We're in the middle of Cybersecurity Awareness Month and Google is taking part. The company has launched two updated protection tools to help keep internet users safe online.
While Google refers to "two new protections," these are really updates rather than completely new offerings. Both the Security Checkup tool and Google Safe Browsing have been updated to make them more personal, and both of them will adapt over time to protect against new threats.
Google and IBM, together with a few other partners, released an open-source project that gathers metadata that developers can use to secure their software.
According to an IBM blog post, the goal of the project is to help developers keep security standards, while microservices and containers cut the software supply chain.
With so much time now spent online, and with so many cloud-based tools now in use every day, we're all spending more time than ever in our web browsers. To ensure that this is as secure an experience as possible, Google is rolling out a trio of important changes to Chrome -- for Windows users, at least.
At the heart of these changes is Chrome Cleanup. This feature detects unwanted software that might be bundled with downloads, and provides help with removing it -- but Mac and Linux users miss out.
[Updated] Microsoft has patched Windows against the KRACK Wi-Fi vulnerability -- Google will secure Android soon
Earlier today, news broke about the KRACK vulnerability that affects the WPA2 protocol. Security researchers have warned that the problem affects millions of devices running everything from Windows to Android and Linux.
Microsoft has announced that it has already released a security patch to fix the vulnerability in Windows. Google says that a patch for affected Android devices will be released "in the coming weeks."
The Qualys Cloud Platform is designed to give customers a continuous, always-on assessment of their global security and compliance posture across all global IT assets, wherever they reside.
Cyber risk management company AsTech is boosting its attractiveness further for its Managed Qualys Service customers by offering a $1 million guarantee for securing perimeter networks.
A new breed of Android ransomware has been discovered that hits victims with a double whammy. DoubleLocker not only encrypts data as all ransomware does, it also changes the PIN on the target device.
DoubleLocker was discovered by security researchers at ESET. They say that the ransomware abuses Android accessibility settings, and is the first to use a double-lock approach. Based on previously released banking malware, it is though that a test version of DoubleLocker could have been in the wild since as early as May.
A severe security warning has been issued after Belgium researchers managed to exploit a serious vulnerability in the WPA2 wireless protocol.
Known as KRACK (Key Reinstallation Attacks), the vulnerability makes it possible to eavesdrop on Wi-Fi traffic. Millions and millions of devices are at risk -- Windows, Linux, Android and more -- but it is not known whether there is an active exploit in the wild yet. Details about the vulnerability were due to be released at 8:00AM ET (1:00PM BST), but the research paper has now been published early after someone leaked a draft version.
"iPhone jailbreaking is dead" reads the headline. Four words signaling the end of a 10-year long battle between Apple and those who wanted open control of their iOS devices. Here is an admission in black and white that prominent members of the jailbreaking community are giving up on attacking iOS devices. Apple created a system where their engineers, like soldiers in a castle under siege, were able to outlast the besieging army; throwing back assault after assault, until the attackers, deciding the siege was no longer worthwhile, packed up and headed home.
Ten years ago, finding a jailbreak was fairly doable, though it required skill. As iOS jailbreaks became harder to find, however, they became more valuable. Zerodium publicly announced it would pay $1 million, now increased to $1.5 million, for a remote jailbreak flaw (e.g. remote code execution) on iOS. This effectively priced the jailbreak community out of the market for iOS vulnerabilities. Markets only assign commodities such value when they are rare and difficult to obtain. If somehow you remain unconvinced, consider that the last publicly available untethered (e.g. persistent across reboots) jailbreak was discovered over a year ago, and was part of the government-quality attack tool Pegasus. The current generation of jailbreaks require the user to run a jailbreak app every time they reboot.
Businesses in the EMEA region re increasingly using Microsoft’s Office 365 solutions, but they’re doing it with a dose of fear from cyber-attacks and similar malicious actions. This was concluded in the new Barracuda Networks report, entitled Office 365 Adoption: Drivers, Risks and Opportunities.
Based on a poll of more than 1,100 organizations in EMEA, the report says almost two thirds (62 percent) are now using Office 365. This is a jump from last year’s 50 percent. Of those that still don’t use the service, almost half (40 percent) said they’re planning to do so in the future (49 percent in the US).
Encryption is an excellent way of protecting sensitive data from compromise. It is commonly accepted that once information is securely encrypted, it is safe from prying eyes and sabotage both now and in the foreseeable future.
However, the long-term security offered by many encryption systems (also known as cryptosystems) is under severe threat. A new type of computer -- the quantum computer -- has been theoretically proven to break most of today’s commonly used cryptosystems, and such a computer is predicted to be available within 15 years.
While companies are becoming increasingly dependent on mobile workers and distributed offices, a new survey reveals that IT staff are not confident they can protect remote workers.
The study by distributed gateway platform supplier iboss also finds that senior (CEO, CIO, CISO, and CTO) respondents are more confident in their organizations' ability to secure mobile traffic than more junior IT executives. 56 percent of CIOs, CISOs, and CTOs were not confident they could secure mobile traffic compared to 80 percent of subordinate IT executives.
Things have not been good for Equifax -- or its customers -- recently. Following a huge data breach earlier in the year, the credit reporting company has now suffered a new blow after it was discovered one of its support pages was redirecting to malware masquerading as Flash updates.
Just last month, Equifax revealed a security breach from May that exposed the personal details of around 145.5 million Americans and 15.2 million people from the UK. Now the company site has been found delivering fake Flash updates, and the offending page has been taken down.
When you download a mobile app you sometimes get more than you bargained for, Uber's app that tracked iPhone users for example. It can be hard to know exactly what apps on your phone are up to.
Now though, application security testing company High-Tech Bridge is launching a free 'Mobile X-Ray' service for developers that analyses native and hybrid iOS and Android apps and detects the most common weakness and vulnerabilities.
We all know that ransomware is a big problem, but a new report from cyber security company Carbon Black reveals that it's increasingly big business too.
According to the report, there are currently more than 6,300 dark web marketplaces selling ransomware, with over 45,000 product listings.
Phishing is still a key tool for cyber criminals as they seek to insert malware onto machines and to get hold of personal details.
Although most people are aware of the threat there are still some subject lines that are much more likely to deliver results for the phishermen than others, according to security awareness training specialist KnowBe4, which has released its Top 10 Global Phishing Email Subject Lines report for the third quarter of 2017.