Articles about Security

Over half of small business executives are convinced their business is not a target for cybercriminals, according to a new report.

The study from consulting and managed services company Switchfast also shows that 31 percent of senior management employees shared the password to their work email with another co-worker, while only 18 percent of associates have.

Continue reading →

Earlier in the year it was revealed that a security flaw made it possible to determine not only the location, but also the HIV status of Grindr users. Months down the line, Grindr is still exposing the precise location of its users by failing to block third-party access to a private API.

Using a trilateration technique, and exploiting the fact that Grindr lets users know -- with some degree of accuracy -- how far away they are from others, it is very easy for just about anyone to build a tool that shows precise locations.

Continue reading →

In North America 32 percent of data breaches have resulted in a C-level manager, president or CEO losing their job, according to new research.

The study from Kaspersky Lab shows that 42 percent of businesses worldwide experienced at least one data breach in the last year. When a data breach occurs it not only results in a costly recovery burden, now put at $1.23 million on average, but it can also impact the company's reputation, customer privacy, and even severely impact employees' careers.

Continue reading →

Researchers at cyber security company F-Secure have discovered a weakness in modern computers' firmware that attackers can use to steal encryption keys and other sensitive information.

Physical access to the computer is needed to exploit the weakness, but once an attacker has gained this they can successfully perform the attack in around five minutes.

Continue reading →

Users of the Kodi media center may already know that the Netherlands-based repository for third-party add-ons, XvBMC, was recently shut down due to copyright violations.

Researchers at security company ESET have discovered that the repository was also part of a malicious cryptomining campaign dating back to December 2017. This is the second instance of Kodi being used for cryptojacking this year.

Continue reading →

As email security solutions focus on detecting malware, cybercriminals are now adapting their attacks, exposing organizations to more malware-less assaults such as CEO fraud.

The report by intelligence-led security company FireEye is based on analysis of a sample set of over half-a-billion emails from the first half of 2018. It finds only 32 percent of email traffic seen was considered 'clean' and actually delivered to an inbox. The report also finds that one in every 101 emails had malicious intent.

Continue reading →

Unwanted and scam phone calls are an increasing problem. Analysis by call management company First Orion predicts that nearly half of all calls to mobile phones in the US will be fraudulent in 2019 unless the industry adopts and implements more effective call protection solutions.

Over the past year, First Orion's data shows a drastic increase in scam calls -- from 3.7 percent of total calls in 2017 to 29.2 percent in 2018 -- and that number is projected to reach 44.6 percent by early 2019.

Continue reading →

Three quarters of IT security professionals responding to a new survey have named improving endpoint security as one of their top two goals, with 48 percent saying it's most important.

The study by Ericom Software, a specialist in securing and connecting the digital workspace, finds 'Becoming compliant with mandatory regulations' is second, with 29 percent of respondents naming it as their top goal.

Continue reading →

A new survey finds that 58 percent of respondents believe access to their network from non-corporate and personally owned devices such as laptops, desktops or mobile phones is the highest risk in managing remote users.

The study from trusted access specialist Duo Security shows that while the trend to remote working has created unmatched flexibility and helped organizations attract top talent globally, it has also introduced a major predicament for IT and security teams.

Continue reading →

It recently came to light that a number of apps in the mac App Store were collecting data about users' browsing histories and uploading them to a remote server. Included in this list were several apps from security firm Trend Micro.

Apple responded by kicking the offending apps out of the App Store, and Trend Micro started an investigation into the privacy concerns raised about Dr Cleaner, Dr Cleaner Pro, Dr Antivirus, Dr Unarchiver, Dr Battery and Duplicate Finder. Confirming that these apps did in fact collect and upload browser data, the company at first defended the activity, but then went on to cease data collection.

Continue reading →

It's just two weeks since a Windows 0-day was revealed on Twitter, and now the same thing has happened for the Tor browser. Zerodium -- self-described as "the premium exploit acquisition program" -- exposed a backdoor vulnerability in Tor that makes it possible to bypass security protections.

The vulnerability affects Tor 7, and the vendor says that the problem has been addressed in the recently-released Tor 8. A proof-of-concept for the security has also been published.

Continue reading →

Hackers are increasingly abusing public cloud services in order to launch DDoS attacks, according to new research.

The study from anti-DDoS company Link11 shows that a quarter of all DDoS attacks in Europe in the 12 months from July 2017 to June 2018 used public cloud server-based botnets, compared to 18.5 percent in the previous 12 months.

Continue reading →

Microsoft has published documentation that reveals how is classifies the severity of vulnerabilities in Windows, as well as detailing how it decides whether problems should be addressed with a security patch or in the next version of Windows.

The first batch of documentation shows for the first time how Microsoft defines "the criteria around security boundaries, features and mitigations in Windows". In releasing details of its severity classifications -- something known as the bug bar -- the company says that it is offering a "new level of transparency with the research community and our customers".

Continue reading →

Analysis by password manager company Dashlane shows that with the football season getting underway team names are frequently used as passwords.

Researchers focused on team names from the National Football League and the English Premier League, using an anonymized database provided by Gang Wang, an assistant professor in the Department of Computer Science at Virginia Tech.

Continue reading →

Industry increasingly relies on automated systems for the control of processes, but a new report from Kaspersky Lab shows that 41.2 percent of industrial control systems (ICS) computers were attacked by malicious software at least once in the first half of this year.

Based on analysis of systems protected by Kaspersky Lab solutions, the data shows that in 2017, the percentage of ICS computers attacked was 36.61 in the first half of the year and 37.75 in the second half.

Continue reading →