Articles about Security

While 84 percent of security professionals believe cryptocurrencies are here to stay, most don't see them as a major threat to the enterprise, despite the rise in cryptomining attacks.

A study from network protection specialist Lastline shows 45.2 percent think cryptocurrency is a mainstream alternative to conventional currencies, while 38.9 percent think it's a fringe option. 14.5 percent say they would rather collect their salary in cryptocurrency than in a traditional currency.

Continue reading →

Enterprise identity provider Okta is launching a new set of contextual access management capabilities that will allow businesses to eliminate passwords.

New Adaptive Single Sign-On (SSO) and enhanced Adaptive Multi-Factor Authentication (MFA) products allow decisions based on signals such as device, IP and geolocation context for smarter, more secure identity and access management.

Continue reading →

Following on from a trial in Australia, Facebook is rolling out anti-revenge porn measures to the UK. In order that it can protect British users from failing victim to revenge porn, the social network is asking them to send in naked photos of themselves.

The basic premise of the idea is: send us nudes, and we'll stop others from seeing them.

Continue reading →

Enterprise users are increasingly authenticating into applications from non-office networks, with a 10 percent increase in the average number of unique networks according to the latest Trusted Access Report from Duo Security.

Duo also found that 43 percent of requests to access protected applications and data came from outside of the corporate office and network. People are logging into applications, networks and systems wherever, and whenever as work hours start to flex to fit different lifestyles, time zones and travel.

Continue reading →

Despite a range of alternative authentication technologies, many systems still rely on passwords for their security. But a new study from Dashlane shows we’re still pretty bad at password selection.

The analysts used research from Dr Gang Wang, an assistant professor in the Department of Computer Science at Virginia Tech, which analyzed over 61 million passwords.

Continue reading →

Robbing a bank used to involve a mask, a gun and a fast car, but these days it's more likely to be done via the safer and no less lucrative means of a cyberattack.

A new report from cloud security specialist Carbon Black, based on responses from CISOs at 40 major financial institutions -- including six of the top 10 global banks -- seeks to better understand the attack landscape.

Continue reading →

Not so long ago the idea of email fraud mainly involved Nigerian princes asking for your help to liberate a few million dollars.

Things have moved on and the scammers have become more sophisticated, but email fraud is no less of a threat according to a new study by email security specialist Agari, which studied activity on 78 criminal email accounts over a period of 10 months.

Continue reading →

Security researchers have discovered a bug in the Comcast website that makes it possible to gather information about Xfinity users. As well as customer data such as home addresses, it is also possible to access wireless network details including passwords.

The bug was reported by Karan Saini and Ryan Stevenson after they found it was possible to use the Xfinity activation website to access customer data using nothing more than a customer account ID and that customer's house or apartment number.

Continue reading →

As news of yet another chip vulnerability creeps out, computer users, businesses and organizations around the world are trying to assess how the latest bug affects them. To help its users and others to understand what the Speculative Store Bypass/Variant 4 vulnerability means, Red Hat has issued advisories and an explanatory video.

The company also reveals exactly which of its Linux builds are affected by the security flaw and what steps can be taken as mitigation. In addition to this, Red Hat has put together a number of resources that help to "provide more context around this vulnerability from an open source technology perspective".

Continue reading →

Just when you thought you could forget about the Spectre and Meltdown chip vulnerabilities, yet another variant has been discovered. Known as Speculative Store Bypass, the vulnerability affects chips from AMD and Intel, as well as Power 8, Power 9 and System z processors.

The vulnerability has been assigned CVE-2018-3639, and successful exploitation would mean that an attacker could gain access to data. The attack can be carried out through a "language-based runtime environment" such as JavaScript. Some patches exist while others are in development, and they include the same performance hit associated with patches for the previous vulnerabilities.

Continue reading →

A new study from vulnerability assessment specialist Positive Technologies shows that banks have built up strong defenses against external attacks but still struggle with internal threats.

Whether they use social engineering, vulnerabilities in web applications, or the help of insiders, as soon as attackers access the internal network of a bank, they often find that it's secured no better than companies in other industries.

Continue reading →

LocationSmart, a company based in Southern California, is under investigation by the FCC after it was discovered that its website made it possible for just about anyone to access location data for the majority of US cell phones.

Security expert Brian Krebs reported that a bug on the LocationSmart website made it possible for anyone to check on the location of any AT&T, Sprint, T-Mobile or Verizon phone in the US. Even more worryingly, the data is said to be accurate to a few hundred yards.

Continue reading →

Later this year, Chrome will adopt a new approach to indicating site security. Starting in September, the browser will no longer use a security indicator to highlight the fact that you're visiting an HTTPS page.

Instead, Google will simply issue a warning when a website is not secure. As the company puts it, "users should expect that the web is safe by default, and they’ll be warned when there’s an issue". The change is coming in Chrome 69.

Continue reading →

It's no longer enough to just protect the perimeter in order to keep systems secure. It's now necessary to catch file-less attacks, privilege escalation and a whole range of other tactics.

The problem for smaller businesses is they often don't have the expertise in house to handle the range of threats.

Continue reading →

In most people's minds blockchain technology is associated with cryptocurrency, but it has potential to be useful in a whole range of other areas.

Consumer research company The Opinion Economy has produced an infographic to highlight the potential of blockchain in a whole range of areas.

Continue reading →