Articles about Security

Over the weekend we reported that hackers gained access to Microsoft's web-based email services for a period of three months. Microsoft tried to calm users' concerns by saying that only "your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with" had been accessed. But for some people, things were rather worse.

It transpires that some users have been sent a notification from Microsoft informing them that hackers were able to access the content of emails.

Continue reading →

Microsoft has confirmed that hackers were able to access customers' web-based email accounts for a period of three months at the beginning of the year. Between January 1 and March 28, unknown hackers hit the accounts of various Microsoft email services.

The company is in the process of sending notifications to those who have been affected by the issue and it recommends users change their account passwords. (Update: it's worse than first thought!)

Continue reading →

These days, it seems like every time you turn around another company announces a data breach. At the same time, organizations spend millions on their data warehouses, security solutions, and compliance initiatives. But all of that spend can instantly be rendered useless by the everyday business workflow of downloading data to a Microsoft Excel spreadsheet.

Of course, business experts aren’t looking to circumvent enterprise governance practices. They’re just trying to get the answers they need to make better business decisions. And because they lack the SQL programming expertise or extensive training required to work with data directly in most business intelligence (BI) tools, they are often powerless to answer the questions raised in the last meeting or email. So they turn to what they know best: the spreadsheet.

Continue reading →

Based on the DEFCON levels, Microsoft has unveiled the SECCON framework -- a series of guides for securing a range of Windows 10 configurations in different environments.

Starting with an "Administrator workstation" at level 1 and building up to "Enterprise security" at level 5, the framework is Microsoft's attempt to simplify and standardize security. While it is not a one-size-fits-all solution, the company says it is "defining discrete prescriptive Windows 10 security configurations to meet many of the common device scenarios we see today in the enterprise".

Continue reading →

In a first for a major email service, Google has announced that Gmail now supports the MTA-STS and TLS Reporting security standards.

The two standards help to avoid man-in-the-middle attacks, using encryption and authentication to add new layers of security. Google says that Gmail's MTA-STS adherence is now in beta, and the company hopes that by supporting the standard other providers with follow suit.

Continue reading →

A new survey of security professionals taken at this year's RSA reveals that 92 percent of respondents feel that cybersecurity is a bigger threat to the US than border security. Yet government, and media, attention seems far more focused on the latter.

The study from AI-powered security company Lastline also asked respondents which of the tech giants they trust the least with their data, not surprisingly 76 percent name Facebook. Others, Amazon (25 percent), Apple (24 percent), Google (20 percent) and Microsoft (27 percent) all scored relatively evenly when asked who they trust most.

Continue reading →

If you have a phone running Android 7.0 Nougat or higher, you can now use it as a FIDO security key. This new option was announced at Google Cloud Next 2019, and it makes using 2-Step Verification much more accessible thanks to the fact that people are likely to have their phones with them most of the time.

The system -- currently in beta -- can be used to access ChromeOS, macOS or Windows 10 computers running Chrome, and can replace or supplement other FIDO-based security keys like Google's own Titan Security Key.

Continue reading →

Although 85 percent of companies say mainframe security is a top priority, just 33 percent always or often make mainframe decisions based on security finds a new report.

The study from mainframe vulnerability specialist Key Resources Inc, based on research by Forrester Consulting also finds 67 percent of respondents admit that only sometimes or rarely are they factoring security into mainframe decisions.

Continue reading →

According to a new study analyzing more than 55 million emails, 25 percent of phishing emails bypass Office 365 security, using malicious links and attachments as the main vectors.

Other findings of the report from cloud-native security firm Avanan include that 33 percent of emails contain a link to a site hosted on WordPress and 98 percent of emails containing a crypto wallet address are phishing attacks.

Continue reading →

The cloud-skills shortage has made security a major challenge for enterprises. In fact, virtually every data breach in the cloud today is due to human error, rather than brilliant hacking. Hackers don't even bother launching attacks in the public cloud; they simply look for misconfigured systems that leave data exposed.

Against this backdrop, a whole new cloud model is taking hold -- serverless computing. In a world where cloud certifications and security skills are already in short supply and causing chaos in the cloud, what will serverless computing do to compound that problem for enterprises? Is it possible for organizations to avoid making the same mistakes with this new paradigm that they are making in traditional cloud environments?

Continue reading →

Mozilla has added new protective features to the nightly and beta versions of Firefox. Through a partnership with Disconnect, the browser is now able to block cryptocurrency mining and fingerprinting scripts.

The new features mean that users are protected against scripts that can be used to track them online, as well as those that use CPU cycles to mine for cryptocurrency. Mozilla says it is part of its mission to protect people from "threats and annoyances on the web".

Continue reading →

Cybersecurity company BullGuard is launching its own VPN for Windows, Mac, Android and iOS, intended to make it simple for users to ensure their online privacy.

Designed to be easily used across multiple devices, BullGuard VPN features a simplified user interface and quick connect functionality, enabling consumers to fly under the radar and surf the internet in stealth mode while retaining complete anonymity via military-grade encryption.

Continue reading →

Last month Aluminum manufacturer Norsk Hydro was hit by a large scale ransomware attack that affected its systems across the globe and caused severe disruption to its operations with an estimated impact of more than $35 million..

The attack used the LockerGoga ransomware and the threat research team at Securonix has been monitoring the malware, which also caused problems for a number of other companies.

Continue reading →

The entertainment industry and in particular streaming services is among the biggest targets of credential stuffing attacks according to a new report.

The study from digital delivery platform Akamai, unveiled at the NAB Cybersecurity and Content Protection Summit in Las Vegas this week, focuses on credential abuse attacks against online video and music streaming services.

Continue reading →

Concerns about Huawei's "very, very shoddy" security could mean that the Chinese company's technology is barred from key parts of the UK's 5G mobile network.

A UK watchdog has already said that Huawei poses a national security risk, but a statement from the technical director of GCHQ's National Cyber Security Centre has stepped things up. Dr Ian Levy says that "the security in Huawei is like nothing else -- it's engineering like it's back in the year 2000 -- it's very, very shoddy".

Continue reading →