Articles about Security

Just 24 hours after a zero-day bug in Windows task scheduler was revealed by @SandboxEscaper on Twitter, the vulnerability has been patched. While Microsoft said it would "proactively update impacted advices as soon as possible" the patch has not come from the Windows-maker.

Instead, it was left to micro-patching specialists 0patch to produce a fix for the Task Scheduler ALPC Local Privilege Execution (VU#906424) security flaw -- one that is a mere 13 bytes in size.

Continue reading →

The protection of human identities tends to be high on the agenda for organizations, but what about machine identities?

Recent increases in the number of machines on enterprise networks, shifts in technology, IoT devices and new computing capabilities have created a set of challenges that require increased focus on protecting machine identities.

Continue reading →

A month after it was announced, Google is now selling its Titan Security Key for $50. Currently available in the US, the FIDO-compatible keys help to boost security with two-step verification (2SV).

Google boasts that the keys have "special sauce" in the form of tamper-resistant firmware that helps to further improve security. Costing roughly the same as a Yubikey, Google is hoping to offer a viable alternative to the current FIDO key leader.

Continue reading →

Everyone is aware that cybersecurity threats are out there, but what are the biggest threats and are IT and business executives worried about the same things?

New research from data security specialist Varonis highlights some major differences -- and potential challenges -- when it comes to communicating and aligning on key threats.

Continue reading →

A new study from email security company Mimecast shows that malicious links in emails are being missed by many security systems.

Mimecast examined more than 142 million emails that had passed through organizations' email security vendors. The latest results reveal 203,000 malicious links within 10,072,682 emails were deemed safe by other security systems -- a ratio of one unstopped malicious link for every 50 emails inspected.

Continue reading →

The first half of 2018 has seen a 94 percent rise in fileless malware attacks according to the latest Enterprise Risk Index Report from endpoint security company SentinelOne.

It also finds that PowerShell attacks jumped to a record of 5.2 attacks per 1000 endpoints, compared to 2.5 in May. Ransomware attacks remain popular too, ranging from 5.6 to 14.4 attacks per 1000 endpoints.

Continue reading →

A privilege escalation bug has been discovered in Windows' task scheduler and revealed on Twitter. A proof-of-concept has been published, and the vulnerability has been confirmed to be present in a "fully-patched 64-bit Windows 10 system".

The security flaw was exposed on Twitter by user SandboxEscaper -- who has since deleted his or her account. An advisory about the vulnerability has been posted on CERT/CC, and Microsoft says that it is working to fix the problem.

Continue reading →

The CEO of Epic Games has slammed Google's "irresponsible" disclosure of a security bug in its hit game Fortnite. Tim Sweeney accused Google of trying to "score cheap PR points" by revealing a vulnerability in the game's installer.

Epic chose to bypass Google Play when it released Fortnite for Android leading to concerns about security. On Friday, Google revealed details of a security flaw that could be exploited to secretly install malware onto people's phones.

Continue reading →

It seems that the concerns about Fortnite's security were well-founded -- although not necessarily for the reasons some people might have expected. Epic Games has been criticized for its decision not to make Fortnite available through Google Play, leading Google to show warnings to anyone conducting searches for the game.

Now a Google engineer just revealed that the first version of Epic's installer had a serious security vulnerability, placing Android users at risk. A post on Google's Issue Tracker shows that the installer could be abused to secretly download and install any app with any level of permissions -- a Man-in-the-Disk exploit.

Continue reading →

T-Mobile has revealed that it fell victim to a security incident earlier in the week, and details of around 2.3 million accounts were accessed.

The hack attack took place on Monday, August 20, and while T-Mobile stresses that no financial data was taken, it concedes that it detected "unauthorized capture of some information". The exposed data includes names, billing zip code, phone number, email address, account number and account type, which would be enough for hackers to launch successful phishing attacks.

Continue reading →

Recent scandals surrounding the use of personal data, such as the Cambridge Analytica scandal, plus the large fines that can be levied under GDPR, have focused minds on the protection of information.

But is your website at risk of exposing your visitors' data? Auditing and monitoring specialist DataTrue has produced an infographic looking at the risks site tags may pose to privacy.

Continue reading →

Security is a serious business (including for Fortnite-maker Epic Games), but it's not something most people take seriously enough -- as the number of weak and reused passwords out there shows. Epic, however, has just given players of its hit game an incentive to enable two-factor authentication on their account.

By enabling 2FA in Fortnite, players can unlock a hidden extra -- the Boogiedown emote. While this is undoubtedly a form of bribery, it is no bad thing. There are just a few simple steps you need to follow to access the new emote.

Continue reading →

It's common for businesses to insure against the risk of losing their systems to natural disasters or power outages, but a new product allows you to insure against fraudulent use of IT and telephony, including cloud and internet-based services.

San Francisco-based cyber insurer Coalition is launching Service Fraud coverage that reimburses organizations for the direct financial losses they incur as the result of being charged for fraudulent use of business services including Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Network-as-a-Service (NaaS), and telephony services.

Continue reading →

More than half of consumers worldwide are now using IoT devices, yet 64 percent of those have already encountered performance issues and there are widespread fears about what could go wrong, according to a new survey.

The study of 10,000 consumers by software intelligence company Dynatrace finds that people experience an average of one and a half digital performance problems every day, and 62 percent fear the number of problems they encounter, and the frequency, will increase due to the rise of IoT.

Continue reading →

According to a new report from Kaspersky Lab, 73 percent of successful perimeter breaches on corporate networks in 2017 were achieved using vulnerable web applications.

In addition to web applications, another common vector for penetrating the network perimeter was attacks on publicly available management interfaces with weak or default credentials.

Continue reading →