Security

Reports have emerged of a security bug in the Windows and Linux versions of VLC, making it vulnerable to remote-code execution via malicious videos. But although German and American security experts have branded the flaw as "critical", VLC-maker VideoLAN is downplaying things.

In fact, more than downplaying the vulnerability, VideoLAN is flat-out denying that it exists, with the software developer dismissing it as "fake news". [UPDATE: the vulnerability has now been pretty much debunked]

In the past three months 22 percent of businesses have suffered a data breach as a result of an email attack according to a new report.

The study released by email security platform GreatHorn spoke to more than 1,000 professionals to get a better understanding of the current state of enterprise email security.

Password stealing malware is a key weapon in the cybercriminals' armoury, seeking to grab data directly from users' web browsers using a range of methods.

According to new data from Kaspersky, the number of users, targeted by password stealers, has peaked from less than 600,000 in the first half of 2018 to over 940,000 during the same period in 2019.

Securing Internet of Things devices is an ongoing problem for businesses, developers often have to sift through a raft of unorganized and disparate information to find the IoT security solution that works best for them.

Identity and security specialist GlobalSign is launching an IoT developer program designed specifically to assist developers with device identity integrations that strengthen security operations for IoT and industrial IoT (IIoT) ecosystems.

Hungarian airline Wizz Air has emailed millions of customers informing them that their passwords have been reset.

While the company is at pains to stress that it has not been the victim of hacking, nor is any personal information at risk, the email took many customers by surprise and raised concerns about a possible data breach.

The Twitter account of Scotland Yard has been hit by hackers, resulting in a series of strange and offensive tweets being sent to hundreds of thousands of followers. The website for the Metropolitan Police was also hacked.

Tweets sent by the hackers made references to Keemstar as well as drill artist Digga D, calling for the rapper to be freed from prison. The attack by hackers also resulted in a series of emails being sent out to journalists via the Metropolitan Police's official email address.

Bug bounty programs have become a popular way for companies to unearth security issues in software and address them quickly. Google is no stranger to such programs, and it has just announced massive increases to the payouts made for finding vulnerabilities in Chrome.

Some rewards have doubled while others have tripled, taking the maximum compensation for reporting a security flaw in Google's web browser -- and other Chromium-based browsers -- to an impressive $30,000.

Slack has just been made aware of additional information about a security breach that took place back in 2015, forcing the company to reset the passwords of around 1 percent of its users.

The company announced earlier this year that it has a daily userbase of over 10 million people, so this means that a huge number of users are affected by the incident no matter how much Slack tries to downplay it.

Microsoft has revealed that it has issued warnings to nearly 10,000 people that they are the targets or victims of state-sponsored hacking.

The announcement comes as Microsoft showcases election systems running Microsoft ElectionGuard which not only helps to increase security, but also makes voting more accessible. Microsoft reveals that the vast majority of the state-sponsored attacks targeted enterprise customers, but there were still a significant number of regular consumers affected.

Having released a silent update last week to protect Zoom users from webcam hijacking, Apple has now pushed out a second security patch that is silently installed in the background.

This second patch addresses issues with the RingCentral and Zhumu videoconferencing tools. These apps suffered from a very similar vulnerability, putting users at risk, so Apple has stepped in once again to neutralize the problem.

Increasing volumes of business network traffic are now directed at the cloud and companies need a cost effective way to secure them.

Symantec is announcing updates and innovations across its portfolio of products, giving enterprises the ability to enforce zero trust security policies across SaaS applications, corporate applications hosted in the cloud, email and the internet.

Enterprises around the world are gaining control of previously unmonitored and unsupported cloud applications and mobile devices in their IT environments according to a new report.

The 2019 Trusted Access report from Duo Security looks at more than a million corporate applications and resources that Duo protects. Among the findings are that cloud and mobile use has resulted in 45 percent of requests to access protected apps now coming from outside business walls.

I have a confession to make: I’m a PC anti-vaxxer. I just don’t trust all those patches and security "fixes" software companies want to foist upon my innocent little laptop. I mean, how do I know one of those updates won’t harm it? Most software platforms are now so complex, it’s nearly impossible to tell the impact a new library or DLL might have.

What if a patch makes my PC slower? I’ve heard about at least one "fix" -- to some made-up sounding bugaboo called "Spectre" -- that caused PCs to lose compute cycles. My little laptop struggles to handle daily life as it is. The thought of further handicapping it by compromising its processing speed seems downright cruel.

If the word MouseJack seems familiar, it's because it as been around for a while. It is a remote access hack that emerged a few years back that took advantage of a vulnerability in some Logitech wireless dongles, as well as hardware from other manufacturers.

Being at least three years old, you would expect that patches would have been addressed -- and they were. But a large number of devices are still at risk because Logitech failed to recall the affect units that were on sale so there's a chance that if you bought a Logitech wireless keyboard, mouse or standalone dongle in the last few years, you could be at risk.

As data protection legislation tightens and breaches continue to make headlines, there is increased pressure on businesses to implement security by design in their applications.

For many this has meant a move to DevSecOps. We spoke with Rusty Carter, vice president of product management at application security specialist Arxan to find out why this approach is becoming essential.