Articles about Security

A security researcher has discovered a vulnerability in Canonical's snapd package which could be exploited to gain administrator privileges and root access to affected Linux systems. The security issue has been dubbed Dirty_Sock and assigned the code CVE-2019-7304.

Chris Moberly found a privilege escalation vulnerability in the snapd API. This is installed by default in Ubuntu -- under which proofs of concept have been tested and found to work "100% of the time on fresh, default installations of Ubuntu Server and Desktop" -- but may also be present in numerous other Linux distros.

Continue reading →

The photo sharing site 500px has revealed details of a security breach that took place in mid-2018.

The company says that its engineering team only became aware of the breach -- which is thought to have taken place around July 5, 2018 -- a few days ago. 500px launched an investigation in conjunction with a third party and police, and says that "an unauthorized party gained access to our systems and acquired partial user data".

Continue reading →

According to the results of a new study, 58 percent of global consumers have yet to trade in an old mobile device, though 64 percent report they would be willing to do so if more stringent data management processes were in place.

The research by data erasure specialist Blancco shows 66 percent of respondents have some concern that data on their old devices might be accessed or compromised after trade-in.

Continue reading →

Email provider VFEmail has been hit by a huge attack that resulted in all of the data it stores in the US being wiped out.

Describing the attack as "catastrophic", VFEmail revealed that a hacker had breached its security and succeeded in deleted not only primary data systems, but also the backups. The attacker was caught in the act, and it was possible to intervene before damage was caused to servers in other countries. But for VFEmail users whose data was stored in the US, the news is far from good.

Continue reading →

The industry is constantly looking for ways to bolster login security. Multi-factor authentication and knowledge-based systems are popular but can be cumbersome, so how about using something you carry around all the time, yourself -- or indeed yourselfie?

Identity specialist Jumio is launching Jumio Authentication, a video-selfie authentication tool enabling users to verify themselves during high-risk transactions and unlock everything from online accounts to rental cars, replacing passwords on any device.

Continue reading →

More than half the code found in commercial software packages is open source, but if it isn’t properly tracked businesses might be in the dark on the number of vulnerabilities and license compliance issues that exist in their applications.

Software supply chain specialist Flexera has released a report looking into the state of open source license compliance, based on analyzing data from 134 software audits.

Continue reading →

An analysis of phishing attacks in the final quarter of 2018 reveals the majority of attacks showed an increase in target personalization, making them considerably more difficult to detect.

The study by email protection start up INKY shows 12 percent of phishing attacks in the period took the form of corporate VIP impersonations, 10 percent were sender forgery and six percent were via corporate email spoofing.

Continue reading →

The market is saturated with hundreds of security products, and companies spend billions of dollars each year on cybersecurity spend (expected to top $100 billion by 2020). Yet breaches and hacks are still in the news every day, because cybersecurity is such a tough problem. Organizations have a massive and exponentially growing attack surface -- there are a myriad of ways by which networks can be breached. Analyzing and transforming the enterprise cybersecurity posture is not a human-scale problem anymore. An enterprise vulnerability management program is the cornerstone for any modern cybersecurity initiative and helps security teams proactively understand and improve their security posture to avoid breaches and protect the business from brand and reputation damage, as well as loss of customer trust.

Understanding and acting on data output from your vulnerability assessment scanner is a critical component of your vulnerability management program. However, if your scanner is identifying vulnerabilities by the thousands every time a scan completes, your team will soon be left overwhelmed and struggling with how to proceed. Failure to address vulnerabilities in a timely manner due to the high volume of alerts is very problematic.  And of course, most of these vulnerabilities are bogus or merely theoretical. Traditional vulnerability management programs leave you drowning in data, but starving for insights.

Continue reading →

One of the keys to keeping systems secure is to effectively prioritize vulnerabilities. Given the volume, with 16,500 new vulnerabilities disclosed in 2018 alone, though this is a tough task.

To help businesses focus on the highest risks, Tenable is launching a new Predictive Prioritization tool that uses machine learning to zoom in on the three percent of vulnerabilities with the greatest likelihood of being exploited in the next 28 days.

Continue reading →

As systems become more complex it can be hard for enterprises to understand their IT environment, which presents a problem for operations and security teams.

Cloud-based security specialist Qualys is launching a new IT Asset Inventory cloud application to provide quick analysis of complex and interconnected global IT environments, and help collaboration on security remediation efforts.

Continue reading →

2018 saw a decline of 13 percent in the overall number of DDoS attacks when compared to the previous year, but cybercriminals are turning to longer, more sophisticated, mixed and HTTP flood attack techniques.

This is revealed in Kaspersky Lab's DDoS Q4 2018 Intelligence Report, which also shows the average attack duration has grown. Compared with the beginning of the year, the average length of attacks has more than doubled -- from 95 minutes in Q1 to 218 minutes in Q4 2018.

Continue reading →

Users of Trakt -- a service for "scrobbling", or tracking the movies and TV shows you watch in the likes of Plex and Kodi -- have received emails from the company notifying them of a data breach that took place way back in 2014.

Trakt says that although the security breach took place over four years ago, it only recently discovered it. The company says that an investigation is underway, but that it believes a "PHP exploit was used to capture data", including users' emails, usernames, encrypted passwords, names and locations.

Continue reading →

A new survey from identity platform Okta shows that 67 percent of knowledge workers prefer Microsoft Word over Google Docs, while only 15 percent report the opposite.

Another 16 percent identify Google Docs as a top-three most frustrating app. When it comes to email, 49 percent prefer Microsoft Outlook over Gmail, while 35 percent report the opposite.

Continue reading →

A disgruntled security researcher has revealed a one-click exploit that takes advantage of a macOS vulnerability to reveal all of the passwords stored in a Mac's keychain.

Linus Henze developed an exploit tool called KeySteal that uses a 0-day bug to extract keychain passwords on macOS Mojave and older. He stresses that neither root access nor administrator privileges are required, and no password prompts are generated by the tool. Henze is not going to help Apple to fix the problem because the company does not offer a bug bounty program for macOS.

Continue reading →

Airlines could be putting the personal data of their passengers at risk by using unencrypted links, according to a new report.

Researchers at security and data management company Wandera have uncovered a vulnerability affecting a number of e-ticketing systems that could allow third parties to view, and in some cases even change, a user's flight booking details, or print their boarding passes.

Continue reading →