Security

Cryptocurrency mining malware has seen an increase of 86 percent in the second quarter of 2018, according to a new report from McAfee Labs.

After gaining ground the fourth quarter of 2017 to around 400,000 samples, new cryptomining malware samples grew a stunning 629 percent to more than 2.9 million in Q1 of 2018. This trend has continued in with more than 2.5 million new samples detected.

Protecting data in the cloud and ensuring compliance with rules and regulations is a complex task. The adoption off SaaS applications like Office 365 makes it even more so.

Symantec is launching an enhanced version of its Data Loss Prevention technology to protect data in Office 365 and allow users to safely share it internally as well as with partners and contractors.

Use of known vulnerable open source components has increased by 120 percent over the last year and 62 percent of organizations say they have no meaningful control over OSS components, according to a new study.

Sonatype's fourth annual State of the Software Supply Chain Report shows that open source continues to be a key driver of innovation -- with software developers downloading more than 300 billion open source components in the past 12 months. However, hackers are exploiting this growing trend, and even beginning to inject vulnerabilities directly into open source projects.

Messaging systems like Skype, Slack, Telegram and others are increasingly used by both individuals and businesses. But how do you know the person you're talking to is who they say they are?

A new product from biometric solutions company ID R&D offers multi-layer continuous authentication across messaging platforms without any impact on the user experience.

A security researcher has developed an attack that exploits a Firefox bug, making it possible to crash the web browser.

Sabri Haddouche used his Browser Reaper website to share a live test version of the exploit -- the site is also home to exploits for Chrome and Safari. The Firefox attack uses JavaScript to crash or freeze the browser, with the effect of the exploit depending on whether the browser is running on Linux, Windows or macOS.

Small businesses are just as vulnerable to cyber threats as larger ones, but often they have few resources to devote it IT security.

With the launch of its next generation of Kaspersky Small Office Security, Kaspersky Lab aims to offer smaller businesses protection from cybercrime without the need for technical cybersecurity expertise or regular hands-on administration.

A new report from risk rating organization SecurityScorecard finds that the retail industry is the second lowest performer in terms of application security.

SecurityScorecard continually monitors more than 200,000 businesses across the world and the report compares the average grade of the retail industry to other vertical markets.

Just 15 lines of code was all it took for hackers to hijack the checkout of online retailer Newegg. The month-long attack took the form of a huge card skimming operation and is believed to have been carried out by the same group that was responsible for hacking both British Airways and Ticketmaster recently -- Magecart.

The hackers inserted car-skimming code into Newegg's payment page, and this script remained in place between August 14 and September 18. It is not known how many people may have been affected by the incident, but with millions of visitors each month, the numbers are potentially huge.

When it comes to upgrading an operating system, home users have plenty of flexibility. Whether running Windows, Mac, or a Linux-based OS, moving to the latest and greatest should be a fairly uneventful affair. For businesses, however, bleeding edge is hardly ideal. After all, companies use their computers to make money -- there is no room for downtime due to upgrade issues. In other words, if it isn't broken, don't fix it. This is why many in the corporate world still run Windows 7.

Of course, staying on an older operating system can be problematic as well. As long as the OS is supported, you are golden. To run an operating system that no longer gets security updates is pure madness, though. Luckily, if you need to run an unsupported operating system, some maintainers, such as Canonical and Microsoft, will still support you -- if you pay up. For example, next year, Ubuntu 14.04 will reach end of life, so today, Canonical announces its Extended Security Maintenance (ESM) plans.

Cybersecurity company ESET has discovered six fake banking and personal finance apps on the Android store. The apps had been installed more than 1,000 times total before being taken down by Google.

ESET believes all of the apps are the work of a single attacker. They have impersonated six banks from New Zealand, Australia, the United Kingdom, Switzerland and Poland, and the Austrian cryptocurrency exchange Bitpanda.

A new report from cloud delivery company Akamai reveals that the financial services industry has become a prime target for credential stuffing botnets.

Between May and June 2018, Akamai detected more than 8.3 billion malicious login attempts. However, many botnets attempt to remain in stealth mode for as long as possible.

A survey of more than 400 full-time employees in the US shows that, despite having a general understanding of security risks, people still tend towards unsafe behavior.

The study by Spanning Cloud Apps finds many are under-prepared for the increasing sophistication and instance of ransomware and phishing attacks. More than half (55 percent) admit to clicking links they don't recognize, 59 percent say they would allow a colleague to use their work computer and 34 percent are unable to identify an insecure eCommerce site.

Privileged access management specialist Thycotic has released the results of its latest survey, conducted at this year's Black Hat, on hackers' perspectives on vulnerabilities and the attack vectors they find easiest to exploit.

It shows that 50 percent of hackers surveyed -- 70 percent of whom describe themselves as ethical -- say they easily compromised both Windows 10 and Windows 8 within the past year.

Over half of small business executives are convinced their business is not a target for cybercriminals, according to a new report.

The study from consulting and managed services company Switchfast also shows that 31 percent of senior management employees shared the password to their work email with another co-worker, while only 18 percent of associates have.

Earlier in the year it was revealed that a security flaw made it possible to determine not only the location, but also the HIV status of Grindr users. Months down the line, Grindr is still exposing the precise location of its users by failing to block third-party access to a private API.

Using a trilateration technique, and exploiting the fact that Grindr lets users know -- with some degree of accuracy -- how far away they are from others, it is very easy for just about anyone to build a tool that shows precise locations.