Security

Security researchers have revealed an exploit that can be used by hackers to steal data from DRAM, even if ECC protection is in place. RAMBleed is a Rowhammer-based attack that can also be used to alter data and increase privilege levels.

Taking advantage of the design of modern memory chips, a Rowhamer attack works by "hammering" the physical rows of data in quick succession causing bit-flipping in neighboring rows. RAMBleed takes this in a different direction, using a similar technique to access data stored in physical memory.

Hundreds of cloud applications are being used in businesses and IT teams are pressured to achieve high levels of security without introducing complex authentication processes that may reduce workforce productivity.

LogMeIn, developer of the LastPass password management program is launching a new suite of LastPass Business solutions delivering a comprehensive identity offering, built for small and medium sized businesses.

Last month $40 million worth of Bitcoin was stolen in the Binance hack and it's estimated that more than $3 billion has been stolen over the last 18 months due to key theft and stolen credentials.

In order to guard against this type of theft, new company Fireblocks is launching an enterprise platform to protect crypto currency and other digital assets in transit.

At least 3.4 billion fake emails are sent around the world every day, according to a new report from email verification company Valimail, with the majority of suspicious emails coming from US-based sources.

The report shows that email impersonation -- accounting for 1.2 percent of all email sent in the first quarter of 2019 -- is a phishing attacker's primary weapon to gain access into an organization's network, systems, intellectual property and other sensitive assets.

Version 3.0.7 of VLC has been released, and while it may seem like a minor x.x.x update, it includes more security fixes than any other previous release -- including two high security issues.

Jean-Baptiste Kemp, the president of VLC-maker VideoLAN, says the number of fixes included in this version is due to the EU-FOSSA bug bounty program, funded by the European Commission.

Hackers have stolen the photographs of travellers entering and leaving the US, as well as photos of their license plates, US Customs and Border Protection (CBP) has said.

The cyberattack was carried out on the network of a federal subcontractor, and the images were taken as part of a "malicious cyberattack". Although the hack attack has only just been revealed publicly, CBP first learned of it on May 31.

Microsoft has deleted a database containing around 10 million photographs that was being used to train facial recognition systems.

Known as MS-Celeb-1M, the database was created in 2016, and originally contained photos of celebrities. Over time, however, images of writers, journalists and others crept in, and ultimately 100,000 individuals were to be found in it. Microsoft has not made much noise about the deleted content, but has said that the database was wiped as the person maintaining it was no longer a company employee.

While you might expect Homer Simpson to hand over personal details in exchange for a donut, you wouldn't expect cybersecurity professionals to do the same.

However, technology services provider Probrand has carried out a study at a cyber expo attended by UK security professionals, where attendees voluntarily shared sensitive data including their name, date of birth and favourite football team -- all to get their hands on a free donut.

The dark net has become a haven for custom-built, targeted malware, with threats tailored to specific industries or organizations outnumbering off-the-shelf varieties by two to one, according to a new study.

The research from application containment company Bromium also finds four in 10 dark net vendors are selling targeted hacking services aimed at FTSE 100 and Fortune 500 businesses.

It's around three weeks since Microsoft first urged Windows users to patch their systems against the BlueKeep (CVE-2019-0708) vulnerability. Concerned that not enough people were taking notice, the company then issued a further warning stressing the importance of installing a patch.

Now the NSA has got involved, joining Microsoft in begging users to secure their Windows XP and Windows 7 computers. The agency says that is "concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems".

Secure identity company SecureAuth is launching enhancements to its solution with the announcement of Intelligent Identity Cloud.

This gives CISOs and IT professionals the ability to deploy the same capabilities in the cloud, on-premises, or as a hybrid of the two, addressing business demands of agility and dramatically improving identity security.

Despite Apple mandating developers to build end-to-end encryption into their apps, a high number of apps don't comply, according to a new report.

The study from mobile security company Wandera analyzed more than 30,000 of the iOS apps most commonly used by employees and found that more than two-thirds of apps don't enable App Transport Security (ATS).

Contact center data security specialist Semafone is making its Cardprotect available as a cloud solution in the US for the first time.

Companies now have the choice of running Cardprotect on premise, as a managed appliance, in a hybrid could or fully cloud solution. The new, cloud version enables a much faster, more scalable, flexible and cost-effective deployment, as there is no need for contact centers to purchase or manage equipment.

A global survey of over 1,000 IT security decision makers by privileged access management specialist BeyondTrust reveals that 64 percent believe they've had either a direct or indirect breach due to employee access in the last year, and 62 percent believe they've had a breach due to vendor access.

Employee behavior continues to be a challenge for a majority of organizations. Writing down passwords, for example, is cited as a problem by 60 percent of organizations, while colleagues telling each other passwords was also an issue for 58 percent of organizations in 2019.

Medical testing firm and clinical laboratory Quest Diagnostics has revealed that a data breach has led to the records of nearly 12 million of its customers being exposed. The data includes financial data, Social Security numbers and medical information.

Quest Diagnostics was itself not the target of hackers, but the American Medical Collection Agency (AMCA) was. The company is used by Optum360 for billing collections services, and Optum360 is used by Quest Diagnostics.