Security

An increasingly common -- and frankly rather annoying -- feature of many commercial websites is the little chat box that pops up in the bottom right corner and asks if you need any help.

Security researcher Michael Gillespie has revealed that an Office 365 phishing site is using this live support technique to give its page an air of legitimacy.

Sites based on the CMS Drupal are at risk from a remote code execution flaw which has been classed as "highly critical". Site owners are being urged to install updates to ensure they are protected.

The security flaw -- CVE-2019-6340 or SA-CORE-2019-003 -- affects Drupal 8.5.x and 8.6.x but there are certain conditions that must be met in order for a site to be vulnerable.

As enterprises continue the shift towards mobile devices there's concern that the risks could begin to outweigh the benefits.

Mobile security specialist Wandera has released a new report on the mobile threat landscape which looks at the risks faced by enterprise mobile users.

According to a new survey 83 percent of security professionals believe that employees have accidentally exposed sensitive customer or business data at their organization.

The study from data protection specialist Egress also finds that accidental data breaches are often compounded by a failure to encrypt data prior to it being shared -- both internally and externally.

If you're a user of WinRAR -- a staple tool for decompressing files whose popularity stems from not only its support for RAR files, but also its never-ending trial period -- it's time to ensure you have the latest security patch installed.

Security experts from Check Point Research have revealed details of a serious bug that has been present in the software for at least 14 years. The archiving tool was found to have a vulnerability in one of its .dll files, which could be exploited by simply opening a compressed file, and allows an attacker to "gain full control over a victim's computer".

Faced with continued criticism about privacy, Facebook is rolling out an update to Android users that gives a greater degree of control over the sharing of location data with the social network.

Specifically, the update makes it possible to stop Facebook from using tracking your location in the background when you are not using the app. The change brings parity to the iOS and Android Facebook apps.

Employees and contractors are exposing confidential and sensitive information online and in the cloud in some 98 percent of organizations. This is found primarily in Dropbox, Google, and Microsoft SharePoint.

This is among the findings of a new report from insider threat specialist Dtex Systems which has analyzed information from work-issued endpoints and more than 300,000 employee and contractor accounts.

Now in its fifth year, the GitHub Security Bug Bounty has been updated to offer larger rewards to those who find bugs. At the same time, the scope of the program is being expanded and protections for researchers have been added through new Legal Safe Harbor terms.

As well as expanding the program to cover any of its "first-party services", GitHub has effectively removed any upper limit on the size of reward pay-outs for critical bugs.

The latest Symantec Annual Threat Report reveals that cybercriminals are continuing to follow the money, but as ransomware and cryptojacking show falling returns they are turning to other techniques.

One of these is formjacking -- essentially virtual ATM skimming -- where cybercriminals inject malicious code into retailers' websites to steal shoppers' payment card details.

Microsoft has revealed that it detected various attacks by Russian hackers targeting democratic groups in Europe. The company says that numerous attacks carried out between September and December 2018 can be linked to a group known as Strontium.

Also known as Fancy Bear, the group is a cyber espionage outfit with ties to Russian intelligence agencies. At the same time as revealing some details of the attacks, Microsoft also announced the expansion of its AccountGuard security program to more European countries ahead of European Parliament elections.

The first release for 2019 of the Debian-based Linux distro Kali Linux is now available for download. Kali Linux 2019.1 sees the kernel moving up to version 4.19.13, and it also includes Metasploit 5.0.

Offensive Security's penetration testing distro is much-loved by the infosec community, and this latest release includes ARM improvements, a range of bug fixes and package updates.

A few months ago we reported on a study that found half of calls to mobiles would soon be scams without more effective protection measures being introduced.

First Orion the company behind that survey is addressing the problem with the launch of a new platform that gives consumers confidence in answering calls, but also helps businesses get their legitimate communications through.

The line between information technology and operational technology is an increasingly blurred one. As companies drive towards digital transformation so OT environments increasingly interconnect with IT, resulting in a complex, sensitive and vastly expanded attack surface.

This means OT security responsibility is often moving to to the CISO. Yet traditional IT security solutions lack the ability to continuously discover and assess sensitive OT assets.

The move to accessing applications from the cloud and provisioning resources dynamically has led to organizations moving to a zero trust strategy to guard against attacks and data leaks. However, this can be hard to achieve with hybrid environments.

Secure access specialist Pulse Secure is adding Software Defined Perimeter (SDP) architecture to its platform to extends its foundation of Zero Trust access for hybrid IT.

Microsoft has announced that from the middle of July, Windows 7 and Windows Server 2008 users who want to continue to receive updates will need SHA-2 code signing support.

The change is being introduced because "the security of the SHA-1 hash algorithm has become less secure over time due to weaknesses found in the algorithm, increased processor performance, and the advent of cloud computing".