Articles about Security

Just when you thought you could forget about the Spectre and Meltdown chip vulnerabilities, yet another variant has been discovered. Known as Speculative Store Bypass, the vulnerability affects chips from AMD and Intel, as well as Power 8, Power 9 and System z processors.

The vulnerability has been assigned CVE-2018-3639, and successful exploitation would mean that an attacker could gain access to data. The attack can be carried out through a "language-based runtime environment" such as JavaScript. Some patches exist while others are in development, and they include the same performance hit associated with patches for the previous vulnerabilities.

Continue reading →

A new study from vulnerability assessment specialist Positive Technologies shows that banks have built up strong defenses against external attacks but still struggle with internal threats.

Whether they use social engineering, vulnerabilities in web applications, or the help of insiders, as soon as attackers access the internal network of a bank, they often find that it's secured no better than companies in other industries.

Continue reading →

LocationSmart, a company based in Southern California, is under investigation by the FCC after it was discovered that its website made it possible for just about anyone to access location data for the majority of US cell phones.

Security expert Brian Krebs reported that a bug on the LocationSmart website made it possible for anyone to check on the location of any AT&T, Sprint, T-Mobile or Verizon phone in the US. Even more worryingly, the data is said to be accurate to a few hundred yards.

Continue reading →

Later this year, Chrome will adopt a new approach to indicating site security. Starting in September, the browser will no longer use a security indicator to highlight the fact that you're visiting an HTTPS page.

Instead, Google will simply issue a warning when a website is not secure. As the company puts it, "users should expect that the web is safe by default, and they’ll be warned when there’s an issue". The change is coming in Chrome 69.

Continue reading →

It's no longer enough to just protect the perimeter in order to keep systems secure. It's now necessary to catch file-less attacks, privilege escalation and a whole range of other tactics.

The problem for smaller businesses is they often don't have the expertise in house to handle the range of threats.

Continue reading →

In most people's minds blockchain technology is associated with cryptocurrency, but it has potential to be useful in a whole range of other areas.

Consumer research company The Opinion Economy has produced an infographic to highlight the potential of blockchain in a whole range of areas.

Continue reading →

The first quarter of 2018 has shown a 1.8 percent increase in the number of disclosed vulnerabilities over the same period in 2017, with 5,375 unique vulnerabilities reported.

This is one of the findings of Risk Based Security's latest Vulnerability QuickView Report, which suggests that unless the rate of increase slows down 2018 will be another record year.

Continue reading →

A new study from user behavior intelligence specialist Dtex Systems has uncovered active insider threats in all of the organizations it assessed.

Failure to gain visibility is allowing malicious and negligent employees to engage in undetected high-risk activities on every endpoint, on and off the network.

Continue reading →

Kaspersky Lab has announced that it plans to move data out of Russia and into a new data center in Switzerland. The move is part of the company's Global Transparency Initiative which came in response to concerns about ties to the Russian government.

Software produced by Kaspersky has already been banned from US government systems, and the company has been on a mission to prove that Russia is not spying on other countries via its antivirus tools.

Continue reading →

Cybercriminals are increasingly targeting unpatched server vulnerabilities to infect machines with cryptomining malware, according to a new report.

The study from Check Point Software Technologies sees cryptomining malware dominate Check Point’s Top Ten Most Wanted Malware Index, the Coinhive variant retains the top spot with a global reach of 16 percent. Cryptoloot -- another crypto-mining malware -- is close behind with a global reach of 14 percent, while the Roughted malvertising malware came in third (11 percent).

Continue reading →

The Electron framework -- the basis of popular apps including Skype, Slack, Signal and WordPress -- has been found to contain a security flaw that leaves it vulnerable to attack.

The GitHub-created tool has a vulnerability that allows hackers to execute arbitrary code on remote systems. CVE-2018-1000136 affects Electron 1.7.13 and older as well as Electron 1.8.4 and 2.0.0-beta.3, and the problem exists because of the interaction between Electron and Node.js.

Continue reading →

A new study finds that enterprise networks have thousands of shadow personal devices including laptops, tablets and mobile phones, as well as Internet of Things devices -- such as digital assistants and smart kitchen appliances -- connecting to them.

The report from network control company Infoblox shows 35 percent of companies in the US, UK and Germany reported more than 5,000 personal devices connecting to the network each day.

Continue reading →

The fragmentation problem that affects Android not only means that there are a tiny number of users running the latest version of Google's mobile operating system, but also that many handsets are not patched with the latest security update. This could be about to change.

At its I/O developer conference this week, Google announced that its security policies will be changing. While its not clear when this could happen, the company will require some smartphone manufacturers to roll out regular security updates to users.

Continue reading →

A new report from mobile measurement company Adjust reveals that in the first quarter of this year mobile ad fraud nearly doubled over the same period in 2017.

Adjust measured 3.43 billion app installs and over 350 billion events, processing and analyzing 125 terabytes of data per day from 20,000+ apps over the first three months of 2018.

Continue reading →

President Trump's re-imposition of sanctions against Iran could lead the country to respond by launching cyber attacks on Western businesses within months, according to a new report.

Threat intelligence company Recorded Future has today released new research and analysis into the Iranian cyber threat.

Continue reading →