Articles about Security

AMD has confirmed that some of its processors contain vulnerabilities after they were found by CTS Labs researchers. In all, 13 critical flaws were found, including RyzenFall, MasterKey, Fallout and Chimera. They affect a range of AMD products.

The flaws are not dissimilar to the previous Meltdown/Spectre vulnerabilities, and CTS Labs gave AMD just 24 hours' notice before going public. The chipmaker says that patches are on the way, and tries to suggest that the vulnerabilities are not a cause for major concern.

Continue reading →

The US has repeatedly voiced concerns about Kaspersky Labs, expressing distrust of the Russian company. So concerned is the Trump administration about possible ties to the Russian government, that Kaspersky software is banned from official computers.

This is clearly something that the company is not happy with, and it has already launched a lawsuit against the US government. In a bid to silence those who say that data is being fed to the Kremlin, Kaspersky is planning to open a data center in Switzerland.

Continue reading →

The foundations of the digital world are set to be shaken in the next two years according to the findings of a new report from the Information Security Forum (ISF).

The Threat Horizon 2020 report highlights nine major threats, broken down into three themes, that organizations can expect to face by 2020 as a result of  developments in technology.

Continue reading →

The average website was attacked 44 times a day during the last quarter of 2017, according to new research from security specialist SiteLock.

The company analyzed six million sites to identify trends in the behavior and tactics of attackers. Though the number of attacks represents a 25 percent decrease over the previous quarter, it still means a site could be attacked 16,000 times a year.

Continue reading →

Hackers and cyber criminals often seek to exploit human errors like misconfigurations, poor security practices and the use of shadow IT.

In order to help businesses assess the risk XM Cyber is launching an automated advanced persistent threat (APT) simulation platform, HaXM, to continuously expose all attack vectors, above and below the surface.

Continue reading →

If you're a Firefox user, it's highly possible that you use the browser to store your login usernames and passwords for the sake of ease. Supposing you're a little security conscious, you may well have enabled the 'master password' function to prevent unauthorized access to your password database.

Well, there's a little bad news. It's nowhere near as secure as you may have thought. Wladimir Palant -- the guy behind the AdBlock Plus extension -- found that the system, which is used by both Firefox and Thunderbird, can be very easily brute-forced, leaving passwords vulnerable to malware and hackers.

Continue reading →

Over the past year or so the idea of using artificial intelligence as an aid to cyber security has gained a lot of support.

But what role does AI and machine learning have, and what will the future of security look like when it's in widespread use? We spoke to Gene Stevens, co-founder and CTO of network security company ProtectWise to find out.

Continue reading →

Compatibility issues with patches for the Meltdown and Spectre vulnerabilities saw Microsoft blocking the rollout of security updates to Windows users. The company has just changed its policy for Windows 10 users, but this does not help anyone running Windows 7 or 8.x.

The problem is that updates are blocked for people who have not installed antivirus software known to be fully compatible. When such software is installed, a registry entry is created, and this allows updates to be installed. If you've decided to run the risk of operating without antivirus software installed, this registry won't be created and you won't receive security updates. Unless you hack it, that is.

Continue reading →

The proceeds of cyber crime make up an estimated eight to 10 percent of total illegal profits laundered globally each year, amounting to an estimated $80-$200 billion.

This is among the findings of a new report, commissioned by virtualization-based security company Bromium, into the economics of cyber crime and how criminals launder and 'cash out' the profits of their endeavors.

Continue reading →

The US has introduced new sanctions against Russia after accusing the country not only of interfering in the 2016 election, but also launching a cyberattack on its energy grid.

Officials say that malware traced back to Moscow had been found to have infected operating systems on computers belonging to companies in the energy sector. The Department of Homeland Security is in no doubt that the Russian government is responsible.

Continue reading →

Cloud access security specialist Netskope is launching an expansion of its Infrastructure as a Service security offering to add continuous security assessment and monitoring capabilities.

With this release customers can use Netskope for IaaS to continuously assess their infrastructure-as-aservice (IaaS) and platform-as-a-service (PaaS) configuration in AWS, with Microsoft Azure to follow soon.

Continue reading →

Microsoft has launched a bug bounty program that will reward anyone who finds the next Meltdown or Spectre vulnerability. Known as speculative execution side channel vulnerabilities, Microsoft is willing to reward anyone who reports bugs that could cause problems like earlier in the year.

The rewards on offer range from $5,000 up to $250,000 depending on the severity of the vulnerability, and the bounty program runs until the end of 2018. Microsoft says that it will operate under the principles of coordinated vulnerability disclosure.

Continue reading →

VPN tools have been in the headlines recently. Firstly, Facebook's Onavo VPN was found to be gathering user data, and then McAfee snapped up VPN firm TunnelBear. Now for users of Hotspot Shield, PureVPN and ZenMate, there's a warning: sensitive data such as your real IP address may be leaked.

A VPN company with a strong interest in privacy, vpnMentor, commissioned research into the three well-known tools, and problems were found in all of them. The developers were notified, but only HotSpot Shield has addressed the problems that were found.

Continue reading →

In the fallout from the revelations about the Spectre and Meltdown vulnerabilities -- and the ensuing chaos relating to patches for the security problems -- Microsoft blocked security updates for Windows 10 users with antivirus software whose compatibility with patches was not known.

Two months after making this decision, Microsoft has changed course and said that updates can roll out to everyone once again. The company says this is a result of working with antivirus partners and patches should no longer lead to problems in most cases.

Continue reading →

Researchers at cyber security platform ERPScan have disclosed details of two vulnerabilities that allow compromise of the widely used SAP CRM system.

CRM is considered as a most critical asset by businesses. A data breach into CRM can be disastrous as it can destroy trust in the business and severely tarnish the brand as well as raising compliance issues.

Continue reading →