Security

Users of WhatsApp could be infected by dangerous spyware just by receiving a call. The spyware, which is thought to  originate from Israeli cyber intelligence firm NSO Group, can be installed just by calling a target -- there is no need for the call to be answered.

A security advisory on the Facebook website does not go into much detail about the exploit, which takes advantage of a buffer overflow vulnerability. WhatsApp says it was discovered earlier this month, and with 1.5 billion users, there are a huge number of people that are potentially affected.

The story of website attacks in 2018 was one of high profile cybercrime, targeted at cryptocurrency, business, elections and more.

A new report from website security specialist SiteLock reveals that attackers are now taking a stealthier approach.

When people decide to install home automation systems and also have security alarms they installed several years ago, it's highly likely the new tech and old gadgets won't be compatible.

Similarly, if they have a security system that doesn't work with a smartphone app, they typically have to invest in new hardware and deal with lengthy installations and high bills.

Anyone who has worked in IT knows that it can be a frustrating experience at times. A new survey carried out by network security provider Lastline at RSAC 2019 set out to discover security professionals' attitudes and frustrations towards their jobs.

These come from a number of places, including resources, management and other workers. We all know that there's a skills shortage in security, but funding is often an issue too.

Blockchain is often seen as a game-changer for businesses, governments and criminals alike. But, as organizations rush to deploy applications based on blockchain technology, do the potential benefits outweigh the information risks?

The Information Security Forum (ISF) is releasing a new briefing paper aimed at boosting understanding of the technology.

Although many transactions are now carried out online, contact centers remain an important tool for businesses.

Call and contact center payment security solutions provider Semafone has had its latest Cardprotect (version 4) product validated by the Payment Card Industry Security Standards Council (PCI SSC) against the latest version of the Payment Application Data Security Standard (PA-DSS). This makes it one of the only companies in the industry to provide this level of certification.

A new study from Webroot that examines the cyber hygiene habits of 10,000 Americans, 200 in each state, reveals that 88 percent feel they take the right steps to protect themselves from cyberattacks.

However, just 10 percent scored 90 percent or higher on a cyber hygiene test, with the average respondent getting only 60 percent.

Cryptocurrency exchange Binance has been struck by hackers who were able to make off with $40 million worth of Bitcoin.

The exchange suffered what it describes as a "large scale security breach" in which attackers were able to obtain "a large number of user API keys, 2FA codes, and potentially other info". CEO Zhao Changpeng says that 7,000 BTC were withdrawn in a single transaction and the attack which was perpetrated using a variety of methods.

The dark web is, by its very nature something of an object of mystery. It's easy to think of it as a huge, closed community hidden from the world in dusty corners of the internet. But what's the reality?

Threat intelligence specialist Recorded Future has done some research to try to understand the dark web's true nature.

Container security company NeuVector is releasing new security risk assessment capabilities for enterprises using Kubernetes in production environments.

The features, added to its existing container security offering, include new dashboard widgets and downloadable reports to provide security risk scores for the most critical run-time attack risks, network-based attacks and vulnerability exploits in containers.

Privileged accounts can be a headache for organizations so you'd expect managing them to be a high priority for security teams. However, a new report from Thycotic reveals that 85 percent fail to achieve even basic privileged security hygiene.

In addition 55 percent have no idea how many privileged accounts they have or where they’re located, while over 50 percent of their privileged accounts never expire or get deprovisioned.

According to the latest Data Breach Report from Risk Based Security the number of reported data breaches was up 56.4 percent in the first quarter of 2019 compared to the same period last year.

The increase in reporting could be a result of new legislation like GDPR that obliges businesses to be more open about security issues. The number of exposed records was also up by 28.9 percent. Already in 2019, there have been three breaches exposing 100 million or more records.

Firewalls have been used to protect networks and endpoints from the very early days of the web. In recent years many people have been predicting its demise, yet the firewall is still with us.

Why is this and how has the firewall evolved to protect enterprises in the 21st century? We spoke to Ruvi Kitov, founder and CEO of network security specialist Tufin to find out.

A new study into the threats faced by US businesses produced by Securitas Security Services reveals that in many sectors businesses are concerned as much or more with physical threats such as shootings than they are with cyber security.

It also shows rising concern about the threats posed to organizations by insiders, of the 27 threat categories security executives consider to be a concern, 21 may be caused or carried out by an insider.

As owners of Dell computers will be only too aware, the company is no stranger to stuffing systems with bloatware. This is in itself is irritating, but when this bloatware includes a security vulnerability that could be exploited by hackers, the irritation becomes rather more serious.

The SupportAssist tool is supposed to provide an easy way to update drivers on Dell computers and laptops, as well as deleting unnecessary files and the like. However, it poses a security risk if you don't install the latest update from Dell to plug a vulnerability. The flaw (CVE-2019-3719) has been assigned a high severity rating of 8.0, and could enabled an attacker to take control of your computer.