Thousands of government websites around the world have been hijacked to mine the cryptocurrency Monero. A commonly-used accessibility script was hacked to inject the Coinhive miner into official sites in the US, UK and Australia. One security researcher described it as the biggest attack of its type that he'd seen.
In the UK, websites for the NHS and Information Commissioner's Office were affected; in the US, the United States Courts' site was hit; in Australia, government sites including that of the Victorian parliament were hit by the cryptojacking code. What all of the sites had in common was the fact that they included the text-to-speech accessibility script Browsealoud from Texthelp.
Businesses go to great lengths to protect their corporate networks, but when staff take work home it can be hard to ensure data is kept secure when using personal devices and accessing data from the cloud.
In an innovative move, endpoint protection company Cylance is offering employees of companies that use its software the chance to use Cylance's enterprise-grade AI-powered endpoint prevention to protect their family's home PCs and Macs against malicious attackers.
As enterprises move more of their system to the cloud, they open up more of their workloads to potential attack.
In order to offer protection against cyberattacks on cloud infrastructure workloads, services and software-as-a-service applications on public and private cloud platforms, Check Point is launching a new family of cloud security products.
It may have been a while since there was major news about the Spectre and Meltdown bugs, but the problems have not gone away. After previously releasing unstable patches, Intel has now launched a microcode update for Skylake systems.
Despite the problems with both stability and performance with Spectre and Meltdown patches, Intel uses an announcement about the latest updates to stress the importance of installing patches in a timely fashion. There's more than a hint of irony in the fact that Intel had to tell users to stop using an earlier update because of the problems it was causing.
There are many reasons for turning to VPN software, but anonymity and hiding one's location are pretty high up the list. A newly-discovered flaw in the popular free VPN Hotspot Shield, however, means that it is possible to determine key pieces of information about users.
The VPN -- produced by AnchorFree -- is used by 500 million people around the world, and security researchers have discovered a vulnerability (CVE-2018-6460) that means it is technically possible to home in on the location of an individual using the service.
Public cloud services like Microsoft OneDrive and Google Drive fail to protect against zero-day malware
Hackers and cyber criminals are becoming wise to the fact that they can use cloud applications to spread malware.
In response, top cloud providers now offer malware protection in an attempt to stop files containing malware being uploaded. But a new report reveals that placing your trust in this protection may be ill-advised.
As businesses are keen to embrace flexible working and digital transformation, there’s increased focus on collaboration and sharing of information.
But with existing regulations like HIPAA and upcoming ones like GDPR it's important to keep collaboration secure. German company Nextcloud is launching a solution in the form of a self-hosted, open source platform offering end-to-end encryption, video and text chat, and enhanced collaboration.
Most organizations employ some kind of detection-based security to protect their systems. But a new report by cyber security company Bromium reveals that this approach has major hidden costs.
Upfront licensing and deployment costs security-detection tools like anti-virus are dwarfed by the cost of human skills and effort needed to manage and assess the millions of alerts and false-positive threat intelligence generated.
A trio of NSA exploits leaked by hacking group TheShadowBrokers has been ported to work on all versions of Windows since Windows 2000.
The EternalChampion, EternalRomance and EternalSynergy exploits were made public by the group last year, and now a security researcher has tweaked the source code so they will run on nearly two decades' worth of Microsoft operating systems -- both 32- and 64-bit variants.
With GDPR coming into force in May this year, companies are preparing themselves to comply with the new legislation, in particular putting in place procedures to deal with data breaches.
But some, like Uber -- who have suffered a breach in the past and covered it up -- may well be wondering whether it’s better to disclose these events now rather than risk them leaking out once GDPR is in force.
With the EU's GDPR legislation coming into force in a few months, and new and potentially tougher legislation on data breaches planned in the US, a new study reveals that many enterprises are under prepared.
The report from integrity assurance company Tripwire shows that less than a fifth (18 percent) say that they are fully prepared with a process in place to notify consumers in the event of a data breach. The majority (73 percent) say they are 'somewhat prepared' and would have to figure things out 'on the fly.'
A new report from risk management and threat intelligence company Digital Shadows shows that cyber criminals are looking to exploit the boom in interest and adoption of cryptocurrencies.
The study highlights the most common methods used by these criminal actors, which include crypto jacking, account takeovers, mining fraud and scams against initial coin offerings (ICOs).
Security is the main priority when selecting cloud solutions according to a new report which shows businesses are increasingly adapting their security to suit the cloud.
The study for cloud security automation company Lacework carried out by analysts Hurwitz & Associates shows that 'safe and secure' tops the list of desirable cloud characteristics, cited by 53 percent of respondents.
Microsoft is taking a firmer line with misleading system utilities and tools that try to scare users into paying for software. An update to Windows Defender means that software found to be "coercive" could be ripe for automatic removal.
New policies come into play in March as Microsoft tries to banish software that makes misleading claims or adversely affects system performance. Tools that exaggerate problems or resort to scare tactics are among those in the firing line.
APIs power many of our digital experiences, but because they provide a window into applications they also present a security risk.
A new study from cyber security company Imperva reveals that 69 percent of companies have public-facing APIs which offer a route to the sensitive data behind applications.