Articles about Security

The entertainment industry and in particular streaming services is among the biggest targets of credential stuffing attacks according to a new report.

The study from digital delivery platform Akamai, unveiled at the NAB Cybersecurity and Content Protection Summit in Las Vegas this week, focuses on credential abuse attacks against online video and music streaming services.

Continue reading →

Concerns about Huawei's "very, very shoddy" security could mean that the Chinese company's technology is barred from key parts of the UK's 5G mobile network.

A UK watchdog has already said that Huawei poses a national security risk, but a statement from the technical director of GCHQ's National Cyber Security Centre has stepped things up. Dr Ian Levy says that "the security in Huawei is like nothing else -- it's engineering like it's back in the year 2000 -- it's very, very shoddy".

Continue reading →

Emsisoft has released a free decrypter tool for anyone who has been struck by the Planetary Ransomware, eliminating the need to pay a fee to the attackers.

Before using the tool you are advised to ensure that you have removed the malware from your computer -- something you can do with the free version of Emsisoft Anti-Malware. You also need to ensure that you don't delete the ransom note ("!!!READ_IT!!!.txt") or the decrypter won't work.

Continue reading →

A new survey of professionals in industries using industrial control systems (ICS) and operational technology (OT) finds 90 percent of respondents say their environment has been damaged by at least one cyberattack over the past two years, with 62 percent experiencing two or more attacks.

The study commissioned by Tenable from the Ponemon Institute also finds 80 percent of respondents cite lack of visibility into the attack surface, knowing what systems are part of their IT environments, as the number one issue in their inability to prevent business-impacting cyberattacks.

Continue reading →

Payday should be a pleasurable time of the month, but thanks to a new spear phishing campaign, some employees are losing their pay checks to cybercriminals.

Email defense specialist Vade Secure uncovered the attack in which criminals initiate an email conversation with HR staff to get them to change bank details for receiving direct payroll payments.

Continue reading →

A vulnerability that could allow man-in-the-middle attacks and the injection of malicious code has been found in a pre-installed app on devices manufactured by Xiaomi, one of the biggest mobile vendors.

The flaw, uncovered by researchers at Check Point is -- somewhat ironically -- in the pre-installed security app, 'Guard Provider', which is meant to protect the phone from malware.

Continue reading →

It is only a couple of weeks since we learned that Facebook has been storing user passwords in searchable plain text, and now there is -- yet another -- privacy scandal. This time, the private data of over half a billion Facebook users was left exposed on publicly-accessible Amazon servers.

Security firm UpGuard discovered that the private data of 540 million Facebook users was exposed in Amazon Web Services S3 buckets. Now removed, the data included identification numbers, comments, reactions and account names. In some instances, names, passwords and email addresses were also exposed.

Continue reading →

We all know that cybersecurity is a major issue, but it can sometimes be hard to grasp the scale of the problem and who is at risk.

Software reviews site TechJury has created an infographic to vizualize what is happening in the cybersecurity field as well as the top threats to look out for.

Continue reading →

Many organizations work with hundreds of third parties, creating new risks that must be actively managed. The financial industry, in particular, has a massive business ecosystem made up of legal organizations, accounting and human resources firms, management consulting and outsourcing firms, and information technology and software providers.

A new study into the financial services sector from security ratings company BitSight finds that 97 percent of respondents say cyber risk affecting third parties is a major issue.

Continue reading →

A new study into how enterprises manage sensitive data reveals overconfidence in knowing where private data resides, and the use of inadequate tools such as spreadsheets to track it.

The research from Integris Software shows 40 percent are 'very' or 'extremely' confident in knowing exactly where sensitive data resides, despite only taking inventory once a year or less. Yet a mere 17 percent of respondents are able to access sensitive data across five common data source types.

Continue reading →

As we approach the tax return season, a survey from document destruction and information security company Shred-It reveals that 38 percent of US taxpayers say they are worried they will become a victim of tax fraud or tax identity theft.

Yet according to the study 45 percent admit to storing tax paperwork in a box, desk drawer or unlocked cabinet at home or work. What's more, 19 percent admit they don't shred tax paperwork or physical documents containing sensitive information before throwing them away.

Continue reading →

While 78 percent of organizations now include privileged credential protection as part of their cyber security policies, their privileged access management (PAM) security practices are still lacking.

According to a new study by PAM specialist Thycotic, 85 percent of respondents are still struggling to get beyond the initial phase of PAM maturity.

Continue reading →

Online privacy has become such a concern that VPN tools -- once used only by technology experts -- have now started to become far more mainstream. Android users can take advantage of Opera's built-in VPN, and there are many other services to choose from.

Adding to this list, Cloudflare has announced a new free VPN service called Warp. It will become part of the company's existing privacy-focused 1.1.1.1 DNS resolver, and just as 1.1.1.1 was designed to simplify using a DNS tool, so Warp is being billed as a "VPN for people who don't know what V.P.N. stands for".

Continue reading →

Around half of recent cyberattacks use 'island hopping' techniques, seeking to target not just one network but those along the supply chain too.

This is one of the findings of the latest Global Incident Response Threat Report from Carbon Black. It also finds that 70 percent of attacks now attempt to move laterally around the network.

Continue reading →

A new report reveals widespread security inadequacies and protection failures among consumer financial applications.

The research for Arxan Technologies, carried out by Aite Group, says these vulnerabilities can lead to the exposure of source code, sensitive data stored in apps, access to back-end servers via APIs, and more.

Continue reading →