Articles about Security

Despite the fact that in recent months we've seen cybercriminals focusing their efforts on businesses, 68 percent of infections are seen on consumer endpoints, compared to 32 percent on business endpoints.

This is one of the findings of the latest Webroot Threat Report, which also shows that legitimate websites are frequently compromised to host malicious content, with 40 percent of malicious URLs hosted on good domains.

Continue reading →

If you've ever tried to book tickets for a concert, festival or event you will know that it can be something of a frustrating experience, and bots could be making it even more so.

New research from Distil Networks finds 39.9 percent of traffic on ticketing sites comes from bots used by brokers, scalpers, hospitality agencies, and sundry criminals to execute a number of attacks, including denial of inventory, spinning and scalping, scraping seat map inventory, fan account takeover, and fraud.

Continue reading →

A new study reveals that 87 percent of cybersecurity professionals believe separating privileged environments from corporate, internet-exposed environments is highly critical for protecting sensitive information.

But the Privileged Access Workstations (PAW) survey carried out by Cybersecurity Insiders for endpoint security company Hysolate also finds that time-consuming access processes and the inability to install apps, browse the web or plug in external devices, are key implementation roadblocks.

Continue reading →

Security researchers from Dojo by Bullguard have discovered a vulnerability in Amazon's Ring doorbell that leaves it prone to man-in-the-middle attacks.

As well as enabling a hacker to access audio and video feeds in a severe violation of both privacy and security, the vulnerability also means that an attacker could replace a feed with footage of their own. Revealing the security flaw at Mobile World Congress, Yossi Atias from Dojo, demonstrated how a feed could be hijacked and injected with counterfeit video.

Continue reading →

Thanks to the huge volume of stolen credentials now available online, credential stuffing has become a major issue for the retail industry.

A new report from edge platform specialist Akamai shows that hackers directed credential abuse attempts at retail sites more than 10 billion times from May to December last year.

Continue reading →

It's useful for security and risk leaders to know their industry's security performance standards and be able to perform peer and sector-wide security benchmarking. But the information to be able to do that isn't always easily available.

Security ratings company BitSight is launching a new Peer Analytics feature on its platform that allows the comparison of security performance across global organizations.

Continue reading →

Multi-factor authentication specialist Veridium is launching a new behavior analytics feature to better protect user identities and prevent malicious activity.

Incorporated in the VeridiumID authentication platform, InMotion increases the reliability of all native biometrics for authentication by pairing behavioral data captured on smartphones with users' biometrics, making it more difficult for malicious actors to spoof their fingerprints or faces to gain access to accounts.

Continue reading →

New research into consumer trust and spending habits by contact center payment security company PCI Pal shows 62 percent of Americans report that they will stop spending with a brand for several months following a hack or breach, versus 44 percent of Brits.

But when the British do react they do so for the long term, 41 percent of British consumers never return to a brand after a hack compared to only 21 percent of Americans.

Continue reading →

Cloud-based business initiatives are accelerating faster than security organizations' ability to secure them according to 60 percent of respondents to a new survey.

The study by network security company FireMon also finds that in many cases security personnel are not even included in cloud business initiatives.

Continue reading →

Social media-enabled cybercrimes are generating at least $3.25 billion in global revenue annually according to a new report.

The study released by virtualization-based security company Bromium and  researched and written by Dr Mike McGuire, senior lecturer in criminology at the University of Surrey, looks at the range of techniques used by cybercriminals to exploit trust and enable rapid infection across social media.

Continue reading →

Huawei may well be causing excitement with its foldable smartphone, the Mate X, but the company's troubles in the US continue. The American government has already banned the use of some Huawei equipment, including in 5G networks, and there are now calls for the shunning of the Chinese company to spread to the US power grid.

Although Huawei has remained defiant in the face of sanctions by the US, the Senate Intelligence Committee has now written to the Departments of Homeland Security and Energy, calling on them to block the company's network-connected hardware from being used in the electrical grid.

Continue reading →

An increasingly common -- and frankly rather annoying -- feature of many commercial websites is the little chat box that pops up in the bottom right corner and asks if you need any help.

Security researcher Michael Gillespie has revealed that an Office 365 phishing site is using this live support technique to give its page an air of legitimacy.

Continue reading →

Sites based on the CMS Drupal are at risk from a remote code execution flaw which has been classed as "highly critical". Site owners are being urged to install updates to ensure they are protected.

The security flaw -- CVE-2019-6340 or SA-CORE-2019-003 -- affects Drupal 8.5.x and 8.6.x but there are certain conditions that must be met in order for a site to be vulnerable.

Continue reading →

As enterprises continue the shift towards mobile devices there's concern that the risks could begin to outweigh the benefits.

Mobile security specialist Wandera has released a new report on the mobile threat landscape which looks at the risks faced by enterprise mobile users.

Continue reading →

According to a new survey 83 percent of security professionals believe that employees have accidentally exposed sensitive customer or business data at their organization.

The study from data protection specialist Egress also finds that accidental data breaches are often compounded by a failure to encrypt data prior to it being shared -- both internally and externally.

Continue reading →