Articles about Security

That people are lazy is not news. Ditto the fact that people like to make things as easy for themselves as possible. These two facts do not work well when it comes to security and passwords, as a new study reveals.

Analysis carried out by the UK's National Cyber Security Centre (NCSC) found that huge numbers of people are still -- despite continued advice -- using weak, easy-to-guess passwords to secure their accounts. The most commonly used password on breached accounts was found to be 123456, and there were plenty of others that were similarly insecure. The NCSC, in conjunction with Have I Been Pwned's Troy Hunt, has also published a list of the 100,000 most common passwords globally.

Continue reading →

With no fanfare whatsoever, Facebook has revealed that it stored the passwords for millions of Instagram accounts in plain text.

The news came as the company quietly updated a blog post from last month in which it revealed that it had stored hundreds of millions of unencrypted Facebook passwords on its servers. At the time, the company said "tens of thousands" of Instagram users were affected. Revising this figure upwards, Facebook says: "We now estimate that this issue impacted millions of Instagram users".

Continue reading →

The endpoint is on the front line of the network security battle, but a new study from Absolute reveals that endpoint security tools and agents fail, reliably and predictably.

The study analyzed data from six million devices and one billion change events over the course of a year. It finds the complexity of endpoint device controls creates a false sense of security among organizations while, in reality, causing security gaps and significant risks due to regular and reliable tool failure.

Continue reading →

A few days ago, a security vulnerability in Internet Explorer came to light. A flaw in the handling of certain files can be exploited by hackers to steal files from users, and -- most worrying -- it doesn't matter whether the victim is an Internet Explorer user or not.

Microsoft is yet to create a fix for the vulnerability, so someone else has stepped up to the plate. Specialists from ACROS Security have create a micropatch for Windows 10 that addresses the issue, once again beating Microsoft in securing people's computers.

Continue reading →

It seems that barely a week passes without another Facebook scandal emerging, and this week is no different. The company has revealed that it accidentally uploaded the email contacts of up to 1.5 million users who signed up for the social network since 2016.

A glitch meant that new users who signed up for email password verification had their email contacts scraped and uploaded without consent. As of last month , Facebook stopped offering this verification option to first-time users, although it's not clear if this is because of the privacy issue.

Continue reading →

In 2018 bad bots accounted for one in five website requests (20.4 percent of web traffic), while good bots decreased slightly to make up 17.5 percent of traffic.

This is among the findings of Distil Networks' latest annual Bad Bot Report which investigated hundreds of billions of bad bot requests from 2018 over thousands of domains to provide deeper insight into the daily automated attacks.

Continue reading →

A new survey of IoT developers reveals their top concerns are security (38 percent of respondents), connectivity (21 percent), and data collection and analysis (19 percent).

Performance (18 percent), privacy (18 percent), and standards (16 percent) are also areas cited as particularly challenging. These findings come from The Eclipse Foundation which has surveyed more than 1,700 developers via its IoT Working Group.

Continue reading →

The rise of edge devices, customer service terminals, digital signage and so on has led to increased demand for embedded processing.

Chip maker AMD is expanding its offering in this market with the launch of the new Ryzen Embedded R1000 Series SoC. This offers embedded customers dual core, quad-threaded performance, as well as the ability to run fanless, low power solutions for 4K displays, while providing leading-edge security features.

Continue reading →

Having faced accusations of conducting espionage on behalf of the Chinese government, Huawei has lashed out at the US government, accusing officials of being "ignorant of technology".

Huawei has been hit with numerous bans by the US, and the country has encouraged others around the world to follow its lead. But the company's chief security officer, John Suffolk, says there is no evidence that China could make use of Huawei's 5G equipment to spy on people, suggesting that US allegations were politically motivated.

Continue reading →

We tend to think of hacking communities as being concentrated in the Far East or the former Soviet bloc, but of course there hackers elsewhere that we don't hear so much about.

Researchers at Recorded Future have been investigating hacking communities around the world, and their latest report covers Brazil.

Continue reading →

People tell us they are becoming increasingly wary of using third-party browsers such as those from Opera, Chrome and Firefox. It might come as a surprise, but many average users will opt to stick with their default OS browser, Edge, and a powerful security suite to keep themselves secure.

The question is, is this the most secure way of surfing the web in 2019? Could the connection between your computer and the internet be made more rock solid? Well, Avast certainly thinks so.

Continue reading →

The Internet Society's Online Trust Alliance (OTA), which identifies and promotes online security and privacy best practices, announced today the results of its latest Online Trust Audit and Honor Roll.

The Audit finds that 70 percent of analyzed websites qualified for the Honor Roll, the highest proportion ever, and up from 52 percent in 2017, driven primarily by improvements in email authentication and session encryption.

Continue reading →

Critical infrastructure sites and energy distribution facilities are increasingly being targeted by cybercriminals. But many of the systems in use today were installed and built before 24/7 internet connections.

A new report from Finnish cybersecurity company F-Secure highlights the fact that cybersecurity was not a realistic threat when these systems were manufactured, and legacy protocols and systems never had the built-in security controls that we take for granted today. Connecting these systems to the internet has opened them up to attacks from myriad angles.

Continue reading →

Well-known attacks and attack vectors remained successful because security personnel did not address vulnerabilities and apply patches according to a new report from cybersecurity and visibility business Ixia.

IT vendors created code or configurations that led to many successful security breaches in 2018, but IT operations and security personnel shared the blame due to ignorance of the latest patches and challenges in deploying patches in a timely manner.

Continue reading →

A zero-day exploit found in Internet Explorer means hackers could steal files from Windows users. What's particularly interesting about this security flaw is that you don't even need to be an Internet Explorer user to be vulnerable.

A security researcher has revealed details of an unpatched exploit in the way IE handles MHT files, and the problem affects Windows 7, Windows 10 and Windows Server 2012 R2. It leaves users vulnerable not only to having their files stolen by hackers, but also means they could be spied upon.

Continue reading →