Articles about Security

When hackers hit Marriott's Starwood Hotel database last year, it was first thought that half a billion customers might be affected. This estimate was later downgraded to 383 million guests, but this is still a very large number, and it is understandable that many people are concerned that their data may have been accessed.

There was particular concern about whether passport numbers had been accessed, and this is what a new checking tool lets you check. Marriott has teamed up with security firm OneTrust to enable customers to check if their data was included in the security breach.

Continue reading →

Protecting your online privacy is important. There has been a lot of discussion in recent years about how to stay safe online, and an increasing number of people are turning to Virtual Private Networks to keep their browsing data hidden from advertisers and overzealous intelligence agencies.

However, your privacy could still be at risk even behind the protection of a VPN. There are three common vulnerabilities that can leak information about you online: WebRTC and DNS leaks which affect VPN users, and app data leaks which can affect anyone and everyone. Read on to find out more about these three types of data leak, and what steps you can take to prevent them.

Continue reading →

With growing security threats and compliance being taken seriously, companies are more aware than ever of the need to protect their data.

This means hackers must work harder to try to steal information and contact centers are in the front line. We spoke to Ben Rafferty, chief innovation officer at security and compliance specialist Semafone to find out how contact centers are under threat and what can be done to protect them.

Continue reading →

Website tags, small pieces of JavaScript code or small images, are often used to collect information about users. But they can add to load times and if misused can be a security risk too.

A new study from digital governance specialist Crownpeak reveals over 1,700 'dark web' tags found on websites belonging to companies in the Fortune 100, causing a total average website latency of 5.2 seconds.

Continue reading →

A Nigeria-based gang of scam artists, known as Scarlet Widow, have been using romance scams to trick victims out of large amounts of cash.

Secure email company Agari has uncovered the scam which involves posting fake personas on the largest dating websites like Match, eHarmony, and OKCupid.

Continue reading →

A majority of organizations are not confident in their ability to avoid major data breaches according to a new study.

The report for breach avoidance company Balbix, based on research from the Ponemon Institute, shows that 68 percent feel their staffing is not adequate for a strong cybersecurity posture and only 15 percent say their patching efforts are highly effective.

Continue reading →

A security researcher has discovered a vulnerability in Canonical's snapd package which could be exploited to gain administrator privileges and root access to affected Linux systems. The security issue has been dubbed Dirty_Sock and assigned the code CVE-2019-7304.

Chris Moberly found a privilege escalation vulnerability in the snapd API. This is installed by default in Ubuntu -- under which proofs of concept have been tested and found to work "100% of the time on fresh, default installations of Ubuntu Server and Desktop" -- but may also be present in numerous other Linux distros.

Continue reading →

The photo sharing site 500px has revealed details of a security breach that took place in mid-2018.

The company says that its engineering team only became aware of the breach -- which is thought to have taken place around July 5, 2018 -- a few days ago. 500px launched an investigation in conjunction with a third party and police, and says that "an unauthorized party gained access to our systems and acquired partial user data".

Continue reading →

According to the results of a new study, 58 percent of global consumers have yet to trade in an old mobile device, though 64 percent report they would be willing to do so if more stringent data management processes were in place.

The research by data erasure specialist Blancco shows 66 percent of respondents have some concern that data on their old devices might be accessed or compromised after trade-in.

Continue reading →

Email provider VFEmail has been hit by a huge attack that resulted in all of the data it stores in the US being wiped out.

Describing the attack as "catastrophic", VFEmail revealed that a hacker had breached its security and succeeded in deleted not only primary data systems, but also the backups. The attacker was caught in the act, and it was possible to intervene before damage was caused to servers in other countries. But for VFEmail users whose data was stored in the US, the news is far from good.

Continue reading →

The industry is constantly looking for ways to bolster login security. Multi-factor authentication and knowledge-based systems are popular but can be cumbersome, so how about using something you carry around all the time, yourself -- or indeed yourselfie?

Identity specialist Jumio is launching Jumio Authentication, a video-selfie authentication tool enabling users to verify themselves during high-risk transactions and unlock everything from online accounts to rental cars, replacing passwords on any device.

Continue reading →

More than half the code found in commercial software packages is open source, but if it isn’t properly tracked businesses might be in the dark on the number of vulnerabilities and license compliance issues that exist in their applications.

Software supply chain specialist Flexera has released a report looking into the state of open source license compliance, based on analyzing data from 134 software audits.

Continue reading →

An analysis of phishing attacks in the final quarter of 2018 reveals the majority of attacks showed an increase in target personalization, making them considerably more difficult to detect.

The study by email protection start up INKY shows 12 percent of phishing attacks in the period took the form of corporate VIP impersonations, 10 percent were sender forgery and six percent were via corporate email spoofing.

Continue reading →

The market is saturated with hundreds of security products, and companies spend billions of dollars each year on cybersecurity spend (expected to top $100 billion by 2020). Yet breaches and hacks are still in the news every day, because cybersecurity is such a tough problem. Organizations have a massive and exponentially growing attack surface -- there are a myriad of ways by which networks can be breached. Analyzing and transforming the enterprise cybersecurity posture is not a human-scale problem anymore. An enterprise vulnerability management program is the cornerstone for any modern cybersecurity initiative and helps security teams proactively understand and improve their security posture to avoid breaches and protect the business from brand and reputation damage, as well as loss of customer trust.

Understanding and acting on data output from your vulnerability assessment scanner is a critical component of your vulnerability management program. However, if your scanner is identifying vulnerabilities by the thousands every time a scan completes, your team will soon be left overwhelmed and struggling with how to proceed. Failure to address vulnerabilities in a timely manner due to the high volume of alerts is very problematic.  And of course, most of these vulnerabilities are bogus or merely theoretical. Traditional vulnerability management programs leave you drowning in data, but starving for insights.

Continue reading →

One of the keys to keeping systems secure is to effectively prioritize vulnerabilities. Given the volume, with 16,500 new vulnerabilities disclosed in 2018 alone, though this is a tough task.

To help businesses focus on the highest risks, Tenable is launching a new Predictive Prioritization tool that uses machine learning to zoom in on the three percent of vulnerabilities with the greatest likelihood of being exploited in the next 28 days.

Continue reading →