Articles about Security

Risk management specialist Focal Point Data Risk, has released its latest Cyber Balance Sheet Report showing that wider awareness of risks -- including third-party data breaches, ransomware and geopolitical conflicts -- spurs more security dialogue in the boardroom.

However, C-Suite and security leaders still struggle to frame risk in productive decision-making terms and keep an eye on whether companies are operating within an acceptable level of risk.

Continue reading →

Moving to digital transformation means that companies frequently have a host of vendors, suppliers, providers, and subsidiaries, all connected to their network or data and each with the potential to publicly expose customer information, intellectual property, or heavily regulated data.

Without continuous insight into these other networks third-party risks can be hard to assess, leaving businesses open to the possibility of data breaches.

Continue reading →

A new report from AlienVault, based on findings from vendors' threat reports in its Open Threat Exchange (OTX) platform, reveals more non-Microsoft exploits are in the top 10 list this year.

This is largely due to a rise of server attacks, particularly cryptocurrency-mining botnets that use remote exploits, such as Drupal. The report also sees an IoT exploit make the list for the first time.

Continue reading →

With passwords increasingly being seen as insufficient to properly secure access to websites, more and more companies are turning to two-factor authentication.

New research from digital identity management experts Dashlane looks at how some of the biggest consumer websites are protecting their users. It looks at 17 of the UK’s most popular sites and finds only four get top marks for their 2FA offerings.

Continue reading →

Implanted brain stimulation devices are used by scientists to explore how memories are created in the brain. New research shows that vulnerabilities mean they could be be targeted in future to steal personal information, alter or erase memories or cause physical harm.

Sound like science fiction? Researchers from Kaspersky Lab and the University of Oxford Functional Neurosurgery Group have used practical and theoretical analysis to explore the very real vulnerabilities that could exist in implanted devices used for deep brain stimulation.

Continue reading →

The British Airways breach earlier this year affected around 380,000 customers and resulted in the theft of data including personal and financial details.

The threat research team at Securonix has taken an in-depth look at the breach and the Magecart threat actor behind it, to uncover how it was carried out and offer tips to mitigate and prevent future attacks.

Continue reading →

An "incorrect command-line parameter validation" vulnerability in X.Org server makes it possible to escalate privileges as well as overwrite files. The problem affects Linux and BSD distributions using the open source X Window System implementation.

The vulnerability has been present for a couple of years, but has been brought to light by security researcher Narendra Shinde. Unpatched system can be exploited by non-root users if X server is running with elevated privileges.

Continue reading →

Google may have pulled out of the Pentagon's $10 billion JEDI cloud project, but Microsoft has no intention of following suit. Company president Brad Smith has used a blog post to defend the decision to bid for military contracts, despite pressure from its employees.

Smith recognizes that there are ethical concerns about getting involved in military projects, particularly when artificial intelligence technology is involved. However, he says: "we believe in the strong defense of the United States and we want the people who defend it to have access to the nation's best technology, including from Microsoft".

Continue reading →

According to research from Kaspersky Lab, 86 percent of CISOs believe that breaches are inevitable, but too many are stuck in a vicious circle of risk.

Financially motivated criminal gangs (40 percent) and malicious insider attacks (29 percent) are the biggest risks to their businesses, and these are the threats that are extremely difficult to prevent, either because they are launched by 'professional' cybercriminals or because they are assisted by employees who are expected to be on the right side.

Continue reading →

You've no doubt heard of Ring -- there’s near constant ads for it on TV these days, some featuring Shaquille O’Neal.

Ring became famous for its video doorbell that shows you who is outside, without you needing to open the door. The company has since expanded into video security cameras and full security systems, complete with camera, doorbell, sensors and all. Coverage runs you $10 per month, much cheaper than the big names that tend towards $30.

Continue reading →

One of the problems with buying an Android phone over an iPhone is the fact that you don't know how long you can expect to receive updates. There has long been criticism of the fact that many Android handsets are quickly abandoned while Apple pushes out iOS updates for a number of years.

We've heard suggestions that Google might start requiring handset manufacturers to provide updates for a minimum period, and now it seems that this has indeed been mandated. A leaked copy of a contract between Google and OEMs shows that there is now a requirement to release security updates -- or face the consequences.

Continue reading →

While people are still excited about Internet of Things technology, many are delaying buying over concerns about privacy and security.

A new survey from cyber security company F-Secure shows that 63 percent of early adopters are looking to purchase new devices, but 50 percent have delayed an IoT purchase because of security concerns.

Continue reading →

New research finds that that 83 percent of consumers will stop spending with a business for several months in the immediate aftermath of a security breach or a hack.

More than a fifth (21 percent) will never return to a brand or a business post-breach, representing a significant loss of revenue, according to the study from secure payments provider PCI Pal.

Continue reading →

Insecure and outdated web applications are a core source of high-profile data breaches among FT 500 global companies according to new research from web security company High-Tech Bridge.

The study reveals that abandoned, shadow and legacy web applications more or less nullify corporate cybersecurity spending and undermine compliance.

Continue reading →

It seems not a day goes by without a new cloud data breach making headlines. And though the victims change, the attack details remain the same. Why do organizations keep repeating the same cloud security mistakes? And how can we break free from this vicious cycle?

We spoke to Zach Malone, security engineer at security management specialist FireMon, who discusses these issues and tells us why, to identify the biggest threat to cloud security, we need to look in the mirror.

Continue reading →