Articles about Security

Two security issues have been discovered in Grindr, the gay dating app, which could reveal the location of users even if they opted to keep this information private. There are concerns that the privacy compromise could lead to harassment of Grindr users.

Trevor Faden created a site called C*ckBlocked (that's the actual name, we're not being prudish and getting out our censorship pens) which was designed to give Grindr users the chance to see who had blocked them. By exploiting a security loophole similar to the one exposed in the recent Facebook/Cambridge Analytica scandal, Faden's site was able to access a wealth of private data including deleted photos and user locations.

Continue reading →

Security teams are faced with an increasing range of problems, from the volume of attacks, to lack of visibility into networks and shortage of skills.

Endpoint security specialist Carbon Black is launching its own Carbon Black Integration Network (CbIN), a technology partner program designed to improve cybersecurity through collective defense.

Continue reading →

In the wake of the Cambridge Analytica scandal and revelations about call and text logging, Facebook simply could not have got away with doing nothing. Mark Zuckerberg has hardly prostrated himself in front of users in his various recent interviews, but today Facebook announces a series of changes to privacy settings.

The social network is making it easier to find and use privacy settings, and providing users with information about how to delete the data Facebook stores about them.

Continue reading →

Over half (57 percent) of organizations suspect their mobile workers have been hacked, or caused a mobile security issue, in the last 12 months according to a new study.

The study by mobile connectivity specialist iPass shows that public Wi-Fi is the most common source of incidents, with 81 percent of respondents saying they had seen Wi-Fi related security incidents in the last year.

Continue reading →

If you're running Windows 7 and you've not yet installed the March updates, now is very much the time to do so. It turns out that the Meltdown patches released in January and February actually opened up a security hole in both Windows 7 and Windows Server 2008 R2.

A Swedish security researcher found that the patches changed access permissions for kernel memory, making it possible for anyone to read from and write to user processes, gain admin rights and modify data in memory.

Continue reading →

One of the basic problems businesses face in preventing attacks is effective discovery and identification of their technology assets.

This is made worse by the growth of BYOD and Internet of Things devices. Israel-based Axonius is looking to solve this problem with the launch of its Cybersecurity Asset Management Platform to enable customers to see and secure all their devices.

Continue reading →

A new report from threat intelligence specialist Recorded Future looks at the changing way in which attackers are using vulnerabilities.

In contrast to previous years, most of the criminal exploit kits and phishing campaigns seen in 2017 have favored Microsoft products, rather than the Adobe Flash vulnerabilities which previous research showed as being the most popular.

Continue reading →

Cyber security company McAfee is announcing an expanded product portfolio that evolves security operations capabilities and allows for rapid response to today’s threats.

McAfee's updated Enterprise Security Manager (McAfee ESM 11) uses a new data architecture optimized for scalability, performance, faster search, and collaboration. This is combined with the newly launched McAfee Behavioral Analytics, and enhanced McAfee Investigator, McAfee Advanced Threat Defense, and McAfee Active Response.

Continue reading →

New research reveals that 56 percent of surveyed decision makers from IT and risk, fraud or compliance functions report that their organization has suffered a ransomware attack in the last 12 months, compared to under half (48 percent) who said the same in 2016.

The study of 500 businesses in the UK, France, Germany and USA commissioned by SentinelOne and carried out by Vanson Bourne shows 69 percent say the most successful ransomware attack resulted in the attacker being able to encrypt some data, with five percent paying the ransom to decrypt the data.

Continue reading →

According to new research, 97 percent believe unsecured IoT devices could be catastrophic for their organization, yet just 29 percent actively monitor for related third-party risks.

The study conducted by the Ponemon Institute and risk assurance body Shared Assessments shows 81 percent of respondents say that a data breach caused by an unsecured IoT device is likely to occur in the next two years.

Continue reading →

Although it's relatively new, the cryptocurrency industry was the fifth most attacked by DDoS in the final quarter of 2017.

Imperva's latest Global DDoS Threat Landscape Report finds the spike in cryptocurrency prices has attracted the attention of attackers. Also the number of exchanges has increased to 190, up from 70 in Q3.

Continue reading →

Attacks such as ransomware are able to bypass legacy security solutions because organizations are neglecting to patch, update, or replace their current products according to a new report.

The study from cyber security company Webroot also shows cryptojacking gaining ground, with over 5,000 websites being compromised with JavaScript cryptocurrency miner CoinHive to mine Monero since September 2017.

Continue reading →

Cyber security is seen as one of the biggest threats to business. Yet employees are not being supported by their organizations when it comes to investing in their continued education and career development.

Crowd sourced IT and security training solution Cybrary, along with cyber security research body the Cyentia Institute, have produced a report looking at the cyber skills gap.

Continue reading →

A new report from digital threat management company RiskIQ states malicious mobile apps declined at the end of 2017.

To reach these findings the firm analyzed 120 mobile app stores and it puts the decline down largely to a decrease in the inventory of AndroidAPKDescargar, the most prolific dealer of blacklisted apps.

Continue reading →

As much as we'd like to think otherwise, no software is free of security issues. That's why it's important for tech companies to play an active role in finding and fixing as many bugs as possible before they're exploited. Implementing a bug bounty program can be very effective, as the product is exposed to various testing mindsets and approaches which can uncover some nasty surprises.

Netflix, which has over 100 million users across the globe, today introduces its first bug bounty program that's open to the public, with rewards that can reach $15,000 for the most-valuable findings that security researchers report.

Continue reading →