Articles about Security

In 2018 bad bots accounted for one in five website requests (20.4 percent of web traffic), while good bots decreased slightly to make up 17.5 percent of traffic.

This is among the findings of Distil Networks' latest annual Bad Bot Report which investigated hundreds of billions of bad bot requests from 2018 over thousands of domains to provide deeper insight into the daily automated attacks.

Continue reading →

A new survey of IoT developers reveals their top concerns are security (38 percent of respondents), connectivity (21 percent), and data collection and analysis (19 percent).

Performance (18 percent), privacy (18 percent), and standards (16 percent) are also areas cited as particularly challenging. These findings come from The Eclipse Foundation which has surveyed more than 1,700 developers via its IoT Working Group.

Continue reading →

The rise of edge devices, customer service terminals, digital signage and so on has led to increased demand for embedded processing.

Chip maker AMD is expanding its offering in this market with the launch of the new Ryzen Embedded R1000 Series SoC. This offers embedded customers dual core, quad-threaded performance, as well as the ability to run fanless, low power solutions for 4K displays, while providing leading-edge security features.

Continue reading →

Having faced accusations of conducting espionage on behalf of the Chinese government, Huawei has lashed out at the US government, accusing officials of being "ignorant of technology".

Huawei has been hit with numerous bans by the US, and the country has encouraged others around the world to follow its lead. But the company's chief security officer, John Suffolk, says there is no evidence that China could make use of Huawei's 5G equipment to spy on people, suggesting that US allegations were politically motivated.

Continue reading →

We tend to think of hacking communities as being concentrated in the Far East or the former Soviet bloc, but of course there hackers elsewhere that we don't hear so much about.

Researchers at Recorded Future have been investigating hacking communities around the world, and their latest report covers Brazil.

Continue reading →

People tell us they are becoming increasingly wary of using third-party browsers such as those from Opera, Chrome and Firefox. It might come as a surprise, but many average users will opt to stick with their default OS browser, Edge, and a powerful security suite to keep themselves secure.

The question is, is this the most secure way of surfing the web in 2019? Could the connection between your computer and the internet be made more rock solid? Well, Avast certainly thinks so.

Continue reading →

The Internet Society's Online Trust Alliance (OTA), which identifies and promotes online security and privacy best practices, announced today the results of its latest Online Trust Audit and Honor Roll.

The Audit finds that 70 percent of analyzed websites qualified for the Honor Roll, the highest proportion ever, and up from 52 percent in 2017, driven primarily by improvements in email authentication and session encryption.

Continue reading →

Critical infrastructure sites and energy distribution facilities are increasingly being targeted by cybercriminals. But many of the systems in use today were installed and built before 24/7 internet connections.

A new report from Finnish cybersecurity company F-Secure highlights the fact that cybersecurity was not a realistic threat when these systems were manufactured, and legacy protocols and systems never had the built-in security controls that we take for granted today. Connecting these systems to the internet has opened them up to attacks from myriad angles.

Continue reading →

Well-known attacks and attack vectors remained successful because security personnel did not address vulnerabilities and apply patches according to a new report from cybersecurity and visibility business Ixia.

IT vendors created code or configurations that led to many successful security breaches in 2018, but IT operations and security personnel shared the blame due to ignorance of the latest patches and challenges in deploying patches in a timely manner.

Continue reading →

A zero-day exploit found in Internet Explorer means hackers could steal files from Windows users. What's particularly interesting about this security flaw is that you don't even need to be an Internet Explorer user to be vulnerable.

A security researcher has revealed details of an unpatched exploit in the way IE handles MHT files, and the problem affects Windows 7, Windows 10 and Windows Server 2012 R2. It leaves users vulnerable not only to having their files stolen by hackers, but also means they could be spied upon.

Continue reading →

Over the weekend we reported that hackers gained access to Microsoft's web-based email services for a period of three months. Microsoft tried to calm users' concerns by saying that only "your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with" had been accessed. But for some people, things were rather worse.

It transpires that some users have been sent a notification from Microsoft informing them that hackers were able to access the content of emails.

Continue reading →

Microsoft has confirmed that hackers were able to access customers' web-based email accounts for a period of three months at the beginning of the year. Between January 1 and March 28, unknown hackers hit the accounts of various Microsoft email services.

The company is in the process of sending notifications to those who have been affected by the issue and it recommends users change their account passwords. (Update: it's worse than first thought!)

Continue reading →

These days, it seems like every time you turn around another company announces a data breach. At the same time, organizations spend millions on their data warehouses, security solutions, and compliance initiatives. But all of that spend can instantly be rendered useless by the everyday business workflow of downloading data to a Microsoft Excel spreadsheet.

Of course, business experts aren’t looking to circumvent enterprise governance practices. They’re just trying to get the answers they need to make better business decisions. And because they lack the SQL programming expertise or extensive training required to work with data directly in most business intelligence (BI) tools, they are often powerless to answer the questions raised in the last meeting or email. So they turn to what they know best: the spreadsheet.

Continue reading →

Based on the DEFCON levels, Microsoft has unveiled the SECCON framework -- a series of guides for securing a range of Windows 10 configurations in different environments.

Starting with an "Administrator workstation" at level 1 and building up to "Enterprise security" at level 5, the framework is Microsoft's attempt to simplify and standardize security. While it is not a one-size-fits-all solution, the company says it is "defining discrete prescriptive Windows 10 security configurations to meet many of the common device scenarios we see today in the enterprise".

Continue reading →

In a first for a major email service, Google has announced that Gmail now supports the MTA-STS and TLS Reporting security standards.

The two standards help to avoid man-in-the-middle attacks, using encryption and authentication to add new layers of security. Google says that Gmail's MTA-STS adherence is now in beta, and the company hopes that by supporting the standard other providers with follow suit.

Continue reading →