Articles about Security

Security researchers have discovered an unprotected database stored on a Microsoft cloud server. The 24GB database includes personal information about 80 million households across the US.

The researchers from vpnMentor were working on a web mapping project when they made the discovery. They say that as the database they found left out in the open relates to American households which include multiple residents, the data breach could potentially affect hundreds of millions of people.

Continue reading →

A new report into the financial services threat landscape shows that there has been a huge increase in the number of banking credential leaks, while instances of compromised credit cards increased by 212 percent year-on-year.

The report from threat protection platform IntSights reveals many of the leaked credentials came from the Collection #1 database of over 773 million unique email addresses and 21 million unique passwords released onto the Dark Web in January this year.

Continue reading →

The latest data risk report from security company Varonis reveals that 53 percent of companies have at least 1,000 sensitive files open to all employees, putting them at risk of data breaches.

Keeping old sensitive data that risks fines under HIPAA, GDPR and the upcoming CCPA is a problem too. The report finds over half of data is stale and 87 percent of companies have over 1,000 stale sensitive files, with 71 percent having over 5,000 stale sensitive files.

Continue reading →

Data privacy is a major concern for businesses, made more acute by the raft of new compliance and data protection rules appearing around the world.

Immuta is launching a platform with no-code, automated governance features that enable business analysts and data scientists to securely share and collaborate with data, dashboards, and scripts without fear of violating data policy and industry regulations.

Continue reading →

Good website security is essential to give customers confidence in your business, but for smaller organizations testing can prove difficult.

To address this issue, security testing and risk rating company ImmuniWeb is launching a free website security test that can be used by anyone.

Continue reading →

Spam emails containing malware significantly dropped in 2018, to just six percent, down from 26 percent in 2017. But at the same time malware is becoming more sophisticated and harder to detect.

These are among the findings of the latest Global Security Report from Trustwave. The largest single category of malware encountered is downloaders at 13 percent.

Continue reading →

The latest quarterly threat research from Malwarebytes for Q1 2019 reveals a 200 percent jump in ransomware and continued increase in business targets for cyberthreats.

This shift back to ransomware comes in the wake of a continued decline in cryptomining, as well as an increased focus on mobile attacks and large-scale business invasions.

Continue reading →

In new draft security baseline documentation, Microsoft has scrapped the policy that requires users to change their passwords on a regular basis.

The new security settings apply to Windows 10 version 1903 and Windows Server version 1903, and the change sees Microsoft conceding that its policy of forcing periodic password changes is "an ancient and obsolete mitigation of very low value". The company has a series of suggestions for how to better improve password security.

Continue reading →

The proliferation of healthcare Internet-of-things devices, along with unpartitioned networks, insufficient access controls and the reliance on legacy systems, has exposed a vulnerable attack surface that can be exploited by cybercriminals, according to a new report.

The study by network threat detection specialist Vectra also shows gaps in policies and procedures can result in errors by healthcare staff members.

Continue reading →

Around a quarter of employees share confidential information via chat sessions, and a similar number talk badly about their boss, while 78 percent wouldn’t care if some of this information was exposed publicly.

These are among the findings of a new study by secure collaboration platform Symphony which surveyed over 1,500 employees in the US and UK about their workplace communication habits.

Continue reading →

Huawei has had a rough time of things when it comes to international relations, with the US and others implementing various bans on the use of the company's products. It all stems from fears about Huawei's alleged connections to the Chinese government and the potential for espionage, but this is something the company has denied time and time again.

The US has made no secret of its doubts about Huawei, and the fears have spread around the globe. Now, according to a report, the CIA has issued a warning to the UK saying that the firm has received funding from Chinese state security.

Continue reading →

That people are lazy is not news. Ditto the fact that people like to make things as easy for themselves as possible. These two facts do not work well when it comes to security and passwords, as a new study reveals.

Analysis carried out by the UK's National Cyber Security Centre (NCSC) found that huge numbers of people are still -- despite continued advice -- using weak, easy-to-guess passwords to secure their accounts. The most commonly used password on breached accounts was found to be 123456, and there were plenty of others that were similarly insecure. The NCSC, in conjunction with Have I Been Pwned's Troy Hunt, has also published a list of the 100,000 most common passwords globally.

Continue reading →

With no fanfare whatsoever, Facebook has revealed that it stored the passwords for millions of Instagram accounts in plain text.

The news came as the company quietly updated a blog post from last month in which it revealed that it had stored hundreds of millions of unencrypted Facebook passwords on its servers. At the time, the company said "tens of thousands" of Instagram users were affected. Revising this figure upwards, Facebook says: "We now estimate that this issue impacted millions of Instagram users".

Continue reading →

The endpoint is on the front line of the network security battle, but a new study from Absolute reveals that endpoint security tools and agents fail, reliably and predictably.

The study analyzed data from six million devices and one billion change events over the course of a year. It finds the complexity of endpoint device controls creates a false sense of security among organizations while, in reality, causing security gaps and significant risks due to regular and reliable tool failure.

Continue reading →

A few days ago, a security vulnerability in Internet Explorer came to light. A flaw in the handling of certain files can be exploited by hackers to steal files from users, and -- most worrying -- it doesn't matter whether the victim is an Internet Explorer user or not.

Microsoft is yet to create a fix for the vulnerability, so someone else has stepped up to the plate. Specialists from ACROS Security have create a micropatch for Windows 10 that addresses the issue, once again beating Microsoft in securing people's computers.

Continue reading →