Articles about Security

Phishing attacks against the Apple brand reach 1.6 million in six months


There have been 1.6 million phishing attacks targeting the Apple brand name in the first half of 2019. This is up nine percent on the total number of attacks seen last year, revealing a growing trend.

These figures come from Kaspersky's Threats to Mac Users Report 2019, released this week, which shows the number of cases where users faced fraudulent web pages utilising the Apple brand as a decoy has increased significantly in the first six months of the year.

Continue reading

D-Link and Comba routers have multiple vulnerabilities, including storing passwords in plain text

Hacker typing username and password

A security researcher has revealed details of a series of vulnerabilities in routers made by D-Link and Comba which make it easy to see usernames and passwords.

Simon Kenin from Trustwave SpiderLabs -- an "elite team of ethical hackers, forensic investigators and researchers" -- found a total of five security flaws which involve the insecure storage of credentials. In some instances, passwords are stored in plain text and can be seen by anyone with network or internet access to the routers in question.

Continue reading

98 percent of top US websites not prepared against attacks

web address bar

Most websites within the Alexa 1000 ranking in the US are not prepared to face advanced client-side attacks like Magecart according to analysis carried out by Tala Security.

Findings from the Tala 2019 State of the Web Report show the average website relies on 31 third-parties. Nearly two-thirds (63 percent) of the externally loaded JavaScript code executed in the browser is either written by and/or managed by third-parties.

Continue reading

China-based espionage group attacks high level targets

China flag keyboard

The China-based Thrip group was first exposed in 2018 and has carried out attacks across South East Asia, mainly targeting military organizations and satellite communications operators.

New research from Symantec shows that since June 2018 Thrip has attacked 12 targets located in Hong Kong, Macau, Indonesia, Malaysia, the Philippines, and Vietnam. Analysis of the attacks shows close links to another long-established espionage group called Billbug making it likely the two are the same.

Continue reading

Training program helps find future cybersecurity talent [Q&A]

Cyber discovery

The shortage of cybersecurity talent is well known and among attempts to address it in the UK is the Cyber Discovery program, backed by the Department for Digital, Culture, Media and Sport (DCMS) and delivered by the SANS institute.

Over 46,000 teenagers have taken part in the last two years, so as the program returns for its third year we spoke to James Lyne, CTO of the SANS institute to find out more about its aims and achievements to date.

Continue reading

Apple criticized for insensitively downplaying Google's iOS vulnerability revelations

Black iPhone

Apple has tried to downplay concerns raised by Google about security vulnerabilities in iOS that could be exploited by malicious websites. Google's Project Zero recently revealed details of flaws in iOS that were being used to target and monitor iPhone users.

Other security researchers went on to warn that the vulnerabilities were being used to target Uyghur Muslims, possibly in a campaign run by the Chinese government. Having remained silent for more than a week after the revelations, Apple finally issued a statement responding to the findings, prompting criticism that the company was trying to downplay the issues.

Continue reading

IT security professionals don't trust politicians to produce effective regulations


Trust in politicians is at something of a low at the moment and at the same time we regularly see them calling for cyber measures, like backdoors to encryption, without seemingly understanding the implications.

The results of a new survey therefore shouldn't come as too much of a surprise.

Continue reading

SMBs focused on improving IT security

Business security

Improving security remains the top priority for mid-sized businesses, but they need to be more proactive in their approach to managing IT according to a new report.

The 2019 State of IT Operations for Small and Midsize Businesses report from infrastructure management specialist Kaseya shows 32 percent of respondents experienced a security breach in the past five years, down slightly from 35 percent in 2018 with at least 10 percent of respondents reporting that they were hit by a breach in the past year.

Continue reading

Massive Facebook leak exposes 419 million users' phone numbers

Facebook logo and padlock

In its latest privacy lapse, Facebook has exposed the phone numbers of hundreds of millions of users on an unsecured server.

Databases on the server were not password-protected, and included details of 133 million US users, 50 million in Vietnam, and 18 million in the UK. In all 419 million records could be accessed by anyone looking in the right place.

Continue reading

Integration with MITRE ATT&CK framework delivers improved security skills training

training key

Traditional cyber security training is often based on out-of-date attack methodologies which means the skills learned quickly becoming outdated. While cybercriminals are continuously innovating, training for security professionals is lagging behind.

Skills development platform Immersive Labs has announced an integration that allows organizations to base cyber skills training on MITRE ATT&CK, meaning organizations can map and manage specific people’s skills, to actual risks.

Continue reading

Security professionals now think cloud is safer than on-premise

Data cloud lock

New research from internet infrastructure company Nominet finds that 61 percent of security professionals believe the risk of a security breach is the same or lower in cloud environments compared to on-premise.

The study of nearly 300 UK and US C-level security professionals, marks a major shift in the perception of security of the cloud. However, it doesn't mean the cloud is viewed as entirely safe.

Continue reading

Phishing attacks target UK SMBs


According to a new study 43 percent of UK SMBs have suffered phishing attacks involving attempts to impersonate staff in the last year.

More concerning is that of those attacks 66 percent were successful in compromising data. The study from security and data anlaytics company CybSafe also finds only 47 percent of those surveyed say they have already got a cyber security training and awareness program in place.

Continue reading

Hackers use Jack Dorsey's Twitter account to send racist tweets

Twitter on iPhone

Jack Dorsey's Twitter account was hacked yesterday, and the hackers -- going by the name of the Chuckle Gang -- proceeded to send racist tweets and made reference to a bomb at Twitter headquarters.

The account of the Twitter CEO was back under control relatively quickly, and the tweets sent out by the hackers were deleted. Twitter has said that its security systems were not compromised in the attack, instead blaming the account hijacking on a "security oversight" by a mobile provider which enabled hackers to take control of a mobile number associated with Dorsey's account.

Continue reading

Foxit Software reveals data breach that exposed users' email addresses, passwords and more

Data breach

Foxit Software has revealed that it "recently" suffered a security breach in which private user data was exposed to unnamed third parties. Those whose account have been affected are being contacted and "encouraged to change their passwords".

The company -- famed for PDF applications such as Foxit Reader and PhantomPDF -- does not say when the incident took place, nor how many users are affected, but it explains that "My Account" section of user accounts was exposed. This includes data such as email addresses, passwords, users' names, phone numbers, company names and IP addresses, but not payment information.

Continue reading

Google's bug bounty program now covers any big Android app

Bug bounty

Bug bounty programs have become a popular way for developers to track down security issues in software, but big pay-outs are not something that every company can afford.

In a bid to keep its Android platform secure, Google has announced that its own bug bounty program is being expanded to include all big Android apps, regardless of who develops them. The company will reward security researchers who find bugs in any app in the Google Play Store with 100 million or more installs.

Continue reading

© 1998-2019 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.