Articles about Security

Marriott International has revealed that its Starwood Hotel reservation database has been hacked. An investigation carried out by the company revealed that hackers have had unauthorized access to the Starwood network since 2014.

The astonishing revelation means that information of half a billion guests could have been exposed -- including sensitive personal data such as home address and passport number -- and Marriott says there is evidence that data has been copied from its network.

Continue reading →

Cybercriminals are just as keen to exploit the holiday shopping boom as anyone else, with DDoS attacks on eCommerce providers increasing by over 70 percent on Black Friday compared with other days in November. On Cyber Monday, attacks increased by 109 percent compared with the November average.

Cloud anti-DDoS company Link11 has released data showing several attacks observed during Black Friday and Cyber Monday were of up to 100 Gbps bandwidth, and the average attack volume on both days was just under 6Gbps.

Continue reading →

There are many annoyances associated with owning a computer -- spam emails, phishing attacks, viruses and online advertising to name but a few -- but technical support scams are among the most worrying. They take advantage of people's ignorance and/or better natures, posing as tech support operatives from big companies over the phone.

Being one of the best-known technology companies in the world, it's little surprise that a huge number of these tech support scams purport to be Microsoft calling to offer help with computer problems. Such scams are responsible for conning people out of large amounts of money, but progress has been made in India where -- following reports from Microsoft -- arrests have been made at a number of call centers.

Continue reading →

Americans are more worried about a cyberattack disrupting the financial and banking system than attacks against hospital/emergency services, voting systems or power grid/energy supply companies.

This is among the findings of a survey by ESET to mark National Critical Infrastructure Security and Resilience Month, which surveyed 1,500 Americans to discover their views on critical infrastructure attacks.

Continue reading →

Dell has announced that it has instigated a mandatory password reset for customers after it suffered a cyberattack earlier in the month.

In a statement, the company confirmed that its network had been subject to "unauthorized activity" on November 9 in which attackers tried to gain access to customer information. Dell says that data was limited to names, email addresses and hashed passwords, adding there is "no conclusive evidence" that data was extracted. The forced password reset is described as a measure to "limit the impact of any potential exposure".

Continue reading →

An anti-fraud operation led by the FBI has succeeded in disrupting a scam that has seen cybercriminals using botnets to manipulate internet traffic from 1.7 million IP addresses and generate nearly 30 million dollars in fraudulent ad revenue.

The ad fraud ring, known as '3ve' had been operating for a number of years and built two different botnets by spreading Kovter and Boaxxe malware to individuals through spam emails and drive-by downloads.

Continue reading →

It's two years since international forces interfered with the security of the US elections. However, with the US midterm elections behind us and the presidential elections ahead, vulnerabilities in the country’s voting infrastructure still remain.

Simply put, it's not hard to hack into US voting systems. Don't believe it? Just ask the 11-year old who hacked a replica of the Florida election website to change results in under 10 minutes. We might not have seen widespread cyberattacks on the day of the midterms, but as we saw multiple opportunities for hacking and disruption in the run up, the presidential elections are already at risk.

Continue reading →

Businesses should expect to see a spike in potential cyberattacks starting with Black Friday and Cyber Monday and continuing throughout the holiday shopping season, according to a new report.

The report from predictive security specialist Carbon Black shows that global organizations encountered a 57.5 percent increase in attempted cyberattacks during the 2017 holiday shopping season.

Continue reading →

As more and more of us rely on mobile devices to access the internet, traditional endpoint security solutions don’t always provide the protection we need.

Cybersecurity company BullGuard is partnering with VPN specilaist NordVPN  to launch a new consumer anonymity solution.

Continue reading →

There once was a time not all that long ago when security teams could plead ignorant to IT security risks, with minimal possible consequence in terms of any significant damage coming to the company. Those days are long gone. We’ve reached an era where the "I see nothing" perspective no longer works for network security. In today’s era of advanced cyberattacks, information security is too important an element of business success to dismiss.

In fact, ignorance of information security matters is prohibitively costly, as regulators can use it to justify the imposition of fines. Take GDPR’s penalty scheme, for example. Is ignorance of digital security worth €20 million or 4 percent of an organization’s global annual revenue? That’s just one data protection standard -- others such as Australia’s Notifiable Data Breaches (NDB) scheme and the NY Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Institutions come with their own fines and penalties. Given that we’re also in the era of insufficient resources, the challenge for security teams is how to deploy limited resources to have the greatest impact. As the title of this post makes clear, the obvious answer is to stop spending time on the wrong things.

Continue reading →

If you're an Amazon customer you may have received a rather strange email this morning. It states that the company has, "...inadvertently disclosed your name and email address due to a technical error."

It then goes on to say, "The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action."

Continue reading →

In Europe DDoS attack volumes have increased sharply during the third quarter 2018 according to a new report.

The report from DDoS protection specialist Link11 shows the average attack volume more than doubled in July, August and September, to 4.6 Gbps (up from 2.2 Gbps in Q2).

Continue reading →

The number of reported vulnerabilities in 2018 is seven percent down on the same period last year, according to a new report from Risk Based Security.

It's not all good news though, as 24.9 percent of 2018's reported vulnerabilities currently have no known solution which is a reminder that, while patching is very important, it can't be relied on exclusively as a remedy.

Continue reading →

In the last few years APIs have become a critical enabler of digital transformation for businesses across all sectors.

Cybersecurity company Ping Identity has surveyed more than 100 security and IT professionals to determine their concerns surrounding the increased use of APIs.

Continue reading →

Startpage.com is a privacy-focused alternative to the likes of Google (although the search results are provided by Google -- minus all the ads and stripped of tracking), and the search engine has just relaunched with a new look and new features. The visual changes will be apparent to anyone who has used the site before, but for anyone who is concerned about their online privacy, it is new options such as Anonymous View that will be of greater interest.

This new feature makes it possible to visit websites completely privately, essentially using Startpage.com as a proxy. Importantly, this extra level of privacy and protection does not come at the expense of speed, meaning you can browse the web anonymously without compromise.

Continue reading →