Articles about Security

Small businesses are just as vulnerable to cyber threats as larger ones, but often they have few resources to devote it IT security.

With the launch of its next generation of Kaspersky Small Office Security, Kaspersky Lab aims to offer smaller businesses protection from cybercrime without the need for technical cybersecurity expertise or regular hands-on administration.

Continue reading →

A new report from risk rating organization SecurityScorecard finds that the retail industry is the second lowest performer in terms of application security.

SecurityScorecard continually monitors more than 200,000 businesses across the world and the report compares the average grade of the retail industry to other vertical markets.

Continue reading →

Just 15 lines of code was all it took for hackers to hijack the checkout of online retailer Newegg. The month-long attack took the form of a huge card skimming operation and is believed to have been carried out by the same group that was responsible for hacking both British Airways and Ticketmaster recently -- Magecart.

The hackers inserted car-skimming code into Newegg's payment page, and this script remained in place between August 14 and September 18. It is not known how many people may have been affected by the incident, but with millions of visitors each month, the numbers are potentially huge.

Continue reading →

When it comes to upgrading an operating system, home users have plenty of flexibility. Whether running Windows, Mac, or a Linux-based OS, moving to the latest and greatest should be a fairly uneventful affair. For businesses, however, bleeding edge is hardly ideal. After all, companies use their computers to make money -- there is no room for downtime due to upgrade issues. In other words, if it isn't broken, don't fix it. This is why many in the corporate world still run Windows 7.

Of course, staying on an older operating system can be problematic as well. As long as the OS is supported, you are golden. To run an operating system that no longer gets security updates is pure madness, though. Luckily, if you need to run an unsupported operating system, some maintainers, such as Canonical and Microsoft, will still support you -- if you pay up. For example, next year, Ubuntu 14.04 will reach end of life, so today, Canonical announces its Extended Security Maintenance (ESM) plans.

Continue reading →

Cybersecurity company ESET has discovered six fake banking and personal finance apps on the Android store. The apps had been installed more than 1,000 times total before being taken down by Google.

ESET believes all of the apps are the work of a single attacker. They have impersonated six banks from New Zealand, Australia, the United Kingdom, Switzerland and Poland, and the Austrian cryptocurrency exchange Bitpanda.

Continue reading →

A new report from cloud delivery company Akamai reveals that the financial services industry has become a prime target for credential stuffing botnets.

Between May and June 2018, Akamai detected more than 8.3 billion malicious login attempts. However, many botnets attempt to remain in stealth mode for as long as possible.

Continue reading →

A survey of more than 400 full-time employees in the US shows that, despite having a general understanding of security risks, people still tend towards unsafe behavior.

The study by Spanning Cloud Apps finds many are under-prepared for the increasing sophistication and instance of ransomware and phishing attacks. More than half (55 percent) admit to clicking links they don't recognize, 59 percent say they would allow a colleague to use their work computer and 34 percent are unable to identify an insecure eCommerce site.

Continue reading →

Privileged access management specialist Thycotic has released the results of its latest survey, conducted at this year's Black Hat, on hackers' perspectives on vulnerabilities and the attack vectors they find easiest to exploit.

It shows that 50 percent of hackers surveyed -- 70 percent of whom describe themselves as ethical -- say they easily compromised both Windows 10 and Windows 8 within the past year.

Continue reading →

Over half of small business executives are convinced their business is not a target for cybercriminals, according to a new report.

The study from consulting and managed services company Switchfast also shows that 31 percent of senior management employees shared the password to their work email with another co-worker, while only 18 percent of associates have.

Continue reading →

Earlier in the year it was revealed that a security flaw made it possible to determine not only the location, but also the HIV status of Grindr users. Months down the line, Grindr is still exposing the precise location of its users by failing to block third-party access to a private API.

Using a trilateration technique, and exploiting the fact that Grindr lets users know -- with some degree of accuracy -- how far away they are from others, it is very easy for just about anyone to build a tool that shows precise locations.

Continue reading →

In North America 32 percent of data breaches have resulted in a C-level manager, president or CEO losing their job, according to new research.

The study from Kaspersky Lab shows that 42 percent of businesses worldwide experienced at least one data breach in the last year. When a data breach occurs it not only results in a costly recovery burden, now put at $1.23 million on average, but it can also impact the company's reputation, customer privacy, and even severely impact employees' careers.

Continue reading →

Researchers at cyber security company F-Secure have discovered a weakness in modern computers' firmware that attackers can use to steal encryption keys and other sensitive information.

Physical access to the computer is needed to exploit the weakness, but once an attacker has gained this they can successfully perform the attack in around five minutes.

Continue reading →

Users of the Kodi media center may already know that the Netherlands-based repository for third-party add-ons, XvBMC, was recently shut down due to copyright violations.

Researchers at security company ESET have discovered that the repository was also part of a malicious cryptomining campaign dating back to December 2017. This is the second instance of Kodi being used for cryptojacking this year.

Continue reading →

As email security solutions focus on detecting malware, cybercriminals are now adapting their attacks, exposing organizations to more malware-less assaults such as CEO fraud.

The report by intelligence-led security company FireEye is based on analysis of a sample set of over half-a-billion emails from the first half of 2018. It finds only 32 percent of email traffic seen was considered 'clean' and actually delivered to an inbox. The report also finds that one in every 101 emails had malicious intent.

Continue reading →

Unwanted and scam phone calls are an increasing problem. Analysis by call management company First Orion predicts that nearly half of all calls to mobile phones in the US will be fraudulent in 2019 unless the industry adopts and implements more effective call protection solutions.

Over the past year, First Orion's data shows a drastic increase in scam calls -- from 3.7 percent of total calls in 2017 to 29.2 percent in 2018 -- and that number is projected to reach 44.6 percent by early 2019.

Continue reading →