Articles about Security

Researchers at Kaspersky Lab have uncovered a new strain of malware spreading via The Pirate Bay torrent tracker site.

Named after the classic Russian doll, PirateMatryoshka aims to infect users' computers with adware and tools that spreads further malware onto the device. It carries a Trojan-downloader disguised as a hacked version of legitimate software used in everyday PC activity.

Continue reading →

Researchers at email and data security company Mimecast have uncovered a bug in Microsoft Word that can be used to bypass security systems.

The bug incorrectly handles integer overflows and can be used to circumvent security systems and fool parsers to deliver remote code that can take complete control over a compromised machine.

Continue reading →

Given the number of high profile security breaches that make the headlines, you'd expect people to be wary about online security.

But a new study by Malwarebytes Labs shows a mismatch between people's confidence in their own privacy and security practices and their actual behavior.

Continue reading →

It's well known that there is a skills shortage in cyber security, with a predicted global shortfall of 1.8 million cybersecurity professionals by 2022.

But new research, commissioned by cybersecurity training organization the SANS Institute and conducted by respected research firm Vanson Bourne  polled 4000 students across the UK and EMEA and reveals a lack of awareness of careers in the sector.

Continue reading →

It is a year since Google's parent company Alphabet launched the cybersecurity outfit Chronicle. Now the startup has launched its first product, a security platform called Backstory.

Backstory is an enterprise-level cybersecurity and analytics platform; Chronicle describes it as "the first global security telemetry platform designed for a world that thinks in petabytes". Coinciding with the launch, Chronicle has teamed up with security firms Avast and Proofpoint.

Continue reading →

Levels of attack traffic observed by F-Secure's network of decoy honeypots in 2018 increased by 32 percent over the previous year, and increased fourfold in the latter half of 2018 compared with the first half of the year.

The report suggests that many companies may not have the visibility they need to catch attacks that make it past preventative measures like firewalls and endpoint protection.

Continue reading →

Google's Project Zero has gone public about a "high severity" flaw in the macOS kernel after Apple failed to patch it 90 days after being told about the problem.

A security researcher discovered a problem in XNU that means it is possible to perform malicious activities. The security bug related to copy-on-write (COW) behavior, enabling an attacker to manipulate filesystem images without the operating system being notified. Apple was informed of the vulnerability back in November, but has failed to release a patch.

Continue reading →

Open source breaches have increased by 71 percent over the last five years, while 26 percent of companies have reported a confirmed or suspected web application breach in the past year alone according to a new report.

The study from open source governance specialist Sonatype also shows 41 percent of executives admit their company doesn’t follow an open source governance programme.

Continue reading →

The World Wide Web Consortium (W3C) and the FIDO Alliance have today announced that the Web Authentication (WebAuthn) specification is now an official web standard.

W3C's WebAuthn recommendation, a core component of the FIDO Alliance's FIDO2 set of specifications, is a browser/platform standard for simpler and stronger authentication.

Continue reading →

The US has made no secret of the fact it does not trust Huawei, and the company's hardware has been shunned by the government over fears about Chinese espionage. There have also been calls for Huawei hardware to be barred from the US power grid.

The smartphone manufacturer has previously indicated that it is not willing to go down without a fight, and this threat could be about to be put into action. Huawei is said to be preparing to sue the US government, challenging last year's addition to the US National Defense Authorization Act (NDAA), according to sources talking to the New York Times.

Continue reading →

With every passing year, cybercrime gets worse. It makes sense: it’s lucrative. Cybercrime is estimated to be a $1.5 trillion industry, with some countries now basing their economy around cybercrime. As a result, cybercriminals are now emboldened with new technology that makes data breach attacks easier and more accessible.

With all of that in mind, you may be wondering whether your business, in particular, is likely to suffer an attack. And even though you may have seen some statistics, the answer is a little more complicated than it seems. Here are some important cybersecurity statistics that can shed some light on what you can expect in 2019.

Continue reading →

Privileged accounts are a necessity in all enterprise IT environments. Administrators must have enhanced privileges to manage the environment. Unfortunately, these privileged accounts bring high risk to a company’s network; in fact, recent research shows that almost half (44 percent) of all security breaches that happened in 2017 involved privileged account access.

There are a number of reasons these privileged accounts bring such high risk with them. For example, something so simple as a password reset can mistakenly grant a user full administrative rights that can be misused either intentionally or accidentally. These accounts are also inherently difficult to manage due to the high volume of users and systems that need access to the same credentials, making it difficult to keep the credentials secure. Luckily, there are some concrete, critical steps that an organization can take to ensure risk on its network is minimized and protected from privileged account misuse.

Continue reading →

Facebook has been encouraging users to enable two-factor authentication to boost the security of their accounts, but it turns out that there's a slightly sinister side to this feature.

You may well have opted to maintain an element of privacy by omitting personal information such as your address and phone number from your profile. But if you've used your mobile number to secure your account with 2FA, even if it is not visible to others, it can still be used to search for you -- and there is no way to opt out of this.

Continue reading →

iPhones are renown for their security -- to the point that even law enforcement agencies have trouble accessing their contents. An Israeli firm, Cellebrite, became well-known when it transpired that hacking tools it made were used by the US government to crack locked iPhones… and now its hacking tools are available to buy on eBay.

For as little as $100-$1000, you can get your hands on a second-hand piece of Cellebrite equipment (a fraction of its usual selling price). For just a few Benjamins, you could get a Cellebrite UFED (Universal Forensic Extraction Device) and use it for whatever you might fancy.

Continue reading →

We recently reported on how formjacking has become a popular and lucrative form of online fraud. It’s difficult for the consumer to detect which makes it a particular hazard.

But in the UK the new Open Banking standard, aimed at making it easier for consumers to share financial data across organizations, could make formjacking and other frauds obsolete. We spoke to Luca Martinetti, CTO and co-founder of financial API provider TrueLayer  to find out more

Continue reading →