Articles about Security

Credential stuffing tools help hackers break into accounts

hacker username password login

With thousands of stolen account details available for sale on the web, cyber criminals are turning to new methods using them efficiently to try to break into accounts.

According to a new report by risk analysis specialist Digital Shadows, 'credential stuffing' tools are the latest technique being used to automate attempts at account takeover.

Continue reading

1Password's new Travel Mode hides your private information from airport security

1password-travel-mode

There have been numerous cases recently of travelers being forced to unlock their phones by security staff at airports. If you have all of your passwords for apps and online accounts stored in a password manager, this could mean that vast amounts of personal data become accessible -- but 1Password has a solution.

A new feature called Travel Mode enables users of the app to mark certain passwords and other data as "safe for travel." When the mode is activated, everything else which has not been flagged in this way is temporarily deleted from the device so it cannot be accessed.

Continue reading

CISO salaries topping €1 million in Europe

Money devices Internet connected IoT

Now might be a good time to consider that job as a chief information security officer you always wanted, because salaries are skyrocketing.

Thanks to an ever-increasing number in breaches, and the damage these breaches are causing, businesses in Europe have begun offering much better salaries to their CISOs.

Continue reading

Many businesses don't know who has access to their critical data

steal-data-binary-hand

According to a survey conducted by Lepide, a leading security auditing solutions provider, 60 percent of companies are still not able to determine who has access to their critical data. The survey was conducted during a variety of trade shows including Infosec Europe, RSA Singapore, and DataConnectors Pittsburgh, and involved 250 face-face interviews.

A common misconception amongst organizations is that all cyber threats originate from outside their organization, yet according to a report published by mcafee.com, 43 percent of data breaches were the result of malicious or incompetent insiders. This problem is emphasized by the continuous surge in healthcare related breaches. For example, according to a report published by Protenus, of the 31 health data breaches disclosed in January 2016 "59.2 percent of breached patient records were the result of insiders."

Continue reading

Symantec pins WannaCry on North Korean Lazarus group

Symantec logo sign

There have already been suggestions that the now infamous WannaCry ransomware was the work of the North Korean hacking group Lazarus. Security firm Symantec now says it is "highly likely" that Lazarus is to blame, having unearthed further evidence of the re-use of code from other attacks by the group.

But while the links to Lazarus are strong, North Korea denies that it was involved in any sort of state-sponsored attack, dismissing such claims as "a dirty and despicable smear campaign." It is thought that the group -- also responsible for attacking Sony Pictures and stealing $81 million from the Bangladesh Central Bank -- operated independently for personal gain.

Continue reading

New software adds secure authentication to any enterprise application

enterprise security login authentication verification user password

Increased numbers of phishing and other cyber attacks are putting companies under greater pressure to secure their applications.

Conventionally this requires re-coding or other work to achieve, but new software from behavioral firewall specialist Preempt lets organizations add secure authentication to any enterprise application.

Continue reading

Phishers cash in on WannaCry attack

Phishing

The UK's ActionFraud cyber crime reporting center is warning customers of BT’s internet services of a phishing scam claiming to protect against WannaCry-style attacks.

The emails claim that BT has launched preventative measures to protect data on an international scale and try to get recipients to click on a link to a 'security upgrade'.

Continue reading

Privacy warning: Netgear routers copy Windows 10 and start 'collecting analytics data'

netgear-r7000-router

A firmware update to the Netgear R7000 router adds a new feature that will concern privacy advocates. The update allows Netgear to start "collecting analytics data" and the release notes warn that: "NOTE: It is strongly recommended that after the firmware is updated to this version, you log back in to the router's web GUI and configure the settings for this feature."

Netgear says that the data collection is to help it "isolate and debug technical issues" and does not -- according to the company -- include details such as the websites that are visited, but it will still be a cause of concern for many people. It's hard not to draw parallels with Windows 10 which has managed to upset many users with its telemetry settings.

Continue reading

Two ways to check your PC is patched against EternalBlue

Check-EternalBlue.200.175

Exploits linked to leaked NSA hacking tools have been causing havoc recently, with the WannaCry ransomware infecting more than 300,000 systems.

WannaCry made use of the previously unknown SMB exploit EternalBlue, but the leak included details of several others. Microsoft has released patches, but are they in place on all your PCs?

Continue reading

Adylkuzz malware mines Monero to generate revenue

Hacker money laptop

A new form of malware is targeting innocent victims in order to mine cryptocurrency for its creators.

Adylkuzz, which targets the Monero cryptocurrency, stays hidden within an infected machine, and does not give visual warnings or interfere with users’ files.

Continue reading

Cyber crime is a $6 trillion a year industry

cyber attack

Last week's WannaCrypt attack infected over 200,000 devices and is estimated to have made its perpetrators $72,000.

Increasingly scammers and criminals are seeing the internet as a means of making financial returns. Cyber crime has become a serious business and no business or information is safe from attack.

Continue reading

Google renames Android Device Manager to Find My Device

Google Find My Device

Google has showcased a number of major changes coming to Android at its I/O event yesterday, like Google Play Protect. It is designed to keep your smartphone safe using app usage analysis and machine learning, and includes a feature that many Android users are already familiar with.

Part of Google Play Protect is Find My Device, which has been previously known as Android Device Manager. Google decided to change the name, and add new functionality in the process, likely because it is more appropriate, considering what it is mainly used for -- which is to locate Android devices and remotely wipe or ring them.

Continue reading

European political parties left open to email-based cyber attacks

Email attack

None of the political parties in the UK, Germany and Norway, all of whom have upcoming elections, have email authentication or protection against spear phishing in place, according to new research.

The study by secure email company Agari shows that while eight percent have published an email authentication policy, they've left the door wide open by setting their policy to 'none', which will not stop malicious emails from reaching intended victims.

Continue reading

Are your devices listening to you?

microphone listening

Increasingly we're surrounded by devices that have microphones. Not just our computers and smartphones, but smart home devices like Alexa and Echo and even our TVs.

The problem is these mics are not just accepting commands, they're listening to what's going on in the background too.

Continue reading

Google Play Protect is the latest line of defense against dangerous Android apps

google-play-protect

There's no getting away from the fact that Android has something of an issue with dangerous and malicious apps. Google's latest weapon in the fight against such apps is Google Play Protect which uses machine learning and app usage analysis to weed out the bad guys.

The new system sees Google not only checking apps as they are submitted to the Play Store, but monitoring the apps you already have installed. By analyzing app behavior, Google is able to identify suspicious software that may have slipped through the net or has been installed from outside of the Pay Store.

Continue reading

© 1998-2017 BetaNews, Inc. All Rights Reserved. Privacy Policy.