Articles about Security

There has been a long-standing movement trying to make the web a safer place. For some time, Google's Chrome browser has alerted people when they are visiting secure sites, but with the launch of Chrome 68, it instead warns when an insecure site is encountered.

As we warned just a couple of days ago, the latest update to Chrome means you're likely to see warnings about a lot of insecure sites -- and there are some big-name sites being shamed. Included on the non-HTTPS list are some of Google's own sites, the BBC, the Daily Mail and Fox News. And there are plenty of other recognizable offenders too, as Why No HTTPS? reveals.

Continue reading →

We all like to think that we're smart enough not to fall for phishing emails, yet a surprising number of people do get caught out by them.

A new report from security awareness training company KnowBe4 looks at the most successful phishing emails in the second quarter of 2018. The results show that hackers are playing into users' commitment to security, by using clever subject lines that deal with passwords or security alerts.

Continue reading →

Cybercriminals are delving into the past to launch attacks based on some very old vulnerabilities according to the latest report from Kaspersky Lab, and they're using Linux to do it.

In the second quarter of 2018, experts have reported DDoS attacks involving a vulnerability in the Universal Plug-and-Play protocol known since 2001. Also, the Kaspersky DDoS Protection team observed an attack organized using a vulnerability in the CHARGEN protocol that was described as far back as 1983.

Continue reading →

IBM's i operating system -- originally known as OS/400 -- is still popular in many larger and mid-sized organizations, and it is of course subject to the same security and compliance challenges as other systems.

Big data specialist Syncsort is launching additions to its Syncsort Assure family of products to help i users achieve compliance with GDPR and other legislation, and strengthen security with multi-factor authentication.

Continue reading →

Of over 200 respondents to a new survey, more than half report the most vulnerable aspects of their IIoT infrastructure as data, firmware, embedded systems, or general endpoints.

But at the same time the survey by information security training organization SANS Institute reveals an ongoing debate over what actually constitutes an endpoint.

Continue reading →

Tomorrow -- Tuesday, 24 July -- sees the release of Chrome 68. Many people will regard this as just another browser update, but the release sees an important change to the way Chrome handles unencrypted websites.

The new way in which non-HTTPS sites are handled means that Chrome is going to start throwing up warning messages whenever an insecure site is encountered -- a reversal of the way things have been up until now.

Continue reading →

According to a new study, 80 percent of IT decision makers and IT security professionals believe software supply chain attacks have the potential to become one of the biggest cyber threats over the next three years.

The survey by Vanson Bourne for endpoint security company CrowdStrike  finds two-thirds of the surveyed organizations experienced a software supply chain attack in the past 12 months.

Continue reading →

Cyberattacks come in many forms and from many sources, but a new report from endpoint security company Carbon Black reveals an increasing number originate from nation states with espionage as their goal.

The findings show that 81 percent of incident response (IR) professionals say the majority of attacks come from Russia, while 76 percent say the majority come from China. These foreign actors are seeking more than just financial gain or theft -- 35 percent of IR professionals say the attackers' end goal is espionage.

Continue reading →

In 1941, the US Military was trying to save on security costs by mooring its battleships close together while they were in port. Aircraft were also parked neatly in rows. Many of the most valuable assets of the Pacific Fleet were all centralized in one convenient spot that was well organized, easy to find, and therefore easy to attack.

On 7 December 1941, a date that will live on in infamy, that is exactly what happened.

Continue reading →

According to a new report, 52 percent of US retailers have suffered a data breach in the past year and 75 percent have had one at some time in the past.

The latest Thales Data Threat Report, Retail Edition, also shows that US retail data breaches more than doubled from 19 percent in the 2017 survey to 50 percent, making retail the second most breached industry vertical this year.

Continue reading →

When usernames and passwords are exposed through a data breach or attack on users, criminals harvest these credentials and test them on a wide range of websites and mobile applications, a practice known as 'credential stuffing'.

A new report by security and anti-fraud specialist Shape Security looks at the lifecycle of stolen credentials and at the damage their use can cause.

Continue reading →

Phisherfolk love to try to trick people into thinking they are a major brand in order to get them to reveal passwords or personal data.

New research from Vade Secure reveals that in the second quarter of this year Microsoft has supplanted Facebook as the most spoofed brand. The social network drops two places to third, behind perennial phishing favorite PayPal.

Continue reading →

Security-as-a-service provider Alert Logic is using the AWS Cloud Summit to launch an industry first network intrusion detection system (IDS) for containers.

It’s available in Alert Logic Cloud Defender and Threat Manager solutions and is able to inspect network traffic for malicious activity targeting containers, providing organizations with faster detection of compromises and reduced risk of attacks to cloud workloads on Amazon Web Services.

Continue reading →

As businesses move more of their systems into the cloud the protection they require to keep them safe needs to be more flexible.

Cybersecurity specialist McAfee is responding to this challenge with the launch of McAfee MVISION, a portfolio of products which strengthens the device as a control point in security architectures, delivers simplified management, stronger Windows security, behavior analytics, and threat defense for Android and iOS devices.

Continue reading →

It is no secret that the technology sector has a labor problem. As demand for new products and services continues to rise, we are simply not producing enough qualified developers to keep up. Just ask any company where their greatest pain point is and they will have hiring somewhere towards the top of that list.

This shortage is felt especially acutely when it comes to security professionals that understand both how code is written, and how to keep it secure. A 2018 report from the Enterprise Strategy Group (ESG) found that 51 percent of respondents reported shortages of cybersecurity skills as an area of concern. These concerns have been on the rise in recent years, spiking from a reported 23 percent in 2014 citing cybersecurity skills as a problem, up to the latest 51 percent statistic from this year.

Continue reading →