Articles about Security

In a world of digital transformation projects that increasingly mean more links to suppliers and partners, it can be hard for companies to assess the risk presented by opening up their data to third-parties.

To address this problem RiskRecon is launching new asset valuation algorithms that automatically determine the inherent risk value of any internet facing system.

Continue reading →

After a relatively quiet first half of the year, cyberattacks have come back with a bang in the third quarter according to the latest report from Malwarebytes.

Businesses seem to have become the main focus of attacks, experiencing more cybercriminal activity this quarter, with detections up by 55 percent, while consumer detections increased by only four percent over the last quarter.

Continue reading →

We've heard of problems with specially-crafted messages being used to lock up iPhones, and now a similar problem has been found with the PlayStation 4. Anyone who receives one of these messages will find that their console completely locks up -- and the only way out of it is to perform a factory reset.

The problem lies in messages that include unrecognized characters, and it is being exploited by some gamers to boot people offline in the middle of games -- Rainbow Six in particular. While there is no fix available at the moment, there are steps you can take to prevent the issue affecting you.

Continue reading →

There are expected to be more than 420 million internet connected devices in use across the UK within the next three years and if poorly secured these can leave people exposed to security issues and even large scale cyberattacks.

To address this, a new voluntary Code of Practice is being launched by the UK government to help manufacturers boost the security of internet-connected devices such as smartwatches, virtual assistants and toys.

Continue reading →

The most recent Facebook security issue is one of the most serious yet for users of the social network. Depending on which numbers you are look at, the hackers who exploited a security flaw have impacted on anything between 14 and 30 million people.

Facebook is still -- with the help of law enforcement agencies -- investigating the incident, and in the meantime many people feel as those they are being left in the dark. If you want to find out if your account has been affected, here's what you need to do.

Continue reading →

In a news release with the bizarrely vague title of "An Update on the Security Issue", Facebook has revealed that the "View As" security breach it opened up about recently gave hackers access to the personal details of 15  million users.

Having previously advised that the access tokens stolen by hackers had not been used to infiltrate other apps and services, the social networking giant now says 15 million people have had their names and contact details exposed. 14 million users had significantly more details revealed, including username, relationship status, religion, hometown,  birthdate, places they have checked into, and recent searches.

Continue reading →

New research from IT procurement company Probrand shows that 68 percent of UK businesses have failed to wipe the data from IT equipment before disposal, leaving them open to fines under GDPR if data is exposed.

In addition 70 percent admit to not having an official process or protocol for disposing of obsolete IT equipment.

Continue reading →

An increasing number of enterprises are considering pre-purchasing cryptocurrency in anticipation of potential ransomware attacks. But is this a valid risk-reduction strategy for enterprises?

To get some views on this controversial issue, we spoke with Mike Doran, senior security consultant with the enterprise incident management team at cybersecurity specialist Optiv, and former computer forensics examiner with the St. Louis Metropolitan Police Department.

Continue reading →

A new survey from identity management specialist SailPoint in conjunction with US National Cybersecurity Awareness Month finds two out of three professionals are extremely concerned about their personal identity being stolen.

Yet despite this half admit that they would participate in the types of risky behavior that increase the threat of leaked information and a potential breach.

Continue reading →

When we talk about the dark web it's easy to think of it as an amorphous malevolent blob. But new research from Recorded Future reveals some key differences between dark web communities in different parts of the world.

The company's Inskit Group of researchers has actively analyzed underground markets and forums tailored to Russian and Chinese audiences over the past year and has discovered a number of differences in content hosted on forums, as well as differences in forum organization and conduct.

Continue reading →

Most endpoint detection tools collect only a limited set of data, which can make it hard for teams to track down and combat threats.

To address this issue, endpoint security specialist Carbon Black is launching a new threat hunting tool as part of its Predictive Security Cloud (PSC).

Continue reading →

A new study reveals that 68 percent of the top 50 companies on the Fortune 500 rankings are not adequately prepared for the next major DNS attack.

The Global DNS Performance Report by network intelligence company ThousandEyes shows that DNS best practices are not widespread in major enterprises and SaaS providers, leaving them needlessly vulnerable.

Continue reading →

Companies increasingly rely on cloud applications and infrastructure for their critical systems. Protecting these is vital and to help businesses do so, Symantec  is launching an expansion to its cloud security portfolio.

Symantec’s Cyber Defense Platform offers a broad range of protection, providing visibility and control for virtually any cloud app and integrations with CloudSOC CASB, Cloud Workload Protection (CWP) and Data Loss Protection (DLP).

Continue reading →

A new report released ahead of the Infosecurity North America event to be held next month, shows that the majority of chief information security officers (CISOs) are receiving conflicting advice about new or changing regulation.

In addition, when asked what regulatory bodies should do to help promote a smooth rollout of privacy regulations, 35 percent of respondents say that regulators should provide clearer communication about compliance requirements.

Continue reading →

One in three organizations rely on outdated and manual methods, like spreadsheets, to manage privileged accounts, and there's widespread lack of confidence among IT professionals in access control and privileged account management programs.

This is among the findings of a new report from One Identity which also shows one in 20 organizations have no way of knowing if users retain access even after they’ve left the organization.

Continue reading →