the ongoing advances in IT security, threats continue to emerge just as fast as security measures evolve. Though cybercriminals will continue to find new, creative ways to gain access to business data, there are simple tactics you can implement to better protect your company.

Continue reading →

Every year a new iPhone hits the market and there are thousands of different Android devices in circulation. Both Apple and Google are constantly adding new features and functions to incorporate emerging technologies, maintain competitiveness, and cement their reputations as innovators.

Commercial focus typically sits with the clamor of more surface-level, UI related features like Memojis, Group FaceTime, gesture navigation, the features that consumers are drawn to rather than the patching of CVE-2018-4249. It’s all a matter of priorities, people want a device with all the mod cons, a mobile device just needs to be secure enough, meeting minimum expectations. It also doesn’t help that there has been a long held misconception that mobile OSs are secure enough and users don’t need a security solution. Despite mobile OSs becoming relatively hardened, usage is very different compared to traditional form factors, and there are a number of threat vectors that an OS can’t protect against.

Continue reading →