Articles about Security

The first release for 2019 of the Debian-based Linux distro Kali Linux is now available for download. Kali Linux 2019.1 sees the kernel moving up to version 4.19.13, and it also includes Metasploit 5.0.

Offensive Security's penetration testing distro is much-loved by the infosec community, and this latest release includes ARM improvements, a range of bug fixes and package updates.

Continue reading →

A few months ago we reported on a study that found half of calls to mobiles would soon be scams without more effective protection measures being introduced.

First Orion the company behind that survey is addressing the problem with the launch of a new platform that gives consumers confidence in answering calls, but also helps businesses get their legitimate communications through.

Continue reading →

The line between information technology and operational technology is an increasingly blurred one. As companies drive towards digital transformation so OT environments increasingly interconnect with IT, resulting in a complex, sensitive and vastly expanded attack surface.

This means OT security responsibility is often moving to to the CISO. Yet traditional IT security solutions lack the ability to continuously discover and assess sensitive OT assets.

Continue reading →

The move to accessing applications from the cloud and provisioning resources dynamically has led to organizations moving to a zero trust strategy to guard against attacks and data leaks. However, this can be hard to achieve with hybrid environments.

Secure access specialist Pulse Secure is adding Software Defined Perimeter (SDP) architecture to its platform to extends its foundation of Zero Trust access for hybrid IT.

Continue reading →

Microsoft has announced that from the middle of July, Windows 7 and Windows Server 2008 users who want to continue to receive updates will need SHA-2 code signing support.

The change is being introduced because "the security of the SHA-1 hash algorithm has become less secure over time due to weaknesses found in the algorithm, increased processor performance, and the advent of cloud computing".

Continue reading →

The founder of Huawei, Ren Zhengfei, has hit back against Trump's ban on the use of his company's hardware because of concerns about Chinese espionage, saying "there's no way the US can crush us". The US has been trying to encourage other countries to follow its lead in shunning Huawei, but the UK has said it will not stop the company -- which is due to launch its P30 range of smartphones next month -- from getting involved in the rollout of 5G networks.

Ren also lashed out at the US, saying that the arrest of his daughter and Huawei CFO, Meng Wanzhou, was politically motivated.

Continue reading →

Australia's three main political parties -- Liberals, Labor and Nationals -- as well as the country's parliament have all been hit by a security breach which Prime Minister Scott Morrison says was carried out by a "sophisticated state actor".

Although the country is due to hold elections in the coming months, Morrison says there is "no evidence of any electoral interference". While it is not currently known who is responsible for the attack, various potential culprits have been suggested, including China, the US, Israel and Russia.

Continue reading →

With concerns about Chinese spying, the US has been embarked on a campaign to prevent Huawei from operating in the country. In addition to banning officials from spending money on Huawei equipment, the US government has been trying to convince other countries to follow its lead and shun the company.

Despite US pressure -- and similar moves by New Zealand and Australia -- the UK says that it has no plans to cut Huawei technology out of 5G networks. The National Cyber Security Centre says that there are ways to mitigate against any potential risk posed by Huawei equipment.

Continue reading →

When you delete a direct message on Twitter, it is gone forever, right? From a user's point of view, this is true -- a deleted message vanishes. But a security researcher has discovered that Twitter is actually hanging onto these messages.

Karan Saini found that he was able to see messages he deleted years ago when he downloaded an archive of his Twitter data from the site.

Continue reading →

When hackers hit Marriott's Starwood Hotel database last year, it was first thought that half a billion customers might be affected. This estimate was later downgraded to 383 million guests, but this is still a very large number, and it is understandable that many people are concerned that their data may have been accessed.

There was particular concern about whether passport numbers had been accessed, and this is what a new checking tool lets you check. Marriott has teamed up with security firm OneTrust to enable customers to check if their data was included in the security breach.

Continue reading →

Protecting your online privacy is important. There has been a lot of discussion in recent years about how to stay safe online, and an increasing number of people are turning to Virtual Private Networks to keep their browsing data hidden from advertisers and overzealous intelligence agencies.

However, your privacy could still be at risk even behind the protection of a VPN. There are three common vulnerabilities that can leak information about you online: WebRTC and DNS leaks which affect VPN users, and app data leaks which can affect anyone and everyone. Read on to find out more about these three types of data leak, and what steps you can take to prevent them.

Continue reading →

With growing security threats and compliance being taken seriously, companies are more aware than ever of the need to protect their data.

This means hackers must work harder to try to steal information and contact centers are in the front line. We spoke to Ben Rafferty, chief innovation officer at security and compliance specialist Semafone to find out how contact centers are under threat and what can be done to protect them.

Continue reading →

Website tags, small pieces of JavaScript code or small images, are often used to collect information about users. But they can add to load times and if misused can be a security risk too.

A new study from digital governance specialist Crownpeak reveals over 1,700 'dark web' tags found on websites belonging to companies in the Fortune 100, causing a total average website latency of 5.2 seconds.

Continue reading →

A Nigeria-based gang of scam artists, known as Scarlet Widow, have been using romance scams to trick victims out of large amounts of cash.

Secure email company Agari has uncovered the scam which involves posting fake personas on the largest dating websites like Match, eHarmony, and OKCupid.

Continue reading →

A majority of organizations are not confident in their ability to avoid major data breaches according to a new study.

The report for breach avoidance company Balbix, based on research from the Ponemon Institute, shows that 68 percent feel their staffing is not adequate for a strong cybersecurity posture and only 15 percent say their patching efforts are highly effective.

Continue reading →