Articles about Security

Internet of Things devices have proved to be problematic in their vulnerability to cyber attacks. This is underlined by a new report from F-Secure which finds that threats and the number of attacks continue to increase, but still depend on well-known security weaknesses, such as unpatched software and weak passwords.

The number of IoT threats observed by F-Secure Labs doubled in 2018, growing from 19 to 38 in the space of a single year.

Continue reading →

Google has published its fifth Android Security & Privacy Year in Review, this time looking back at 2018. While the report draws attention to some of the security and privacy improvements the company has made, it is not just about Google blowing its own trumpet.

The report shows that payouts made through Google rewards programs -- payments made to outside researchers and individuals for bringing security issues to the company's attention -- reached $3 million in 2018. Google also says that in the fourth quarter of the year, 84 percent more devices received a security update than in the same quarter in 2017.

Continue reading →

As the threat landscape continues to rapidly evolve, businesses need to be able to react quickly and have an effective strategy to deal with attacks.

Security specialist F-Secure is calling for greater emphasis on both preparing for a breach as well as fast and effective containment that has the correct balance of people, process and technology.

Continue reading →

Phishing is a major problem for large organizations, but while there are standards to authenticate email and prevent phishers from spoofing domains with fake emails, a majority of companies have not made full use of them.

The tech sector has moved faster than some but while they are beginning to implement protection many companies in this sector are still at an early stage with the result that 90 percent are still vulnerable to impersonation.

Continue reading →

VPNs are frequently used by people to increase security, improve privacy, to browse the internet as if in another country, and to bypass restrictions put in place by ISPs and governments. Aware of this, authorities in Russia have ordered ten big-name VPNs to block access to various sites banned in the country.

Among those to have been contacted by the authorities are NordVPN, ExpressVPN, IPVanish, HideMyAss and TorGuard. At least one of these VPN providers has decided to pull out of Russia.

Continue reading →

In its fifth annual report, the UK's Huawei oversight board says that the Chinese firm poses a threat to national security. It reached the conclusion after discovering that the company has made "no material progress" in addressing the security flaws highlighted in last year's report.

But while the report was damning of Huawei, saying it found additional "significant technical issues in Huawei’s engineering processes leading to new risks in the UK telecommunications networks", the board stopped short of calling for a ban on Huawei's involvement in 5G in the UK.

Continue reading →

A new survey of more than 200 CISOs in the US and Canada finds that large enterprises typically operate 1,300 or more complex applications but only protect 60 percent of them, leaving more than 500 applications unprotected at a time where adversarial attacks are increasing.

The study from crowdsourced security company Bugcrowd along with the Enterprise Strategy Group (ESG), also shows strong interest in using DevOps to automate security.

Continue reading →

Countries with government-mandated encryption backdoors are more susceptible to nation-state attacks according to 73 percent of security professionals.

A survey from machine identity protection company Venafi also finds 69 percent believe countries with encryption backdoors suffer economic disadvantages in the global marketplace as a result.

Continue reading →

The UK has something of a reputation for its wet climate, and its citizens for constantly talking about the weather. So it may come as a surprise to find that in the UK the chance of experiencing a data breach is higher than that of encountering a rainy day.

A survey by technology services company Probrand shows 43 percent of UK businesses having suffered a cyber breach or attack in the last 12 months as against just 36.4 percent chance on average of encountering a wet day.

Continue reading →

Kaspersky has released the results of an astonishing study that found that almost half of world's Industrial Control System (ICS) computers was subjected to malicious cyber activity last year.

While malware and cyber attacks have been a problem for some time, there is particular concern about the rising numbers of ICS computers being affected. In the case of downtime for such systems, there is the risk of material losses and production downtime at industrial facilities.

Continue reading →

A new report from the Information Security Forum looks at the threats organizations can expect to face over the next two years as a result of increasing developments in technology.

The Threat Horizon 2021 report highlights three major themes that will present particularly difficult cyber security challenges for businesses.

Continue reading →

The biggest problem for security teams is often too much data and many are addressing this by turning to analytics and machine learning, according to a new report.

The study from CyberEdge Group surveyed 1,200 IT security decision makers and practitioners and finds 47 percent intend to deploy advanced analytics solutions in the next year.

Continue reading →

Kaspersky Lab reports that the software update system used by ASUS was hijacked by hackers and used to deliver a backdoor-laden piece of malware to users. The company estimates that around a million users may have been affected by what it describes as "one of the biggest supply-chain incidents ever".

Back in January, the security firm discovered that a threat actor interfered with the ASUS Live Update Utility, adding a backdoor to it. Signed with an official ASUS certificate and carefully crafted to be precisely the same size as the official tool, the malware -- dubbed ShadowHammer -- went unnoticed for some time.

Continue reading →

A new study reveals that 79 percent of IT leaders believe that employees have put company data at risk accidentally in the last 12 months, and 61 percent believe they have done so maliciously.

The research from data security company Egress also explores how employees and executives differ in their views of what constitutes a data breach and what is acceptable behavior when sharing data.

Continue reading →

When you think of cybersecurity, art and beauty probably aren't the first things that come to mind. But if Trend Micro has its way that could be about to change.

The company has commissioned a number of artists to create what it calls The Art of Cybersecurity. This is a series of works based on security data, with the idea of shifting the perception of protecting systems from a burden, to something beautiful.

Continue reading →