Articles about Security

Improving endpoint protection is top goal for IT security professionals

endpoint protection

Three quarters of IT security professionals responding to a new survey have named improving endpoint security as one of their top two goals, with 48 percent saying it's most important.

The study by Ericom Software, a specialist in securing and connecting the digital workspace, finds 'Becoming compliant with mandatory regulations' is second, with 29 percent of respondents naming it as their top goal.

Continue reading

Personal devices are a major threat to mobile IT environments

personal devices

A new survey finds that 58 percent of respondents believe access to their network from non-corporate and personally owned devices such as laptops, desktops or mobile phones is the highest risk in managing remote users.

The study from trusted access specialist Duo Security shows that while the trend to remote working has created unmatched flexibility and helped organizations attract top talent globally, it has also introduced a major predicament for IT and security teams.

Continue reading

Trend Micro backtracks on browser history collection after its apps are removed from mac App Store

Trend Micro logo with gradient background

It recently came to light that a number of apps in the mac App Store were collecting data about users' browsing histories and uploading them to a remote server. Included in this list were several apps from security firm Trend Micro.

Apple responded by kicking the offending apps out of the App Store, and Trend Micro started an investigation into the privacy concerns raised about Dr Cleaner, Dr Cleaner Pro, Dr Antivirus, Dr Unarchiver, Dr Battery and Duplicate Finder. Confirming that these apps did in fact collect and upload browser data, the company at first defended the activity, but then went on to cease data collection.

Continue reading

Security: Tor 0-day revealed on Twitter by vulnerability vendor

It's just two weeks since a Windows 0-day was revealed on Twitter, and now the same thing has happened for the Tor browser. Zerodium -- self-described as "the premium exploit acquisition program" -- exposed a backdoor vulnerability in Tor that makes it possible to bypass security protections.

The vulnerability affects Tor 7, and the vendor says that the problem has been addressed in the recently-released Tor 8. A proof-of-concept for the security has also been published.

Continue reading

Public cloud services used to boost DDoS attacks

DDoS attacks

Hackers are increasingly abusing public cloud services in order to launch DDoS attacks, according to new research.

The study from anti-DDoS company Link11 shows that a quarter of all DDoS attacks in Europe in the 12 months from July 2017 to June 2018 used public cloud server-based botnets, compared to 18.5 percent in the previous 12 months.

Continue reading

Microsoft publishes Security Servicing Criteria for Windows, revealing how it classifies and tackles bugs

Microsoft glass building logo

Microsoft has published documentation that reveals how is classifies the severity of vulnerabilities in Windows, as well as detailing how it decides whether problems should be addressed with a security patch or in the next version of Windows.

The first batch of documentation shows for the first time how Microsoft defines "the criteria around security boundaries, features and mitigations in Windows". In releasing details of its severity classifications -- something known as the bug bar -- the company says that it is offering a "new level of transparency with the research community and our customers".

Continue reading

Football team names commonly used in passwords

Football players

Analysis by password manager company Dashlane shows that with the football season getting underway team names are frequently used as passwords.

Researchers focused on team names from the National Football League and the English Premier League, using an anonymized database provided by Gang Wang, an assistant professor in the Department of Computer Science at Virginia Tech.

Continue reading

41 percent of industrial control systems attacked in 2018

refinery industry

Industry increasingly relies on automated systems for the control of processes, but a new report from Kaspersky Lab shows that 41.2 percent of industrial control systems (ICS) computers were attacked by malicious software at least once in the first half of this year.

Based on analysis of systems protected by Kaspersky Lab solutions, the data shows that in 2017, the percentage of ICS computers attacked was 36.61 in the first half of the year and 37.75 in the second half.

Continue reading

British Airways hack exposes personal and financial details of 380,000 customers

British Airways plane

British Airways has fallen victim to what it describes as a "very sophisticated" attack in which hackers stole financial data relating to hundreds of thousands of customers.

The airline revealed that hackers gained access to its systems and managed to remain undetected for two weeks. The theft of data took place between August 21 and September 5 and the attackers managed to compromise both the ba.com web site and the airline's mobile app.

Continue reading

New AI capability helps empower DevSecOps teams

DevOps

Security teams are constantly caught between the need to keep pace with security testing and the ability to allow developer teams to operate in a rapid DevOps environment.

To address this, application security provider WhiteHat Security is adding artificial intelligence to its dynamic application security testing solution WhiteHat Sentinel Dynamic.

Continue reading

Security teams turn to automation to tackle avalanche of alerts

business security

High numbers of alerts and the resources needed to deal with them are causing problems for security teams and leading them to turn to Security Orchestration, Automation and Response (SOAR) tools in order to cope.

A new report from security automation specialist Demisto finds teams are being inundated with more than 174,000 alerts every week and security teams are only able to review and respond to around 12,000 of them.

Continue reading

Malware writers exploit recent Windows Task Scheduler 0-day vulnerability

It's a little over a week since a vulnerability in the Windows Task Scheduler was revealed. A patch for the 0-day has been released by third party security firm 0patch, but there's bad news for anyone who hasn't secure their system against the security threat -- malware writers are already taking advantage of the flaw.

The exploit was partly facilitated by the fact that the source code for a proof-of-concept exploit for the ALPC LPE vulnerability -- as well as a binary -- was published on GitHub. Now a group that has been named PowerPool has been spotted using the code in a malware campaign.

Continue reading

New forecasting solution helps companies reduce cyber risk

Risk dial

The current feeling is that the chances of a company being hacked is a matter of when rather than if, but businesses continue to struggle with how to actually measure if their security solutions are working.

Security ratings company BitSight is launching a new tool that will help customers identify the optimal course of action needed to improve their overall risk posture.

Continue reading

Over 12 million Brits have fallen victim to online fraud

payment card shopping cart

Almost one in four Brits (23 percent) have been victims of fraud when shopping online -- with eight percent duped more than once, according to a new study

The inaugural Fraud Tracker report from online payment service Shieldpay  shows that the average victim loses £608, yet receives only £55 back from their bank.

Continue reading

Chrome vulnerability leaves Wi-Fi networks open to attack

Chrome icon with a padlock

Millions of home Wi-Fi networks could be easily hacked, even when the network is protected by a strong password, thanks to a flaw in Chrome-based browsers.

Researchers at cybersecurity and penetration testing consultancy SureCloud  have uncovered a weakness in the way Google Chrome and Opera browsers, among others, handle saved passwords and how those saved passwords are used to interact with home Wi-Fi routers over unencrypted connections.

Continue reading

© 1998-2018 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.