Security

Question and answer site Quora has revealed that its user data has been compromised as a result of unauthorized access to its systems by a 'malicious third party'.

The breach occurred on Friday and Quora is still investigating the causes. It has taken the step of logging out all users who may have been affected and forcing them to reset their passwords. It also says it will continue to make security improvements.

Cyberattacks are a global epidemic today. They target organizations, critical infrastructure, and governments around the world with timely, sophisticated attacks. Examples of this include ransomware attacks like Petya and WannaCry. These put some of the world’s most critical functions on hold for a while.

Another example was the Equifax data breach that affected about 143 million Americans. With the persistence of these attacks many people believe that by 2021 cybercrime will cause $6 trillion in damages.

Netgear's Arlo cameras are so popular, that earlier this year, the brand was spun into its own publicly traded company (Arlo Technologies). The success of Arlo is hardly a secret -- it offers quality products that people like. What a crazy concept!

Today, Arlo announces an impressive outdoor wireless camera (that can also be used indoors). Called "Arlo Ultra," it offers 4K video streaming and recording. The weather-resistant UHD camera comes with the new Arlo SmartHub -- a wireless hub that serves as a range extender, but also, has a micro SD card slot for saving 4K video clips locally. Arlo Ultra comes with a free year of the Smart Premier cloud service, but it will only allow 1080p video saves without shelling out an additional annual fee.

Marriott International has revealed that its Starwood Hotel reservation database has been hacked. An investigation carried out by the company revealed that hackers have had unauthorized access to the Starwood network since 2014.

The astonishing revelation means that information of half a billion guests could have been exposed -- including sensitive personal data such as home address and passport number -- and Marriott says there is evidence that data has been copied from its network.

Cybercriminals are just as keen to exploit the holiday shopping boom as anyone else, with DDoS attacks on eCommerce providers increasing by over 70 percent on Black Friday compared with other days in November. On Cyber Monday, attacks increased by 109 percent compared with the November average.

Cloud anti-DDoS company Link11 has released data showing several attacks observed during Black Friday and Cyber Monday were of up to 100 Gbps bandwidth, and the average attack volume on both days was just under 6Gbps.

There are many annoyances associated with owning a computer -- spam emails, phishing attacks, viruses and online advertising to name but a few -- but technical support scams are among the most worrying. They take advantage of people's ignorance and/or better natures, posing as tech support operatives from big companies over the phone.

Being one of the best-known technology companies in the world, it's little surprise that a huge number of these tech support scams purport to be Microsoft calling to offer help with computer problems. Such scams are responsible for conning people out of large amounts of money, but progress has been made in India where -- following reports from Microsoft -- arrests have been made at a number of call centers.

Americans are more worried about a cyberattack disrupting the financial and banking system than attacks against hospital/emergency services, voting systems or power grid/energy supply companies.

This is among the findings of a survey by ESET to mark National Critical Infrastructure Security and Resilience Month, which surveyed 1,500 Americans to discover their views on critical infrastructure attacks.

Dell has announced that it has instigated a mandatory password reset for customers after it suffered a cyberattack earlier in the month.

In a statement, the company confirmed that its network had been subject to "unauthorized activity" on November 9 in which attackers tried to gain access to customer information. Dell says that data was limited to names, email addresses and hashed passwords, adding there is "no conclusive evidence" that data was extracted. The forced password reset is described as a measure to "limit the impact of any potential exposure".

An anti-fraud operation led by the FBI has succeeded in disrupting a scam that has seen cybercriminals using botnets to manipulate internet traffic from 1.7 million IP addresses and generate nearly 30 million dollars in fraudulent ad revenue.

The ad fraud ring, known as '3ve' had been operating for a number of years and built two different botnets by spreading Kovter and Boaxxe malware to individuals through spam emails and drive-by downloads.

It's two years since international forces interfered with the security of the US elections. However, with the US midterm elections behind us and the presidential elections ahead, vulnerabilities in the country’s voting infrastructure still remain.

Simply put, it's not hard to hack into US voting systems. Don't believe it? Just ask the 11-year old who hacked a replica of the Florida election website to change results in under 10 minutes. We might not have seen widespread cyberattacks on the day of the midterms, but as we saw multiple opportunities for hacking and disruption in the run up, the presidential elections are already at risk.

Businesses should expect to see a spike in potential cyberattacks starting with Black Friday and Cyber Monday and continuing throughout the holiday shopping season, according to a new report.

The report from predictive security specialist Carbon Black shows that global organizations encountered a 57.5 percent increase in attempted cyberattacks during the 2017 holiday shopping season.

As more and more of us rely on mobile devices to access the internet, traditional endpoint security solutions don’t always provide the protection we need.

Cybersecurity company BullGuard is partnering with VPN specilaist NordVPN  to launch a new consumer anonymity solution.

There once was a time not all that long ago when security teams could plead ignorant to IT security risks, with minimal possible consequence in terms of any significant damage coming to the company. Those days are long gone. We’ve reached an era where the "I see nothing" perspective no longer works for network security. In today’s era of advanced cyberattacks, information security is too important an element of business success to dismiss.

In fact, ignorance of information security matters is prohibitively costly, as regulators can use it to justify the imposition of fines. Take GDPR’s penalty scheme, for example. Is ignorance of digital security worth €20 million or 4 percent of an organization’s global annual revenue? That’s just one data protection standard -- others such as Australia’s Notifiable Data Breaches (NDB) scheme and the NY Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Institutions come with their own fines and penalties. Given that we’re also in the era of insufficient resources, the challenge for security teams is how to deploy limited resources to have the greatest impact. As the title of this post makes clear, the obvious answer is to stop spending time on the wrong things.

If you're an Amazon customer you may have received a rather strange email this morning. It states that the company has, "...inadvertently disclosed your name and email address due to a technical error."

It then goes on to say, "The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action."

In Europe DDoS attack volumes have increased sharply during the third quarter 2018 according to a new report.

The report from DDoS protection specialist Link11 shows the average attack volume more than doubled in July, August and September, to 4.6 Gbps (up from 2.2 Gbps in Q2).