Security

Good website security is essential to give customers confidence in your business, but for smaller organizations testing can prove difficult.

To address this issue, security testing and risk rating company ImmuniWeb is launching a free website security test that can be used by anyone.

Spam emails containing malware significantly dropped in 2018, to just six percent, down from 26 percent in 2017. But at the same time malware is becoming more sophisticated and harder to detect.

These are among the findings of the latest Global Security Report from Trustwave. The largest single category of malware encountered is downloaders at 13 percent.

The latest quarterly threat research from Malwarebytes for Q1 2019 reveals a 200 percent jump in ransomware and continued increase in business targets for cyberthreats.

This shift back to ransomware comes in the wake of a continued decline in cryptomining, as well as an increased focus on mobile attacks and large-scale business invasions.

In new draft security baseline documentation, Microsoft has scrapped the policy that requires users to change their passwords on a regular basis.

The new security settings apply to Windows 10 version 1903 and Windows Server version 1903, and the change sees Microsoft conceding that its policy of forcing periodic password changes is "an ancient and obsolete mitigation of very low value". The company has a series of suggestions for how to better improve password security.

The proliferation of healthcare Internet-of-things devices, along with unpartitioned networks, insufficient access controls and the reliance on legacy systems, has exposed a vulnerable attack surface that can be exploited by cybercriminals, according to a new report.

The study by network threat detection specialist Vectra also shows gaps in policies and procedures can result in errors by healthcare staff members.

Around a quarter of employees share confidential information via chat sessions, and a similar number talk badly about their boss, while 78 percent wouldn’t care if some of this information was exposed publicly.

These are among the findings of a new study by secure collaboration platform Symphony which surveyed over 1,500 employees in the US and UK about their workplace communication habits.

Huawei has had a rough time of things when it comes to international relations, with the US and others implementing various bans on the use of the company's products. It all stems from fears about Huawei's alleged connections to the Chinese government and the potential for espionage, but this is something the company has denied time and time again.

The US has made no secret of its doubts about Huawei, and the fears have spread around the globe. Now, according to a report, the CIA has issued a warning to the UK saying that the firm has received funding from Chinese state security.

That people are lazy is not news. Ditto the fact that people like to make things as easy for themselves as possible. These two facts do not work well when it comes to security and passwords, as a new study reveals.

Analysis carried out by the UK's National Cyber Security Centre (NCSC) found that huge numbers of people are still -- despite continued advice -- using weak, easy-to-guess passwords to secure their accounts. The most commonly used password on breached accounts was found to be 123456, and there were plenty of others that were similarly insecure. The NCSC, in conjunction with Have I Been Pwned's Troy Hunt, has also published a list of the 100,000 most common passwords globally.

With no fanfare whatsoever, Facebook has revealed that it stored the passwords for millions of Instagram accounts in plain text.

The news came as the company quietly updated a blog post from last month in which it revealed that it had stored hundreds of millions of unencrypted Facebook passwords on its servers. At the time, the company said "tens of thousands" of Instagram users were affected. Revising this figure upwards, Facebook says: "We now estimate that this issue impacted millions of Instagram users".

The endpoint is on the front line of the network security battle, but a new study from Absolute reveals that endpoint security tools and agents fail, reliably and predictably.

The study analyzed data from six million devices and one billion change events over the course of a year. It finds the complexity of endpoint device controls creates a false sense of security among organizations while, in reality, causing security gaps and significant risks due to regular and reliable tool failure.

A few days ago, a security vulnerability in Internet Explorer came to light. A flaw in the handling of certain files can be exploited by hackers to steal files from users, and -- most worrying -- it doesn't matter whether the victim is an Internet Explorer user or not.

Microsoft is yet to create a fix for the vulnerability, so someone else has stepped up to the plate. Specialists from ACROS Security have create a micropatch for Windows 10 that addresses the issue, once again beating Microsoft in securing people's computers.

It seems that barely a week passes without another Facebook scandal emerging, and this week is no different. The company has revealed that it accidentally uploaded the email contacts of up to 1.5 million users who signed up for the social network since 2016.

A glitch meant that new users who signed up for email password verification had their email contacts scraped and uploaded without consent. As of last month , Facebook stopped offering this verification option to first-time users, although it's not clear if this is because of the privacy issue.

In 2018 bad bots accounted for one in five website requests (20.4 percent of web traffic), while good bots decreased slightly to make up 17.5 percent of traffic.

This is among the findings of Distil Networks' latest annual Bad Bot Report which investigated hundreds of billions of bad bot requests from 2018 over thousands of domains to provide deeper insight into the daily automated attacks.

A new survey of IoT developers reveals their top concerns are security (38 percent of respondents), connectivity (21 percent), and data collection and analysis (19 percent).

Performance (18 percent), privacy (18 percent), and standards (16 percent) are also areas cited as particularly challenging. These findings come from The Eclipse Foundation which has surveyed more than 1,700 developers via its IoT Working Group.

The rise of edge devices, customer service terminals, digital signage and so on has led to increased demand for embedded processing.

Chip maker AMD is expanding its offering in this market with the launch of the new Ryzen Embedded R1000 Series SoC. This offers embedded customers dual core, quad-threaded performance, as well as the ability to run fanless, low power solutions for 4K displays, while providing leading-edge security features.