Articles about Security

The adoption of the cloud and as-a-service delivery models means that the company network, which was once a closed environment, has now expanded into a range of other areas.

Alongside this expansion comes a new range of risks and a new study from cloud-delivered security specialist ProtectWise in conjunction with Osterman Research looks at the latest network security challenges and how they are being met.

Continue reading →

Mozilla has partnered with Troy Hunt -- the brain behind data compromise checking service Have I Been Pwned -- to create its own data breach notification service. Called Firefox Monitor, the free service lets users check if any of their email accounts or personal data have been involved in data breaches.

More than this, Firefox Monitor can also keep an eye out for future data breaches and notify those who have signed up whether their data has been affected.

Continue reading →

Cryptocurrency mining malware has seen an increase of 86 percent in the second quarter of 2018, according to a new report from McAfee Labs.

After gaining ground the fourth quarter of 2017 to around 400,000 samples, new cryptomining malware samples grew a stunning 629 percent to more than 2.9 million in Q1 of 2018. This trend has continued in with more than 2.5 million new samples detected.

Continue reading →

Protecting data in the cloud and ensuring compliance with rules and regulations is a complex task. The adoption off SaaS applications like Office 365 makes it even more so.

Symantec is launching an enhanced version of its Data Loss Prevention technology to protect data in Office 365 and allow users to safely share it internally as well as with partners and contractors.

Continue reading →

Use of known vulnerable open source components has increased by 120 percent over the last year and 62 percent of organizations say they have no meaningful control over OSS components, according to a new study.

Sonatype's fourth annual State of the Software Supply Chain Report shows that open source continues to be a key driver of innovation -- with software developers downloading more than 300 billion open source components in the past 12 months. However, hackers are exploiting this growing trend, and even beginning to inject vulnerabilities directly into open source projects.

Continue reading →

Messaging systems like Skype, Slack, Telegram and others are increasingly used by both individuals and businesses. But how do you know the person you're talking to is who they say they are?

A new product from biometric solutions company ID R&D offers multi-layer continuous authentication across messaging platforms without any impact on the user experience.

Continue reading →

A security researcher has developed an attack that exploits a Firefox bug, making it possible to crash the web browser.

Sabri Haddouche used his Browser Reaper website to share a live test version of the exploit -- the site is also home to exploits for Chrome and Safari. The Firefox attack uses JavaScript to crash or freeze the browser, with the effect of the exploit depending on whether the browser is running on Linux, Windows or macOS.

Continue reading →

Small businesses are just as vulnerable to cyber threats as larger ones, but often they have few resources to devote it IT security.

With the launch of its next generation of Kaspersky Small Office Security, Kaspersky Lab aims to offer smaller businesses protection from cybercrime without the need for technical cybersecurity expertise or regular hands-on administration.

Continue reading →

A new report from risk rating organization SecurityScorecard finds that the retail industry is the second lowest performer in terms of application security.

SecurityScorecard continually monitors more than 200,000 businesses across the world and the report compares the average grade of the retail industry to other vertical markets.

Continue reading →

Just 15 lines of code was all it took for hackers to hijack the checkout of online retailer Newegg. The month-long attack took the form of a huge card skimming operation and is believed to have been carried out by the same group that was responsible for hacking both British Airways and Ticketmaster recently -- Magecart.

The hackers inserted car-skimming code into Newegg's payment page, and this script remained in place between August 14 and September 18. It is not known how many people may have been affected by the incident, but with millions of visitors each month, the numbers are potentially huge.

Continue reading →

When it comes to upgrading an operating system, home users have plenty of flexibility. Whether running Windows, Mac, or a Linux-based OS, moving to the latest and greatest should be a fairly uneventful affair. For businesses, however, bleeding edge is hardly ideal. After all, companies use their computers to make money -- there is no room for downtime due to upgrade issues. In other words, if it isn't broken, don't fix it. This is why many in the corporate world still run Windows 7.

Of course, staying on an older operating system can be problematic as well. As long as the OS is supported, you are golden. To run an operating system that no longer gets security updates is pure madness, though. Luckily, if you need to run an unsupported operating system, some maintainers, such as Canonical and Microsoft, will still support you -- if you pay up. For example, next year, Ubuntu 14.04 will reach end of life, so today, Canonical announces its Extended Security Maintenance (ESM) plans.

Continue reading →

Cybersecurity company ESET has discovered six fake banking and personal finance apps on the Android store. The apps had been installed more than 1,000 times total before being taken down by Google.

ESET believes all of the apps are the work of a single attacker. They have impersonated six banks from New Zealand, Australia, the United Kingdom, Switzerland and Poland, and the Austrian cryptocurrency exchange Bitpanda.

Continue reading →

A new report from cloud delivery company Akamai reveals that the financial services industry has become a prime target for credential stuffing botnets.

Between May and June 2018, Akamai detected more than 8.3 billion malicious login attempts. However, many botnets attempt to remain in stealth mode for as long as possible.

Continue reading →

A survey of more than 400 full-time employees in the US shows that, despite having a general understanding of security risks, people still tend towards unsafe behavior.

The study by Spanning Cloud Apps finds many are under-prepared for the increasing sophistication and instance of ransomware and phishing attacks. More than half (55 percent) admit to clicking links they don't recognize, 59 percent say they would allow a colleague to use their work computer and 34 percent are unable to identify an insecure eCommerce site.

Continue reading →

Privileged access management specialist Thycotic has released the results of its latest survey, conducted at this year's Black Hat, on hackers' perspectives on vulnerabilities and the attack vectors they find easiest to exploit.

It shows that 50 percent of hackers surveyed -- 70 percent of whom describe themselves as ethical -- say they easily compromised both Windows 10 and Windows 8 within the past year.

Continue reading →