Articles about Security

British Airways has fallen victim to what it describes as a "very sophisticated" attack in which hackers stole financial data relating to hundreds of thousands of customers.

The airline revealed that hackers gained access to its systems and managed to remain undetected for two weeks. The theft of data took place between August 21 and September 5 and the attackers managed to compromise both the ba.com web site and the airline's mobile app.

Continue reading →

Security teams are constantly caught between the need to keep pace with security testing and the ability to allow developer teams to operate in a rapid DevOps environment.

To address this, application security provider WhiteHat Security is adding artificial intelligence to its dynamic application security testing solution WhiteHat Sentinel Dynamic.

Continue reading →

High numbers of alerts and the resources needed to deal with them are causing problems for security teams and leading them to turn to Security Orchestration, Automation and Response (SOAR) tools in order to cope.

A new report from security automation specialist Demisto finds teams are being inundated with more than 174,000 alerts every week and security teams are only able to review and respond to around 12,000 of them.

Continue reading →

It's a little over a week since a vulnerability in the Windows Task Scheduler was revealed. A patch for the 0-day has been released by third party security firm 0patch, but there's bad news for anyone who hasn't secure their system against the security threat -- malware writers are already taking advantage of the flaw.

The exploit was partly facilitated by the fact that the source code for a proof-of-concept exploit for the ALPC LPE vulnerability -- as well as a binary -- was published on GitHub. Now a group that has been named PowerPool has been spotted using the code in a malware campaign.

Continue reading →

The current feeling is that the chances of a company being hacked is a matter of when rather than if, but businesses continue to struggle with how to actually measure if their security solutions are working.

Security ratings company BitSight is launching a new tool that will help customers identify the optimal course of action needed to improve their overall risk posture.

Continue reading →

Almost one in four Brits (23 percent) have been victims of fraud when shopping online -- with eight percent duped more than once, according to a new study

The inaugural Fraud Tracker report from online payment service Shieldpay  shows that the average victim loses £608, yet receives only £55 back from their bank.

Continue reading →

Millions of home Wi-Fi networks could be easily hacked, even when the network is protected by a strong password, thanks to a flaw in Chrome-based browsers.

Researchers at cybersecurity and penetration testing consultancy SureCloud  have uncovered a weakness in the way Google Chrome and Opera browsers, among others, handle saved passwords and how those saved passwords are used to interact with home Wi-Fi routers over unencrypted connections.

Continue reading →

A vulnerability in the Android operating system means that it is worryingly easy to track and locate phones. While the issue has been addressed in Android Pie, Google has no plans to patch the vulnerability in earlier versions of its mobile OS.

The vulnerability (CVE-2018-9489) was revealed in a report from Nightwatch Cybersecurity which warns that it can be used to "uniquely identify and track any Android device" and also to "geolocate users". As well as Google's own Android builds, the problem is also said to affect forked versions such as FireOS.

Continue reading →

While the US and UK governments continue to eye China with suspicion, blocking the use of some Chinese hardware because of national security concerns, it has come to light that Google's Titan Security Key is produced in China.

The keys are supposed to boost security through the use of two-step verification, but security experts are calling for transparency about the supply chain for the hardware after it was revealed it is produced by Chinese company Feitian. There are concerns that the devices could be compromised by Chinese hackers (state or otherwise) to spy on users.

Continue reading →

Since the beginning of 2017, the number of remote access Trojan (RAT) files found among the malware distributed by botnets has almost doubled, according to a new report.

The botnet activity report from Kaspersky Lab analyzed more than 150 malware families and their modifications circulating through 60,000 botnets around the world.

Continue reading →

Just 24 hours after a zero-day bug in Windows task scheduler was revealed by @SandboxEscaper on Twitter, the vulnerability has been patched. While Microsoft said it would "proactively update impacted advices as soon as possible" the patch has not come from the Windows-maker.

Instead, it was left to micro-patching specialists 0patch to produce a fix for the Task Scheduler ALPC Local Privilege Execution (VU#906424) security flaw -- one that is a mere 13 bytes in size.

Continue reading →

The protection of human identities tends to be high on the agenda for organizations, but what about machine identities?

Recent increases in the number of machines on enterprise networks, shifts in technology, IoT devices and new computing capabilities have created a set of challenges that require increased focus on protecting machine identities.

Continue reading →

A month after it was announced, Google is now selling its Titan Security Key for $50. Currently available in the US, the FIDO-compatible keys help to boost security with two-step verification (2SV).

Google boasts that the keys have "special sauce" in the form of tamper-resistant firmware that helps to further improve security. Costing roughly the same as a Yubikey, Google is hoping to offer a viable alternative to the current FIDO key leader.

Continue reading →

Everyone is aware that cybersecurity threats are out there, but what are the biggest threats and are IT and business executives worried about the same things?

New research from data security specialist Varonis highlights some major differences -- and potential challenges -- when it comes to communicating and aligning on key threats.

Continue reading →

A new study from email security company Mimecast shows that malicious links in emails are being missed by many security systems.

Mimecast examined more than 142 million emails that had passed through organizations' email security vendors. The latest results reveal 203,000 malicious links within 10,072,682 emails were deemed safe by other security systems -- a ratio of one unstopped malicious link for every 50 emails inspected.

Continue reading →