Articles about Security

Extensions are a great way to increase the capabilities of your web browser, but they can also be the source of problems. Malicious extensions can be a serious headache, and this is something that Chrome users know more than most. Now Google is looking to improve security.

The company has already promised that with Chrome 70 it is going to give users more privacy controls, and today it announced that this version of the browser will also introduce permission controls extensions. On top of this Google is introducing a new review process for extensions submitted to the Chrome Web Store, as well as placing a ban on extensions with obfuscated code.

Continue reading →

A new study by LogMeIn, the company behind the LastPass password manager shows that size matters in password security, but not in the way that you might think.

Looking at anonymized data from over 43,000 companies, the study produced a security score and a password strength score for each. Businesses with fewer than 25 employees had the highest average security score of 50, but the average drops as company size increases.

Continue reading →

The Guardian was among many outlets to write about the huge Facebook vulnerability and attack reported yesterday, and people were understandably keen to share the story on the social network. However, many people found that they were unable to do.

Large numbers of Facebook users who tried to share the Guardian's story -- as well as one published by the Associated Press -- were greeted by a message informing them that the messages was spam and could not be posted. The matter has been addressed, but it led to complaints that Facebook was trying to hush up the story, and renewed calls to #DeleteFacebook. On its blog, Facebook's security team has also given more details about the "security issue" that happened earlier this week,

Continue reading →

Facebook has revealed that it discovered a security issue which could have exposed the accounts of 50 million people.

A vulnerability was discovered in Facebook's View As feature on Tuesday, September 25, but the company has not given too many details about how the flaw was exploited or by whom, but it has said that attackers were able to steal access tokens and access other people's accounts. Law enforcement agencies have been informed, and an investigation is under way.

Continue reading →

Smaller businesses are not immune to cyber security threats, but they often don't have the budgets or staffing resources to deal with them.

To address this, endpoint security specialist ESET is launching a new cloud-based remote security management solution specifically designed for the IT security challenges faced by SMBs.

Continue reading →

Developers rate security as their top concern when dealing with open source components, above integration and functionality, according to a new study.

The report from open source security and license compliance management company WhiteSource reveals that an average developer invests 15 hours a month dealing with open source security vulnerabilities, but only a small fraction of that time (25 percent) is devoted to actual remediation.

Continue reading →

Digital threats are evolving fast and that leads to increasing demand for security professionals to tackle them. A new report from AI-driven security company Lastline looks at how existing practitioners feel about education in their field.

Among the findings are that 85.5 percent of infosec professionals believe that US schools should offer more formal classes in the field.

Continue reading →

Security researchers have discovered an issue with the Device Enrollment Program used by Apple to allow organizations to manage their MacBooks and iPhones. Duo Security says that using nothing more than a serial number, it is possible to gain access to sensitive data about enrolled devices and their owners.

It is even possible to enroll new devices that can then access Wi-Fi passwords, VPN configurations and more. Apple was alerted to the issue way back in May, but has not done anything about it as the company does not regard it as a vulnerability.

Continue reading →

The adoption of the cloud and as-a-service delivery models means that the company network, which was once a closed environment, has now expanded into a range of other areas.

Alongside this expansion comes a new range of risks and a new study from cloud-delivered security specialist ProtectWise in conjunction with Osterman Research looks at the latest network security challenges and how they are being met.

Continue reading →

Mozilla has partnered with Troy Hunt -- the brain behind data compromise checking service Have I Been Pwned -- to create its own data breach notification service. Called Firefox Monitor, the free service lets users check if any of their email accounts or personal data have been involved in data breaches.

More than this, Firefox Monitor can also keep an eye out for future data breaches and notify those who have signed up whether their data has been affected.

Continue reading →

Cryptocurrency mining malware has seen an increase of 86 percent in the second quarter of 2018, according to a new report from McAfee Labs.

After gaining ground the fourth quarter of 2017 to around 400,000 samples, new cryptomining malware samples grew a stunning 629 percent to more than 2.9 million in Q1 of 2018. This trend has continued in with more than 2.5 million new samples detected.

Continue reading →

Protecting data in the cloud and ensuring compliance with rules and regulations is a complex task. The adoption off SaaS applications like Office 365 makes it even more so.

Symantec is launching an enhanced version of its Data Loss Prevention technology to protect data in Office 365 and allow users to safely share it internally as well as with partners and contractors.

Continue reading →

Use of known vulnerable open source components has increased by 120 percent over the last year and 62 percent of organizations say they have no meaningful control over OSS components, according to a new study.

Sonatype's fourth annual State of the Software Supply Chain Report shows that open source continues to be a key driver of innovation -- with software developers downloading more than 300 billion open source components in the past 12 months. However, hackers are exploiting this growing trend, and even beginning to inject vulnerabilities directly into open source projects.

Continue reading →

Messaging systems like Skype, Slack, Telegram and others are increasingly used by both individuals and businesses. But how do you know the person you're talking to is who they say they are?

A new product from biometric solutions company ID R&D offers multi-layer continuous authentication across messaging platforms without any impact on the user experience.

Continue reading →

A security researcher has developed an attack that exploits a Firefox bug, making it possible to crash the web browser.

Sabri Haddouche used his Browser Reaper website to share a live test version of the exploit -- the site is also home to exploits for Chrome and Safari. The Firefox attack uses JavaScript to crash or freeze the browser, with the effect of the exploit depending on whether the browser is running on Linux, Windows or macOS.

Continue reading →