Security

Google has a pretty good record when it comes to protecting its users against online threats. Part of this is its Safe Browsing technology which scans billions of URLs each day to discover dangerous websites.

But research by mobile threat defense specialist Wandera has discovered a disparity between the protections available within Google’s desktop browser compared to its mobile browser.

Cybersecurity is often as much about people as it is about technology. But despite increasing their spending, organizations are still struggling to close the cybersecurity skills gap.

Training and certification company Offensive Security is launching a new program for enterprises designed to simplify the cybersecurity training process and allow organizations to invest more in cybersecurity skills development.

Researchers at Check Point working with CyberInt have uncovered a chain of vulnerabilities in the Origin gaming client developed by Electronic Arts (EA). If exploited, the vulnerabilities could have led to player account takeover and identity theft.

Researchers have responsibly disclosed the vulnerabilities to EA, in accordance with coordinated vulnerability disclosure practices, to fix the vulnerabilities and roll out an update before threat actors could exploit the flaw.

As more and more apps and data move to the cloud, identifying and ranking threats becomes an increasingly difficult task.

Machine data analytics platform Sumo Logic is launching a new Global Intelligence Service for Amazon GuardDuty that delivers almost real-time actionable insights to allow customers to benchmark themselves against other adopters of Amazon Web Services cloud infrastructure, strengthen cloud security posture, improve threat detection, and enhance regulatory compliance.

Identity specialist Ping identity is announcing an update to its PingOne for Customers IDaaS solution that means developers can now deliver passwordless and advanced multi-factor authentication from custom mobile applications.

Enhancements include a mobile SDK that allows development teams to send push notifications to custom mobile applications for MFA, APIs for logins via social media accounts, and support for single sign-on via Security Assertion Markup Language (SAML).

Endpoint protection company Carbon Black is adding a number of features to its platform, including Linux support and Amazon Web Services and container protection.

The cloud-native platform gives security and IT teams remote access to cloud workloads and containers running in their environment, making it easier to resolve configuration drift, address vulnerabilities in real time, confidently respond to incidents and demonstrate compliance with business policies and industry regulations.

Impersonating a company's CEO or other senior executive has become a favorite technique for cybercriminals seeking to extract payments from businesses.

Historically this has been aimed at accounts payable departments, but the latest email threat report from FireEye shows attackers using two new variants to target payroll and supply chains.

The average UK enterprise has downloaded over 21,000 software components with a known vulnerability in the past year alone, according to new data from Sonatype the DevSecOps automation specialist.

Sonatype's fifth annual State of the Software Supply Chain Report has studied over 12,000 enterprise development companies globally and shows that of the average 248,000 open source components downloaded by British business in 2018, 8.8 percent have a known security flaw.

According to the results of a new survey 54 percent of enterprises think their organization's security is not mature enough to keep up with the rapid expansion of cloud apps.

The study from Symantec of over 1,200 security decision makers around the world shows that 53 percent of all enterprise computing workload has now been migrated to the cloud, but 93 percent of respondents report issues with keeping tabs on all their cloud workloads.

We know that phishing attacks are gaining in sophistication and are one of the most popular ways of hackers and cybercriminals gaining access to an organization's systems.

But this type of attack is notoriously difficult to guard against using technology and employee awareness is a big part of any business' defense strategy. This is underlined by a new report from awareness training company KnowBe4 which looks at the level of risk and finds that 29.6 percent of organizations are 'phish-prone'.

Privacy-focused ProtonMail has lashed out at Google, saying the "confidential mode" available in Gmail is "misleading" and "little more than a marketing strategy". It says that people "don't need to settle for fake privacy"

Pointing out that Gmail's confidential mode lack end-to-end encryption, ProtonMail says that the email service is "not secure or private". The company says that Gmail can still read your emails, and that expiring emails are not as secure as Google would have users believe.

A Windows support tool bundled with Dell computers has a high-severity security hole that leaves millions of systems at risk of a privilege-escalation attack.

Dell has announced that both the Business and Home versions of its SupportAssist tool have a security vulnerability within the PC Doctor component that requires immediate patching. The discovery was made by SafeBreach, and there could be over 100 million systems that are affected.

There been many concerns voiced about the privacy and security implications of many smart products. Some are well-founded, as a new admission from Google that its Nest Cams could be used to spy on people goes to show.

The problem does not center around hackers, but people who have sold or given away their Nest Cams. Even after the new owner performed a factory reset of the camera -- following Google's own instructions -- it was still possible for the original owner to access the camera feed.

Web app and API exploits are among the leading threats to business at the moment. Organizations with a major web presence face malicious traffic and sophisticated bots trying to damage their brands.

In order to protect against these threats, Instart is launching a new Web App and API Protection (WAAP) platform. This is a cloud-based platform, powered by a single rules engine and a unified threat intelligence system, to defend against application vulnerabilities, sophisticated bots, and browser-based attacks.

Offensive Security, the team behind the security-focused, Debian-based, penetration testing Linux distro Kali Linux. has set out the roadmap for the operating system for the months ahead.

This is the first time such a roadmap has been shared for Kali Linux, and it gives us a good idea of what to expect between now and 2020. The team says: "normally, we only really announce things when they are ready to go public, but a number of these changes are going to impact users pretty extensively so we wanted to share them early".