Articles about Security

If you're not in the habit of keeping up to date with the latest version of the Linux kernel, now might be a good time to think about doing so. Systems based on versions of the kernel older than 5.0.8 suffer from a severe flaw in the implementation of RDS over TCP.

Left unpatched, the flaw could enable an attacker to compromise a system. The National Vulnerability Database entry says: "There is a race condition leading to a use-after-free, related to net namespace cleanup".

Continue reading →

Google is recalling the Bluetooth Low Energy (BLE) version of its Titan Security Key, and is offering free replacements to owners.

The recall comes after the company became aware of a security issue which could allow a nearby hacker to hijack the security device. Google says that the security issue only affects the Bluetooth versions of the 2FA device sold in the US.

Continue reading →

Donald Trump has declared a national emergency to fight "foreign adversaries" which he says are "increasingly creating and exploiting vulnerabilities in information and communications technology".

An executive order means that US companies are banned from buying and using foreign telecoms equipment which is deemed to be a threat to national security. Huawei and 70 affiliates have also been added to the US Commerce Department’s "Entity List" meaning that special approval would be needed to purchase such equipment, and also for companies deemed to pose a threat to buy US-made hardware.

Continue reading →

People are becoming more aware of the need to protect their data online, not just because of the rate of cybercriminal activity, but also because large organizations are frequently being careless with the data they hold.

A new survey of 1,000 people from OpenVPN reveals that four out of five people are expecting Facebook to face at least one more data privacy issue in the next year. In addition 71 percent say recent scandals have somewhat or severely negatively affected their view on Facebook, while 37 percent trust tech giants less now because they don’t think the companies have properly addressed the data privacy problems.

Continue reading →

A new study finds that 46 percent of organizations which store customer personally identifiable information (PII) in the cloud are considering moving it back on premises due to data security concerns.

The research from information security software company Netwrix also shows that of the 50 percent of organizations that store customer data in the cloud, 39 percent had security incidents in the past year and more than 50 percent of those couldn’t diagnose the problem.

Continue reading →

Users of WhatsApp could be infected by dangerous spyware just by receiving a call. The spyware, which is thought to  originate from Israeli cyber intelligence firm NSO Group, can be installed just by calling a target -- there is no need for the call to be answered.

A security advisory on the Facebook website does not go into much detail about the exploit, which takes advantage of a buffer overflow vulnerability. WhatsApp says it was discovered earlier this month, and with 1.5 billion users, there are a huge number of people that are potentially affected.

Continue reading →

The story of website attacks in 2018 was one of high profile cybercrime, targeted at cryptocurrency, business, elections and more.

A new report from website security specialist SiteLock reveals that attackers are now taking a stealthier approach.

Continue reading →

When people decide to install home automation systems and also have security alarms they installed several years ago, it's highly likely the new tech and old gadgets won't be compatible.

Similarly, if they have a security system that doesn't work with a smartphone app, they typically have to invest in new hardware and deal with lengthy installations and high bills.

Continue reading →

Anyone who has worked in IT knows that it can be a frustrating experience at times. A new survey carried out by network security provider Lastline at RSAC 2019 set out to discover security professionals' attitudes and frustrations towards their jobs.

These come from a number of places, including resources, management and other workers. We all know that there's a skills shortage in security, but funding is often an issue too.

Continue reading →

Blockchain is often seen as a game-changer for businesses, governments and criminals alike. But, as organizations rush to deploy applications based on blockchain technology, do the potential benefits outweigh the information risks?

The Information Security Forum (ISF) is releasing a new briefing paper aimed at boosting understanding of the technology.

Continue reading →

Although many transactions are now carried out online, contact centers remain an important tool for businesses.

Call and contact center payment security solutions provider Semafone has had its latest Cardprotect (version 4) product validated by the Payment Card Industry Security Standards Council (PCI SSC) against the latest version of the Payment Application Data Security Standard (PA-DSS). This makes it one of the only companies in the industry to provide this level of certification.

Continue reading →

A new study from Webroot that examines the cyber hygiene habits of 10,000 Americans, 200 in each state, reveals that 88 percent feel they take the right steps to protect themselves from cyberattacks.

However, just 10 percent scored 90 percent or higher on a cyber hygiene test, with the average respondent getting only 60 percent.

Continue reading →

Cryptocurrency exchange Binance has been struck by hackers who were able to make off with $40 million worth of Bitcoin.

The exchange suffered what it describes as a "large scale security breach" in which attackers were able to obtain "a large number of user API keys, 2FA codes, and potentially other info". CEO Zhao Changpeng says that 7,000 BTC were withdrawn in a single transaction and the attack which was perpetrated using a variety of methods.

Continue reading →

The dark web is, by its very nature something of an object of mystery. It's easy to think of it as a huge, closed community hidden from the world in dusty corners of the internet. But what's the reality?

Threat intelligence specialist Recorded Future has done some research to try to understand the dark web's true nature.

Continue reading →

Container security company NeuVector is releasing new security risk assessment capabilities for enterprises using Kubernetes in production environments.

The features, added to its existing container security offering, include new dashboard widgets and downloadable reports to provide security risk scores for the most critical run-time attack risks, network-based attacks and vulnerability exploits in containers.

Continue reading →