Articles about Security

According to a new report, 52 percent of US retailers have suffered a data breach in the past year and 75 percent have had one at some time in the past.

The latest Thales Data Threat Report, Retail Edition, also shows that US retail data breaches more than doubled from 19 percent in the 2017 survey to 50 percent, making retail the second most breached industry vertical this year.

Continue reading →

When usernames and passwords are exposed through a data breach or attack on users, criminals harvest these credentials and test them on a wide range of websites and mobile applications, a practice known as 'credential stuffing'.

A new report by security and anti-fraud specialist Shape Security looks at the lifecycle of stolen credentials and at the damage their use can cause.

Continue reading →

Phisherfolk love to try to trick people into thinking they are a major brand in order to get them to reveal passwords or personal data.

New research from Vade Secure reveals that in the second quarter of this year Microsoft has supplanted Facebook as the most spoofed brand. The social network drops two places to third, behind perennial phishing favorite PayPal.

Continue reading →

Security-as-a-service provider Alert Logic is using the AWS Cloud Summit to launch an industry first network intrusion detection system (IDS) for containers.

It’s available in Alert Logic Cloud Defender and Threat Manager solutions and is able to inspect network traffic for malicious activity targeting containers, providing organizations with faster detection of compromises and reduced risk of attacks to cloud workloads on Amazon Web Services.

Continue reading →

As businesses move more of their systems into the cloud the protection they require to keep them safe needs to be more flexible.

Cybersecurity specialist McAfee is responding to this challenge with the launch of McAfee MVISION, a portfolio of products which strengthens the device as a control point in security architectures, delivers simplified management, stronger Windows security, behavior analytics, and threat defense for Android and iOS devices.

Continue reading →

It is no secret that the technology sector has a labor problem. As demand for new products and services continues to rise, we are simply not producing enough qualified developers to keep up. Just ask any company where their greatest pain point is and they will have hiring somewhere towards the top of that list.

This shortage is felt especially acutely when it comes to security professionals that understand both how code is written, and how to keep it secure. A 2018 report from the Enterprise Strategy Group (ESG) found that 51 percent of respondents reported shortages of cybersecurity skills as an area of concern. These concerns have been on the rise in recent years, spiking from a reported 23 percent in 2014 citing cybersecurity skills as a problem, up to the latest 51 percent statistic from this year.

Continue reading →

Malwarebytes already offers a decent security app for Android, but the company has never had a version for iOS -- until now.

While iPhone and iPad users are less at risk from malware than their Android counterparts, thanks to Apple’s walled-garden, they aren’t necessarily completely safe -- the threat of spam calls, scam websites, fraudulent texts and bad ads remains.

Continue reading →

With every new privacy scandal that erupts across the digital landscape, we smartphone users and digital nomads must ask ourselves the same question: Have we reached diminishing returns on the usefulness of modern technology? It seems sometimes like every new convenience arrives with a litany of security concerns attached.

The latest news to strike a blow to our expectations of digital privacy is that smartphone apps appear to have been taking screenshots of users' devices and records of their keystrokes without their knowledge.

Continue reading →

Traditional signature-based antivirus solutions struggle to cope with the pace of change in today's malware world. But while enterprises have had access to sophisticated machine learning solutions for a while these have largely been denied to consumers.

Now though Cylance is launching an AI-based antivirus solution aimed at the domestic internet user.

Continue reading →

There's growing interest in biometric security solutions as passwords are increasingly seen as outmoded and at risk from phishing and other attacks.

Biometric solutions provider ID R&D is launching a new version of its voice biometric security solution, IDVoice. Enhancements to the product allow it to deliver what is claimed to be the industry's fastest and most accurate text-independent biometric verification.

Continue reading →

Google's Chrome browser may be popular, but you'll find a lot of its users complain about high memory usage. With Chrome 67, things just got even worse.

If you've noticed that Chrome on the desktop is using more RAM, you're not imagining it. Google has enabled a Site Isolation feature in Windows, Mac, Linux and Chrome OS to help mitigate against the Spectre vulnerability -- and it's a bit memory-hungry.

Continue reading →

It seems that the Spectre and Meltdown vulnerabilities saga is never-ending, and now there are two new related CPU flaws to add to the mix. Dubbed Spectre 1.1 and Spectre 1.2, the vulnerabilities (CVE-2018-3693) exploit speculative execution and can modify data and bypass sandboxes.

Two security researchers have disclosed details of the new vulnerabilities, both of which have the potential to leak sensitive data. By tinkering with the speculative execution processes of Intel and ARM CPUs, it would be possible to use malicious code to extract information such as passwords and crypto keys.

Continue reading →

The security breach suffered by Timehop on July 4 was much more serious than the company first thought. In an update to its original announcement, the company has revealed that while the number of account affected by the breach -- 21 million -- has not changed, the range of personal data accessed by hackers is much broader.

Timehop has released an updated timeline of events, having initially felt forced by new GDPR rules to publish some details of the breach before all information had been gathered. The company says that it is also unsure of where it stands with GDPR, and is working with specialists and EU authorities to ensure compliance.

Continue reading →

Three Arch Linux packages have been pulled from AUR (Arch User Repository) after they were discovered to contain malware. The PDF viewer acroread and two other packages that are yet to be named were taken over by a malicious user after they were abandoned by their original authors.

A user by the name of xeactor took ownership of acroread and tweaked the source code of the package, lacing it with malware. In this particular instance there were no major consequences, but it highlights the security issues associated with user-submitted software.

Continue reading →

Once a user is logged on, they typically have access to a wealth of sensitive applications and systems. Strong authentication at the front door therefore helps boost the overall security of the entire system.

A new adaptive authentication system developed by identity automation specialist SecureAuth Corp + Core Security, is available for Windows and Mac systems enabling adaptive and multi-factor authentication for users logging into servers, desktops, and laptops.

Continue reading →