Articles about Security

People are often the weakest link in the IT security chain and hackers are keen to exploit this with ever more sophisticated attacks.

Predictive email defense specialist Vade Secure is launching a new anti-phishing solution that helps security operations centers identify and block targeted phishing attacks.

Continue reading →

According to a new study, 75 percent of people admit to reusing passwords across accounts, including work and personal, compared to 56 percent who admitted to doing so in 2014.

The Market Pulse Survey by identity management specialist SailPoint shows that digital transformation efforts are leading to increasingly complex IT environments for businesses and employees to manage securely.

Continue reading →

Cloudflare has just made it a whole lot easier to hide your mobile browsing from your ISP -- and access content that might otherwise be unavailable. The company has launched a 1.1.1.1 app for smartphone users, making it incredibly easy to switch between DNS services with a couple of taps; what amounts to a free VPN tool.

Earlier in the year, Cloudflare launched its 1.1.1.1 DNS service to bring privacy and speed, but it was a little off-putting to users unfamiliar with tinkering with such settings. With the launch of 1.1.1.1 for iOS and Android, the process is much, much simpler -- and the app and the service itself are free.

Continue reading →

A new survey of cybersecurity decision-makers shows that most companies lack adequate safeguards against phishing threats and many don't fully understand the risks or how widespread the threat is.

The survey from phishing site detection company SlashNext reveals that 95 percent of respondents underestimate how frequently phishing is used at the start of attacks to successfully breach enterprise networks.

Continue reading →

In the final quarter of 2018, the number of reported breaches is down by eight percent and the number of exposed records is down around 49 percent, from seven billion in 2017.

The latest Data Breach QuickView report from Risk Based Security shows that seven breaches exposed 100 million or more records with the 10 largest breaches accounting for 84.5 percent of the records exposed this year to date.

Continue reading →

A security researcher has not only discovered a vulnerability in the virtualization tool VirtualBox, but has released details of the exploit and a step-by-step guide to the zero-day vulnerability.

Russian exploit developer Sergey Zelenyuk found a way to break out of VirtualBox's virtual environment and he chose to go public with the vulnerability because of his displeasure at the "contemporary state of infosec, especially of security research and bug bounty". Having told Oracle about the problem, he also tired of the "delusion of grandeur and marketing bullshit" he experienced in the infosec community.

Continue reading →

In a move to better protect accounts, banks, retailers and service providers are increasingly looking to methods of authentication beyond the password.

Behavioral analytics specialist BehavioSec is launching an updated version of its platform, allowing it to detect the suspicious use of attack obfuscation techniques, including the use of VPNs and TOR-routed traffic during login attempts and sessions.

Continue reading →

Enterprises identify 870 unique vulnerabilities on their systems every day, on average. Of those, more than 100 are rated as critical on the common vulnerability scoring system (CVSS) according to a new report.

The Vulnerability Intelligence Report from cyber risk company Tenable is based on analysis of anonymized data from 900,000 vulnerability assessments across 2,100 enterprises.

Continue reading →

Storing files in the cloud means they are easily accessible from anywhere, but if you have private data that you can’t afford to fall into the wrong hands, this might not be the best option for you, especially given the number of data breaches we see on a regular basis.

An alternative option is to carry those files with you on a USB flash drive, protecting them with encryption. While software encryption methods are better than nothing, a hardware encrypted solution, like the Aegis Secure Key 3NX, is a much more advisable choice.

Continue reading →

Despite almost half of US consumers (49 percent) believing their security habits make them vulnerable to information fraud or identity theft, 51 percent admit to reusing passwords and PINs across multiple accounts.

According to a new fraud awareness survey by information destruction company Shred-it, 39 percent of consumers have been a victim of fraud or identity theft, and 27 percent admit that they don't know how to find out if they've become a victim.

Continue reading →

Ever wondered how much your life might be worth? If we're talking about the digital world then the answer might be, 'not very much.'

Cybercriminals could sell your complete digital life, including social media accounts, banking details, app data, gaming accounts, and even remote access to servers or desktops, for as little as $50.

Continue reading →

Security researchers claim to have unearthed a zero-day vulnerability in Microsoft Edge. The remote code execution is due to be revealed with a proof-of concept.

Microsoft has not yet been informed about the details of the security issue, but exploit developers had been looking for a way to break Edge out of its sandbox -- and it would appear that this objective has now been achieved.

Continue reading →

Given the increase in both frequency and complexity of cyberattacks today, it's no surprise that security is coming to the forefront across industries.

While people often view cybersecurity as hackers trying to steal data, threats can impact more than just traditional data loss. With new technologies like edge computing emerging, we need to start thinking about protecting physical infrastructure in addition to data at the edge.

Continue reading →

Google has made a change to its account sign in process that means you now have to have JavaScript enabled.

The change, which has been introduced for Cybersecurity Awareness Month, is part of a security process which Google says protects you "before you even sign in". While the vast majority of people will have JavaScript enabled, the new policy will still affect a number of users.

Continue reading →

Nearly two-thirds of all advanced email attacks used emails impersonating Microsoft or Amazon, according to new research by Agari, the email protection specialist.

Microsoft was impersonated in 36 percent of all display name impersonation attacks in the third quarter. Amazon was the second most commonly impersonated company, used in 27 percent of these attacks.

Continue reading →