Articles about Security

With passwords increasingly being seen as insufficient to properly secure access to websites, more and more companies are turning to two-factor authentication.

New research from digital identity management experts Dashlane looks at how some of the biggest consumer websites are protecting their users. It looks at 17 of the UK’s most popular sites and finds only four get top marks for their 2FA offerings.

Continue reading →

Implanted brain stimulation devices are used by scientists to explore how memories are created in the brain. New research shows that vulnerabilities mean they could be be targeted in future to steal personal information, alter or erase memories or cause physical harm.

Sound like science fiction? Researchers from Kaspersky Lab and the University of Oxford Functional Neurosurgery Group have used practical and theoretical analysis to explore the very real vulnerabilities that could exist in implanted devices used for deep brain stimulation.

Continue reading →

The British Airways breach earlier this year affected around 380,000 customers and resulted in the theft of data including personal and financial details.

The threat research team at Securonix has taken an in-depth look at the breach and the Magecart threat actor behind it, to uncover how it was carried out and offer tips to mitigate and prevent future attacks.

Continue reading →

An "incorrect command-line parameter validation" vulnerability in X.Org server makes it possible to escalate privileges as well as overwrite files. The problem affects Linux and BSD distributions using the open source X Window System implementation.

The vulnerability has been present for a couple of years, but has been brought to light by security researcher Narendra Shinde. Unpatched system can be exploited by non-root users if X server is running with elevated privileges.

Continue reading →

Google may have pulled out of the Pentagon's $10 billion JEDI cloud project, but Microsoft has no intention of following suit. Company president Brad Smith has used a blog post to defend the decision to bid for military contracts, despite pressure from its employees.

Smith recognizes that there are ethical concerns about getting involved in military projects, particularly when artificial intelligence technology is involved. However, he says: "we believe in the strong defense of the United States and we want the people who defend it to have access to the nation's best technology, including from Microsoft".

Continue reading →

According to research from Kaspersky Lab, 86 percent of CISOs believe that breaches are inevitable, but too many are stuck in a vicious circle of risk.

Financially motivated criminal gangs (40 percent) and malicious insider attacks (29 percent) are the biggest risks to their businesses, and these are the threats that are extremely difficult to prevent, either because they are launched by 'professional' cybercriminals or because they are assisted by employees who are expected to be on the right side.

Continue reading →

You've no doubt heard of Ring -- there’s near constant ads for it on TV these days, some featuring Shaquille O’Neal.

Ring became famous for its video doorbell that shows you who is outside, without you needing to open the door. The company has since expanded into video security cameras and full security systems, complete with camera, doorbell, sensors and all. Coverage runs you $10 per month, much cheaper than the big names that tend towards $30.

Continue reading →

One of the problems with buying an Android phone over an iPhone is the fact that you don't know how long you can expect to receive updates. There has long been criticism of the fact that many Android handsets are quickly abandoned while Apple pushes out iOS updates for a number of years.

We've heard suggestions that Google might start requiring handset manufacturers to provide updates for a minimum period, and now it seems that this has indeed been mandated. A leaked copy of a contract between Google and OEMs shows that there is now a requirement to release security updates -- or face the consequences.

Continue reading →

While people are still excited about Internet of Things technology, many are delaying buying over concerns about privacy and security.

A new survey from cyber security company F-Secure shows that 63 percent of early adopters are looking to purchase new devices, but 50 percent have delayed an IoT purchase because of security concerns.

Continue reading →

New research finds that that 83 percent of consumers will stop spending with a business for several months in the immediate aftermath of a security breach or a hack.

More than a fifth (21 percent) will never return to a brand or a business post-breach, representing a significant loss of revenue, according to the study from secure payments provider PCI Pal.

Continue reading →

Insecure and outdated web applications are a core source of high-profile data breaches among FT 500 global companies according to new research from web security company High-Tech Bridge.

The study reveals that abandoned, shadow and legacy web applications more or less nullify corporate cybersecurity spending and undermine compliance.

Continue reading →

It seems not a day goes by without a new cloud data breach making headlines. And though the victims change, the attack details remain the same. Why do organizations keep repeating the same cloud security mistakes? And how can we break free from this vicious cycle?

We spoke to Zach Malone, security engineer at security management specialist FireMon, who discusses these issues and tells us why, to identify the biggest threat to cloud security, we need to look in the mirror.

Continue reading →

Mozilla has announced a partnership with ProtonVPN as it explores new ways to keep people safe online.

Starting today, a select group of Firefox users in the US will see an ad for ProtonVPN encouraging them to take out a monthly subscription with the service. It's an experiment that is part of Mozilla's attempt to explore new revenue streams to help keep Firefox funded.

Continue reading →

Universities and colleges are uniquely attractive to cyber criminals, because a constantly changing population and the use of large numbers of BYOD machines means lots of potential vulnerabilities.

Privileged access management specialist Thycotic is releasing a free Cyber Security Toolkit for College Students and Families, aimed at providing an essential guide to help schools build an understanding of cyber best practices throughout their entire community.

Continue reading →

Earlier this year we covered some research from Duo Security published into the activities of Twitter bots. The company has now followed this with a look at how fake Twitter followers operate.

Traditional fake followers are challenging to detect on an individual level since they have very little (if any) activity other than following other accounts. However, because fakes operate in groups created by the same bot owner they do tend to share characteristics.

Continue reading →