Articles about Security

Password manager app Dashlane is launching the latest version of its software complete with a new Identity Dashboard, which provides a complete picture of a user's online security and clear actionable steps to improve it.

The dashboard integrates dynamic new features like dark web monitoring, as well as a new Password Health assessment, that put people in complete control of their digital identities.

Continue reading →

IT security professionals are more than twice as worried about data breaches and cyberattacks today than they were this time last year according to two new reports.

The International Cyber Benchmarks Index and The Changing Face of Cyber Attacks, from the Neustar International Security Council (NISC), reveal the greatest threats as system compromises and ransomware, with 20 percent listing both as their primary concern

Continue reading →

Google now has its own hardware security keys -- the Titan Security Key. These FIDO-compatible keys include Google firmware that verifies the integrity of security keys at the hardware level. The Titan Security Key offers secure hardware-based two-factor authentication, and is available to Google Cloud customers.

The keys are similar to those offered by Yubico -- so similar, in fact, that the company has gone out of its way to stress that it is not manufacturing the devices for Google.

Continue reading →

The vulnerability scan results security departments issue to the operations teams typically contain hundreds of pages and thousands of vulnerabilities to address. It’s a massive list often containing some prioritization based on the criticality of the vulnerabilities observed; and for some more mature organizations, an assessment and opinion of the security team. Typically, operations teams care about security in the endpoints. But, their job is to guarantee uptime and user satisfaction, which often suffers when deploying patches requires reboots and application restarts. And then there’s the resource constraint issue, like the difficulty of prioritization in a world where everything seems to be urgent, the lack of visibility, questions around ownership and available time, and so on. It’s a tough ask to minimize the risk in the endpoints without a holistic, multi-departmental collaboration focused on specific risk policies and profiles.

Compliance pressure doesn’t help either, because frequently it ends up being just a check-box, and not a mechanism for improving security. Therefore, while the bare minimum is undertaken very reluctantly to satisfy the auditors, there’s still a significant amount of fire drill and distraction from the daily grind.

Continue reading →

Malware writers have been using a free market model to sell their wares for some time. The success of this approach is clear from new research by Positive Technologies that finds demand for malware creation on the dark web is three times greater than supply.

Demand for malware distribution is twice the supply. This mismatch of supply and demand has led to interest among criminals in new tools, which are becoming more readily available in the form of partner programs that include malware-as-a-service and malware distribution-for-hire.

Continue reading →

Data breaches have serious consequences for SMBs and if not handled correctly can cause serious damage to the business.

It's perhaps no surprise then that according to a survey from IT infrastructure company Kaseya security remains the top IT priority for SMBs with 54 percent citing it as their main concern in 2018, up 14 percent from 2017.

Continue reading →

There has been a long-standing movement trying to make the web a safer place. For some time, Google's Chrome browser has alerted people when they are visiting secure sites, but with the launch of Chrome 68, it instead warns when an insecure site is encountered.

As we warned just a couple of days ago, the latest update to Chrome means you're likely to see warnings about a lot of insecure sites -- and there are some big-name sites being shamed. Included on the non-HTTPS list are some of Google's own sites, the BBC, the Daily Mail and Fox News. And there are plenty of other recognizable offenders too, as Why No HTTPS? reveals.

Continue reading →

We all like to think that we're smart enough not to fall for phishing emails, yet a surprising number of people do get caught out by them.

A new report from security awareness training company KnowBe4 looks at the most successful phishing emails in the second quarter of 2018. The results show that hackers are playing into users' commitment to security, by using clever subject lines that deal with passwords or security alerts.

Continue reading →

Cybercriminals are delving into the past to launch attacks based on some very old vulnerabilities according to the latest report from Kaspersky Lab, and they're using Linux to do it.

In the second quarter of 2018, experts have reported DDoS attacks involving a vulnerability in the Universal Plug-and-Play protocol known since 2001. Also, the Kaspersky DDoS Protection team observed an attack organized using a vulnerability in the CHARGEN protocol that was described as far back as 1983.

Continue reading →

IBM's i operating system -- originally known as OS/400 -- is still popular in many larger and mid-sized organizations, and it is of course subject to the same security and compliance challenges as other systems.

Big data specialist Syncsort is launching additions to its Syncsort Assure family of products to help i users achieve compliance with GDPR and other legislation, and strengthen security with multi-factor authentication.

Continue reading →

Of over 200 respondents to a new survey, more than half report the most vulnerable aspects of their IIoT infrastructure as data, firmware, embedded systems, or general endpoints.

But at the same time the survey by information security training organization SANS Institute reveals an ongoing debate over what actually constitutes an endpoint.

Continue reading →

Tomorrow -- Tuesday, 24 July -- sees the release of Chrome 68. Many people will regard this as just another browser update, but the release sees an important change to the way Chrome handles unencrypted websites.

The new way in which non-HTTPS sites are handled means that Chrome is going to start throwing up warning messages whenever an insecure site is encountered -- a reversal of the way things have been up until now.

Continue reading →

According to a new study, 80 percent of IT decision makers and IT security professionals believe software supply chain attacks have the potential to become one of the biggest cyber threats over the next three years.

The survey by Vanson Bourne for endpoint security company CrowdStrike  finds two-thirds of the surveyed organizations experienced a software supply chain attack in the past 12 months.

Continue reading →

Cyberattacks come in many forms and from many sources, but a new report from endpoint security company Carbon Black reveals an increasing number originate from nation states with espionage as their goal.

The findings show that 81 percent of incident response (IR) professionals say the majority of attacks come from Russia, while 76 percent say the majority come from China. These foreign actors are seeking more than just financial gain or theft -- 35 percent of IR professionals say the attackers' end goal is espionage.

Continue reading →

In 1941, the US Military was trying to save on security costs by mooring its battleships close together while they were in port. Aircraft were also parked neatly in rows. Many of the most valuable assets of the Pacific Fleet were all centralized in one convenient spot that was well organized, easy to find, and therefore easy to attack.

On 7 December 1941, a date that will live on in infamy, that is exactly what happened.

Continue reading →