Articles about Security

The average cost of a cyberattack is now estimated at $1.1 million, according to a new report from cybersecurity company Radware. For organizations that calculate rather than estimate the cost of an attack, that number increases to $1.67M.

The main impact of cyberattacks, as reported by respondents, is operational/productivity loss (54 percent), followed by negative customer experience (43 percent). What’s more, almost half (45 percent) report that the goal of the attacks they suffered was service disruption. Another third (35 percent) say the goal was data theft.

Continue reading →

Google has reminded developers that their apps will be removed from the Play Store if they request SMS or Call Log permissions. The policy change was announced last year, and over the next few weeks the app removal process begins.

While these particular permissions have been used to give Android users a choice of dialers and messaging apps, Google says there have also been instances of abuse. The company is introducing far stricter restrictions in the name of privacy and protecting user data.

Continue reading →

The latest Global Threat Index from Check Point shows that at the end of last year cryptominers still took the top three places in the malware charts, despite an overall drop in value across all cryptocurrencies in 2018.

Coinhive retained its number one position for the 13th month in a row, impacting 12 percent of organizations worldwide. XMRig was the second most prevalent malware with a global reach of eight percent, closely followed by the JSEcoin miner in third with a global impact of seven percent.

Continue reading →

With the US government shutdown in its third week, President Trump continues to try to convince both his own party and the Democrats to agree to fund one of his campaign promises -- a wall on the southern border.

So far, the shutdown has seen national parks and more left unstaffed, and today is the first payday on which hundreds of thousands of federal workers will not receive a paycheck. Another side effect of the shutdown is that numerous government websites are offline as their TLS certificates have expired, and no one is available to renew them.

Continue reading →

Netflix has millions of users around the world, but how many of these are actually paying customers? Many of us either know (or are) people who share their Netflix account with friends and family, or leech off the one person they know that's willing to pay for a subscription.

But Netflix free rides could be coming to an end. At CES, UK-based firm Synamedia revealed artificial intelligence software that could be used by Netflix and other companies to detect and block the sharing of account credentials.

Continue reading →

According to a new survey, 85 percent of respondents are either very or somewhat confident in their organization's security program, yet 41 percent say their company has experienced a security breach and 20 percent more are unsure.

The study from big data specialist Syncsort finds the most common type of breaches are virus/malware attacks (76 percent) and phishing (72 percent). Interestingly, virus attacks came from internal sources roughly half the time while phishing usually came from external sources (78 percent).

Continue reading →

Each year, the amount of investment organizations -- big and small -- are making to protect their most valuable assets with technological and physical safeguards continues to grow by staggering amounts. Yet, with just one click or touch, an unsuspecting employee can expose a company to cyber spying, ransomware or outright theft.

Private companies are aware of various risks posed to their businesses both from external threat actors (e.g., business/political rivals, organized cyber criminals) and from their own personnel (e.g., disgruntled employees). This year, 38 percent of mid-market and private leaders ranked cybersecurity as a top information technology (IT) investment priority according to Deloitte’s annual mid-market technology trends report. What are they investing in? New information security capabilities, monitoring and detection, and employee education initiatives.

Continue reading →

It feels like it has been a while since we've had any NSA-related news -- interest in mass surveillance has been overtaken by other concerns. After a series of Vault 7 leaks from WikiLeaks about the organization, the NSA is now planning to release its GHIDRA framework, designed to reverse-engineer malware and other software, later in the year.

The framework will be available for Windows, macOS and Linux, and it is set to be demonstrated and publicly released at the RSAConference in March. While it might seem like a bad idea to release a tool that can be used to break down malware and see how it works -- and, therefore, create other similar attack tools -- the idea is actually to help increase security.

Continue reading →

Back in late November, Marriott International went public with news that its Starwood Hotel reservation database had been hacked. At the time, the company suggested that up to 500 million customer records had been put at risk as a result, but now it has provided an update with a reduced estimate.

The company now says that it believes up to 383 million guests may have been affected; but the news is not all good. Marriott also reveals that over 5 million unencrypted passport numbers were stolen by hackers.

Continue reading →

A security researcher has released proof-of-concept code for a zero-day exploit in Windows 10. The bug was revealed by SandboxEscaper, a researcher who has exposed Windows vulnerabilities in the past.

The latest bug makes it possible to overwrite files with arbitrary data, and while there are numerous criteria that must be met in order for the vulnerability to be exploited, it is still potentially serious. SandboxEscaper warned Microsoft about the problem on Christmas day, before publishing the PoC a couple of days later.

Continue reading →

Starting in January, the European Commission is going to fund bug bounty programs for a number of open source projects that are used by members of the EU. The initiative is part of the third edition of the Free and Open Source Software Audit (FOSSA) project, which aims to ensure the integrity and reliability of the internet and other infrastructure.

In all, the Commission will fund 15 bug bounty programs, with rewards ranging from €17,000 ($19,400) to €90,000 ($103,000).

Continue reading →

A number of major US newspapers -- including the Los Angeles Times, Chicago Tribune, Wall Street Journal and New York Times -- have been hit by a cyberattack that is said to originate from another country.

Malware was first detected on Thursday by Tribune Publishing, the owner of some of the affected titles, but unsuccessful attempts at quarantining meant that there was disruption well into Saturday. The Department of Homeland Security is currently investigating the incident which is not thought to have exposed any personal customer details.

Continue reading →

The blackhat hackers are evolving as quickly as technology is. To protect their sensitive information, companies can put documents in a public cloud. Why the public cloud? While it might seem that public cloud solutions are less reliable than traditional IT platforms, the reality is that they’re actually more secure. With the cloud, a company’s security team is able to monitor network audit logs more closely to detect any abnormalities. Furthermore, audit data can be easily centralized without having to navigate through inconvenient firewall interfaces and other closed proprietary systems. These components are essential for improving security procedures.

The public cloud also allows for more thorough security analyses after an audit. Cloud data analysis systems allow the audit data to be inspected in a more efficient, cost-effective way. These systems take in large quantities of information and are available whenever they’re needed. Real-time monitoring and automated alerts also allow for an immediate response in the event of a security breach. This can dramatically reduce the impact of security incidents and help pinpoint areas that need to be addressed. 

Continue reading →

With browsers often in the middle of many corporate activities, it’s no wonder that they are now subject to many of the same challenges encountered on desktops, smartphones and other hardware-based endpoints. Many IT pros wouldn’t consider browsers to be a critical network endpoint, but those pros would surely place importance on mobile devices, laptops, desktops and servers. Given the valuable role browsers play in accessing enterprise applications and information, it’s time to rethink how we classify them and, more importantly, how we manage and secure them.

Mobility and cloud computing are taking over today’s workforce, and the browser’s significance is trending. The majority of office applications -- such as Microsoft Office 365, Salesforce CRM, and the Zoho One business suite -- run in the cloud and are accessible via browser. These kinds of applications allow users to work from anywhere, at any time, using their laptops, smartphones and other browser-enabled devices.

Continue reading →

Microsoft has issued an emergency, out-of-band patch for an Internet Explorer zero-day that was being actively exploited in targeted attacks.

The company says that it learned about the vulnerability through a report from Google. CVE-2018-8653 affects a range of versions of Internet Explorer from 9 to 11, across Windows 7 to 10 and Windows Server.

Continue reading →