Articles about Security

Even if you’re not a soccer/football fan, it probably hasn't escaped your notice that there's a World Cup going on in Russia at the moment.

We expect big sporting events to be exploited to launch phishing and malware campaigns but researchers at Enigma Software have spotted an interesting new phenomenon -- malware infections actually drop on match days.

Continue reading →

The sprawling and complex set of subjects we call cyber security can all be tied to one fundamental concept -- time. The time it takes a cyberattack to penetrate, the time from initial compromise to lateral movement across the network, the time it takes for an attack to be detected, to be analyzed, to be responded to and remediated.

Time is one of seven base quantities in the International System of Units upon which all other measures are constructed. No surprise then that it’s the single most important factor in cybersecurity program success.

Continue reading →

Apple is working away on iOS 12 at the moment, but it's still pushing out updates for iOS 11. As promised just a few weeks ago, a new update aims to block the use of iPhone passcode cracking tools, such as those used by law enforcement. But the patch has already been found to be flawed.

The latest update to iOS introduces a new USB Restricted Mode which is supposed to prevent the Lightning port of an iPhone or iPad being used to transfer data an hour after the device is locked. However, security researchers discovered that it is possible to bypass this security feature by plugging in an "untrusted USB accessory" -- and Apple sells such a device for just $39.

Continue reading →

Penetration testing company Positive Technologies has released some alarming figures surrounding the vulnerability of corporate networks to insider attacks.

During testing performed as an internal attacker, the company's researchers were able to obtain full control of infrastructure on all the corporate networks they attempted to compromise. Only seven percent of systems were assessed as having 'moderate' difficulty of accessing critical resources.

Continue reading →

According to a new study, 68 percent of IT professionals believe their organizations are failing to carry out all procedures in line with data protection laws.

The report from digital security specialist Gemalto also shows 65 percent of companies are unable to analyze all the data they collect and only just over half (54 percent) know where all of their sensitive data is stored.

Continue reading →

It's not all that long since fitness app Strava caused something of a security nightmare by inadvertently revealing the locations of numerous secret military bases. Now another app -- Polar Flow this time -- has gone a step further and revealed the names and home addresses of nearly 6,500 users.

A joint investigation by Bellingcat and Dutch journalism platform De Correspondent found that the app is "revealing the homes and lives of people exercising in secretive locations, such as intelligence agencies, military bases and airfields, nuclear weapons storage sites, and embassies around the world".

Continue reading →

Timehop -- the social network for those who like to reminisce -- has revealed that it fell victim to a security breach on Independence Day. The attacker managed to access an internal database stole the personal data of 21 million users from Timehop's Cloud Computing Environment.

The vast majority of those affected by the "security incident" (as Timehop refers to it) had their names and usernames exposed, but for nearly a quarter of them -- 4.7 million -- phone numbers were also exposed. The hacker also took access tokens which could be used to view users' posts.

Continue reading →

The team behind Gentoo Linux has revealed the reasons for the recent hack of its GitHub organization account. The short version: shoddy security.

It seems that the hackers were able to gain access to the GitHub organization account by using the password of one of the organization administrators. By the team's own admission, poor security meant that the password was easy to guess. As the Register points out, "only luck limited the damage", but the Gentoo Linux team is keen to let it be known that it has learned a lot from the incident.

Continue reading →

While businesses spend a lot of time and effort putting up technical defenses to protect their systems, often the weakest spot is the users.

Employees can do harm to the business by visiting infected websites, responding to phishing emails, using business email through public Wi-Fi and more. Spam filtering service EveryCloud has put together an infographic looking at why it’s therefore important for companies to offer cybersecurity training.

Continue reading →

Binance -- the largest cryptocurrency exchange in the world -- temporarily halted all trading after it detected "irregular trading on some APIs".

As a precautionary measure, the exchange removed all existing API keys and asked users to re-create theirs from their accounts. The measure meant a suspension of trading, withdrawals and other account activity. The matter is related to the Bitcoin fork Syscoin which halted deposits and withdrawals, but Binance stressed that there had not been as hack and that its blockchain is safe.

Continue reading →

Another day, another privacy concern. Following a Wall Street Journal story about the access third party apps have to Gmail data, we wrote about how to stop it. While the WSJ did not really make any major new revelations, it did manage to reignite the conversation about privacy, and Google has responded to storm that has built up around it.

The company has used a blog post to respond to the concerns raised by the Wall Street Journal, insisting that it carefully vets any third party that has access to sensitive data. The task has been left to Suzanne Frey -- director of security, trust and privacy at Google Cloud -- to limit the damage caused by the article.

Continue reading →

Information technology and operational technology are gradually moving closer together thanks to wider connectivity of OT with external networks, and the growing number of industrial IoT devices.

While this boosts the efficiency of industrial processes, it also presents new risks and vulnerabilities according to a new report from Kaspersky Lab.

Continue reading →

Vulnerabilities have been discovered in LTE that would make it possible for an attacker to tap into 4G networks for the purposes of spying on and hijacking 4G browsing sessions.

Security researchers from Ruhr-Universität, Bochum and New York University, Abu Dhabi show how three different attacks can be launched on the second layer of LTE -- also known as the data link layer. Two passive attacks allow for identity mapping and website fingerprinting, while the active cryptographic aLTEr attack allows for DNS spoofing and network connection redirection.

Continue reading →

Sportswear company Adidas has warned US customers about a security breach that took place earlier this week.

The firm says that on Tuesday it was made aware that "an unauthorized party claims to have acquired limited data associated with certain Adidas consumers". Two days later, the company started to notify its customers that personal data -- including contact information and usernames -- may have been compromised.

Continue reading →

Cybercriminals use a variety of tactics to cloak their activity and that includes using trusted tools, like PowerShell, to retrieve and execute malicious code from remote sources.

A new report from eSentire reveals that 91 percent of endpoint incidents detected in Q1 2018 involved known, legitimate binaries.

Continue reading →