Articles about Security

Bring your own device (whereby employees work from personal devices like their mobile phones) is quickly becoming the norm in today’s business environment. Companies that embrace BYOD are able to give employees more freedom to work remotely, resulting in increased productivity, cost savings and talent retention. In fact, 85 percent of organizations now allow BYOD for at least some of their stakeholders, including employees, contractors, partners, customers and suppliers.

It is important to note that BYOD does change an organization’s threat landscape and requires security tools that are different than those that are used to protect managed devices. Unfortunately, a widespread misunderstanding about this point has contributed to an unfounded assumption that BYOD is inherently riskier than the traditional way of doing things. In reality, this is a myth fueled by companies that fail to implement proper security tools and processes for protecting data in BYOD environments. Consider the following findings from a recent report on BYOD and security:

Continue reading →

Google is warning users of Windows 7 that they are at risk from a privilege escalation zero-day bug -- and the advice is to upgrade to Windows 10 as there is no patch currently available for the actively exploited vulnerability.

The problem stems from two vulnerabilities being exploited in combination -- one in Chrome, and one in Windows. Having pushed out a patch to its Chrome web browser, Google is warning that Windows 7 users are still exposed until such a time as Microsoft develops a patch.

Continue reading →

Attacks using banking Trojans are among the most popular with cybercriminals as they are focused directly on financial gain.

According to a new report from Kaspersky Lab, 889,452 users of Kaspersky Lab solutions were attacked by banking Trojans last year, an increase of 15.9 percent compared to 2017.

Continue reading →

It's been a while since we heard much about Spectre, the speculative execution exploit that sent the security world into a frenzy. Cast your mind back a little while and you'll probably remember that the various fixes that were produced to mitigate against the exploits all had one thing in common -- they resulted in a performance hit.

To help address the reduced performance experienced on older AMD and Intel systems, a new mitigation technique called Retpoline was developed. This new Spectre patch is currently included in Insider builds of Windows 10, but you can install it and enable it right now -- regardless of whether you are signed up for the Insider program -- and enjoy a speed boost for your computer.

Continue reading →

There is an acknowledged shortage of security talent in the West, but at the same time a lack of opportunity in many developing nations such as South America and India is leading to fledgling talent utilising its expertise for nefarious acts rather than for legal activity.

But a new approach to threat detection and prevention could help address the skills shortage while giving cybersecurity talent in developing countries the chance to earn an honest wage. We spoke to Steve Bassi, CEO of PolySwarm to find out more.

Continue reading →

Researchers at Kaspersky Lab have uncovered a new strain of malware spreading via The Pirate Bay torrent tracker site.

Named after the classic Russian doll, PirateMatryoshka aims to infect users' computers with adware and tools that spreads further malware onto the device. It carries a Trojan-downloader disguised as a hacked version of legitimate software used in everyday PC activity.

Continue reading →

Researchers at email and data security company Mimecast have uncovered a bug in Microsoft Word that can be used to bypass security systems.

The bug incorrectly handles integer overflows and can be used to circumvent security systems and fool parsers to deliver remote code that can take complete control over a compromised machine.

Continue reading →

Given the number of high profile security breaches that make the headlines, you'd expect people to be wary about online security.

But a new study by Malwarebytes Labs shows a mismatch between people's confidence in their own privacy and security practices and their actual behavior.

Continue reading →

It's well known that there is a skills shortage in cyber security, with a predicted global shortfall of 1.8 million cybersecurity professionals by 2022.

But new research, commissioned by cybersecurity training organization the SANS Institute and conducted by respected research firm Vanson Bourne  polled 4000 students across the UK and EMEA and reveals a lack of awareness of careers in the sector.

Continue reading →

It is a year since Google's parent company Alphabet launched the cybersecurity outfit Chronicle. Now the startup has launched its first product, a security platform called Backstory.

Backstory is an enterprise-level cybersecurity and analytics platform; Chronicle describes it as "the first global security telemetry platform designed for a world that thinks in petabytes". Coinciding with the launch, Chronicle has teamed up with security firms Avast and Proofpoint.

Continue reading →

Levels of attack traffic observed by F-Secure's network of decoy honeypots in 2018 increased by 32 percent over the previous year, and increased fourfold in the latter half of 2018 compared with the first half of the year.

The report suggests that many companies may not have the visibility they need to catch attacks that make it past preventative measures like firewalls and endpoint protection.

Continue reading →

Google's Project Zero has gone public about a "high severity" flaw in the macOS kernel after Apple failed to patch it 90 days after being told about the problem.

A security researcher discovered a problem in XNU that means it is possible to perform malicious activities. The security bug related to copy-on-write (COW) behavior, enabling an attacker to manipulate filesystem images without the operating system being notified. Apple was informed of the vulnerability back in November, but has failed to release a patch.

Continue reading →

Open source breaches have increased by 71 percent over the last five years, while 26 percent of companies have reported a confirmed or suspected web application breach in the past year alone according to a new report.

The study from open source governance specialist Sonatype also shows 41 percent of executives admit their company doesn’t follow an open source governance programme.

Continue reading →

The World Wide Web Consortium (W3C) and the FIDO Alliance have today announced that the Web Authentication (WebAuthn) specification is now an official web standard.

W3C's WebAuthn recommendation, a core component of the FIDO Alliance's FIDO2 set of specifications, is a browser/platform standard for simpler and stronger authentication.

Continue reading →

The US has made no secret of the fact it does not trust Huawei, and the company's hardware has been shunned by the government over fears about Chinese espionage. There have also been calls for Huawei hardware to be barred from the US power grid.

The smartphone manufacturer has previously indicated that it is not willing to go down without a fight, and this threat could be about to be put into action. Huawei is said to be preparing to sue the US government, challenging last year's addition to the US National Defense Authorization Act (NDAA), according to sources talking to the New York Times.

Continue reading →