Payday should be a pleasurable time of the month, but thanks to a new spear phishing campaign, some employees are losing their pay checks to cybercriminals.

Email defense specialist Vade Secure uncovered the attack in which criminals initiate an email conversation with HR staff to get them to change bank details for receiving direct payroll payments.

Continue reading →

A vulnerability that could allow man-in-the-middle attacks and the injection of malicious code has been found in a pre-installed app on devices manufactured by Xiaomi, one of the biggest mobile vendors.

The flaw, uncovered by researchers at Check Point is -- somewhat ironically -- in the pre-installed security app, 'Guard Provider', which is meant to protect the phone from malware.

Continue reading →

It is only a couple of weeks since we learned that Facebook has been storing user passwords in searchable plain text, and now there is -- yet another -- privacy scandal. This time, the private data of over half a billion Facebook users was left exposed on publicly-accessible Amazon servers.

Security firm UpGuard discovered that the private data of 540 million Facebook users was exposed in Amazon Web Services S3 buckets. Now removed, the data included identification numbers, comments, reactions and account names. In some instances, names, passwords and email addresses were also exposed.

Continue reading →

We all know that cybersecurity is a major issue, but it can sometimes be hard to grasp the scale of the problem and who is at risk.

Software reviews site TechJury has created an infographic to vizualize what is happening in the cybersecurity field as well as the top threats to look out for.

Continue reading →

Many organizations work with hundreds of third parties, creating new risks that must be actively managed. The financial industry, in particular, has a massive business ecosystem made up of legal organizations, accounting and human resources firms, management consulting and outsourcing firms, and information technology and software providers.

A new study into the financial services sector from security ratings company BitSight finds that 97 percent of respondents say cyber risk affecting third parties is a major issue.

Continue reading →

A new study into how enterprises manage sensitive data reveals overconfidence in knowing where private data resides, and the use of inadequate tools such as spreadsheets to track it.

The research from Integris Software shows 40 percent are 'very' or 'extremely' confident in knowing exactly where sensitive data resides, despite only taking inventory once a year or less. Yet a mere 17 percent of respondents are able to access sensitive data across five common data source types.

Continue reading →

As we approach the tax return season, a survey from document destruction and information security company Shred-It reveals that 38 percent of US taxpayers say they are worried they will become a victim of tax fraud or tax identity theft.

Yet according to the study 45 percent admit to storing tax paperwork in a box, desk drawer or unlocked cabinet at home or work. What's more, 19 percent admit they don't shred tax paperwork or physical documents containing sensitive information before throwing them away.

Continue reading →

While 78 percent of organizations now include privileged credential protection as part of their cyber security policies, their privileged access management (PAM) security practices are still lacking.

According to a new study by PAM specialist Thycotic, 85 percent of respondents are still struggling to get beyond the initial phase of PAM maturity.

Continue reading →

Online privacy has become such a concern that VPN tools -- once used only by technology experts -- have now started to become far more mainstream. Android users can take advantage of Opera's built-in VPN, and there are many other services to choose from.

Adding to this list, Cloudflare has announced a new free VPN service called Warp. It will become part of the company's existing privacy-focused 1.1.1.1 DNS resolver, and just as 1.1.1.1 was designed to simplify using a DNS tool, so Warp is being billed as a "VPN for people who don't know what V.P.N. stands for".

Continue reading →

Around half of recent cyberattacks use 'island hopping' techniques, seeking to target not just one network but those along the supply chain too.

This is one of the findings of the latest Global Incident Response Threat Report from Carbon Black. It also finds that 70 percent of attacks now attempt to move laterally around the network.

Continue reading →

A new report reveals widespread security inadequacies and protection failures among consumer financial applications.

The research for Arxan Technologies, carried out by Aite Group, says these vulnerabilities can lead to the exposure of source code, sensitive data stored in apps, access to back-end servers via APIs, and more.

Continue reading →

Internet of Things devices have proved to be problematic in their vulnerability to cyber attacks. This is underlined by a new report from F-Secure which finds that threats and the number of attacks continue to increase, but still depend on well-known security weaknesses, such as unpatched software and weak passwords.

The number of IoT threats observed by F-Secure Labs doubled in 2018, growing from 19 to 38 in the space of a single year.

Continue reading →

Google has published its fifth Android Security & Privacy Year in Review, this time looking back at 2018. While the report draws attention to some of the security and privacy improvements the company has made, it is not just about Google blowing its own trumpet.

The report shows that payouts made through Google rewards programs -- payments made to outside researchers and individuals for bringing security issues to the company's attention -- reached $3 million in 2018. Google also says that in the fourth quarter of the year, 84 percent more devices received a security update than in the same quarter in 2017.

Continue reading →

As the threat landscape continues to rapidly evolve, businesses need to be able to react quickly and have an effective strategy to deal with attacks.

Security specialist F-Secure is calling for greater emphasis on both preparing for a breach as well as fast and effective containment that has the correct balance of people, process and technology.

Continue reading →

Phishing is a major problem for large organizations, but while there are standards to authenticate email and prevent phishers from spoofing domains with fake emails, a majority of companies have not made full use of them.

The tech sector has moved faster than some but while they are beginning to implement protection many companies in this sector are still at an early stage with the result that 90 percent are still vulnerable to impersonation.

Continue reading →