Security

A security flaw in the F5 Networks’ BIG-IP load balancer, which is popular among governments, banks, and other large corporations, could be exploited to allow network access.

F-Secure senior security consultant Christoffer Jerkeby has discovered the issue in the Tcl programming language that BIG-IP's iRules (the feature that BIG-IP uses to direct incoming web traffic) are written in. Certain coding practices allow attackers to inject arbitrary Tcl commands, which could be executed in the security context of the target Tcl script.

Detections of ransomware aimed at businesses rose by a massive 363 percent between the second quarter of 2018 and the same period this year. Meanwhile consumer ransomware is down 34 percent.

The latest quarterly threat report from Malwarebytes also sees a 235 percent overall increase in threats aimed at organizations from enterprises to small businesses, with ransomware as a major contributor.

A new report from enterprise file sharing platform FileCloud looks at cloud and data security and finds that 50 percent of companies don’t plan on moving mission critical workloads to the public cloud.

The survey of 150 professionals from industries including health care, financial services and educational institutions finds that shifts in perceptions of data security are impacting movement to the cloud.

The cybercriminal's most effective weapon in a ransomware attack is the network itself, which enables the malicious encryption of shared files on network servers, especially files stored in infrastructure-as-a-service (IaaS) cloud providers.

This is according to a new report from threat detection specialist Vectra which finds that by encrypting files that are accessed by many business applications across the network, attackers achieve an economy of scale faster and far more damaging than encrypting files on individual devices.

Phishing threats tend to be fast moving, so the ability to block them quickly is essential for protection.

But a new survey finds that even large companies with multi-layer security controls and multiple threat feeds lack adequate safeguards to protect their employees from phishing attacks that employ links to malicious sites.

It has been revealed that Microsoft silently pushed out a patch to Windows users to fix a vulnerability that affected Intel CPUs produced since 2012 -- which means everything post Ivy Bridge chips.

The SWAPGS vulnerability is similar to the now-famous Spectre and Meltdown chip flaws, and was discovered by security firm Bitdefender a year ago; the fact that it has now been patched was only revealed at the BlackHat security conference. Red Hat says that an update to the Linux kernel is needed to protect against the flaw which it says affects both Intel and AMD chips, although Bitdefender has not been able to find any issues with AMD's processors.

Analysis by Mimecast of 67 billion attack emails between April and June this year reveals that opportunistic attacks are dominated by Trojans, which make up 71 percent.

Targeted attacks are lower in volume but are specifically designed to get past commodity malware scanners by using newly detected or updated malware not detectable with file signatures.

New research from fraud prevention and multi-factor authentication specialist iovation reveals that 49 percent of all risky transactions now come from mobile devices, up from 30 percent in 2018, 33 percent in 2017 and 25 percent in 2016.

Looked at geographically, North America with 59 percent of all risky transactions coming from mobile devices, leads the way. In 2018, it was Asia at 53 percent. In 2017, it was North America with 55 percent, and in 2016, it was North America again with 36 percent.

Data breaches and misconfigurations come out top of the Cloud Security Alliance's latest Top Threats report which reveals an 'Egregious Eleven' list of cloud security threats.

This year's list no longer includes issues that fall to cloud service providers (CSPs), such as denial of service, shared technology vulnerabilities, CSP data loss and system vulnerabilities. This suggests these are either being well addressed or are no longer perceived as a significant business risk of cloud adoption.

Supply chain threats are a major problem for enterprises and they are forcing smaller businesses to take security more seriously in order to win contracts.

A study by cyber security awareness platform CybSafe shows nearly 37 percent of organizations have been required to achieve a recognized cyber security standard by their enterprise customers before successfully securing contracts. This represents a nine percent increase over 2017.

In the second quarter of 2019, the total number of DDoS attacks grew by 18 percent, compared to the same period in 2018 according to a new report from Kaspersky.

There is, however, a drop compared to the first quarter of this year, with attacks down 44 percent. Kaspersky attributes this to seasonal variation with DDoS attack usually declining in late spring and summer.

Are you one of the millions of Mac users under the impression that your digital security is guaranteed simply due to the fact that you’re using a Mac? Then I’ve got some news for you that you may not want to hear: the popular and long-standing myth that Mac users are immune to security vulnerabilities is just that -- a myth. This myth largely derives from the fact that the global Windows market share dwarfs that of macOS. Hackers and cybercriminals would much rather target an operating system that serves nearly 90 percent of users worldwide than one that accounts for less than 10 percent.

The truth is that Macs are still very much susceptible to vulnerabilities that can be exploited by cybercriminals, or even by developers of apps you may use on a daily basis. So if you’re a Mac user who has been lulled into a false sense of security, it’s time for you to wake up and realize that your security is by no means guaranteed on a Mac. That’s the hard reality of it, and the sooner you come to grips with it, the sooner you can start taking steps to protect your digital security and personal privacy on your Mac.

Speed of response is critical for security teams, which is why many companies employ Security Orchestration, Automation and Response (SOAR) tools.

Security automation platform LogicHub is looking to take SOAR a step further with the launch of a SOAR+ platform offers autonomous detection and response, advanced analytics and machine learning to automate decision making with accuracy across disparate security operations.

Security analysts in US enterprises spend around a quarter of their time chasing false positives because security alerts or indicators of compromise (IOCs) are erroneous.

This is among the findings of research carried out by Exabeam and the Ponemon Institute which also shows that security teams must evaluate and respond to nearly 4,000 security alerts per week.

Cisco has agreed to pay $8.6 million to settle a claim that it sold video surveillance software to the American government even though it was aware it contained security vulnerabilities.

A total of fifteen US states filed a case under the False Claims Act after Homeland Security, the Secret Service, the Army, the Navy, the Marines, the Air Force and the Federal Emergency Management Agency all purchased flawed software from Cisco. Rather than improving security as desired, the complainants said that Cisco's software actually made systems less secure.