Articles about Security

DDoS attacks using domain name server (DNS) amplification increased more than 357 percent in the fourth quarter of 2017 compared to the previous year.

A new report by protection specialist Nexusguard attributes the rise to the use of Domain Name System Security Extensions (DNSSEC), a technology that's intended to add integrity and security to the DNS protocol.

Continue reading →

New research reveals the US cities that are best at password security, with Minneapolis topping the list.

The study by password manager Dashlane scores cities based on several metrics, including average password strength and average number of reused passwords.

Continue reading →

Researchers at threat prevention specialist Preempt have discovered a flaw in Credential Security Support Provider protocol (CredSSP), which is used by Remote Desktop and WinRM in their authentication processes.

An attacker with man-in-the-middle control over the session could use this to gain the ability to remotely run code on the compromised server masquerading as a legitimate user.

Continue reading →

Off-the-shelf smart devices that include baby monitors, home security cameras, doorbells, and thermostats can be easily hacked according researchers at Israel's Ben-Gurion University of the Negev (BGU).

As part of their ongoing research into detecting vulnerabilities in devices and networks expanding in the smart home and Internet of Things (IoT), the BGU researchers disassembled and reverse engineered many common devices and quickly uncovered serious security issues.

Continue reading →

Christine Lagarde, the head of the International Monetary Fund (IMF), has said that the blockchain technology behind cryptocurrencies could also be used to regulate them. She suggests that the IMF "fight fire with fire" in trying to address the "dark side of the crypto world."

While acknowledging the potential for the technology behind crypto-assets as being massively empowering -- particularly as a way to provide low-cost payment methods in poorer countries -- she says that cryptocurrencies also need regulation to avoid problems such as money laundering and funding terrorism.

Continue reading →

A new study into privileged access management from account protection specialist Thycotic shows that while over 60 percent of organizations must satisfy regulatory compliance requirements surrounding privilege credential access, a worrying 70 percent would fail an access controls audit.

Access to privileged accounts allows more rights and permissions than those given to standard business users, yet 51 percent fail to use a secure logon process for these accounts.

Continue reading →

The American Civil Liberties Union (ACLU) has filed a lawsuit against the TSA, asking for details to be released about the policies governing searches carried out on phones and laptops on domestic flights.

There have been a number of complaints recently from passengers unhappy with the fact that their devices have been searched without any reason being given. Concerns are mounting about invasion of privacy, hence the ACLU's interest in finding out precisely why the searches are being carried out.

Continue reading →

After a long flight, the first thing we do, as soon as we hit the runway, is switch our phone out of airplane mode and check our messages, emails and make sure we can connect to the local mobile network.

The problem is, this is expensive and most users mobile contract does not offer them free roaming, especially at long-haul destinations. You want to be connected to Wi-Fi as soon as possible.

Continue reading →

A week ago, cryptocurrency exchange Binance was the victim of a hacking attempt. While the attempt on March 7 is described as "not successful," Binance is still eager to track down the perpetrators.

So keen is the exchange, in fact, that it is offering up a $250,000 bounty to "the first person to supply substantial information and evidence that leads to the legal arrest of the hackers."

Continue reading →

Security vulnerabilities in some popular smart cameras, used as baby monitors and for security surveillance, could lead to them being exploited by hackers.

Research from Kaspersky Lab has found multiple issues with cameras, manufactured by Korean company Hanwha Techwin, that could allow attackers to obtain remote access to video and audio feeds from the cameras, remotely disable the devices and execute arbitrary malicious code on them.

Continue reading →

Thanks to a surge in healthcare attacks, cryptocurrency mining and fileless malware, McAfee Labs latest quarterly threat report has seen an average of eight new threat samples per second.

Highlights of the report include the healthcare sector experiencing a 211 percent increase in disclosed security incidents in 2017, and fileless malware leveraging Microsoft PowerShell growing 267 percent in the fourth quarter.

Continue reading →

If you're a Chrome user, you may well have taken advantage of the password saving feature of the browser to make it easier to log into your various online accounts. However, it's not a perfect solution, and you may well have been considering one of the various password management tools that exist instead.

Until now, it has not been possible to extract the passwords and login data you have saved in Chrome ready to import into your new password database. This has now changed, so you can easily switch to a new password manager without having to retype everything by hand.

Continue reading →

It's long been known that the Chinese government has links to hacker groups, but new research into the country's national vulnerability database (CNNVD) reveals evidence of data being changed to hide influence by the country’s intelligence service.

Research by security intelligence specialist Recorded Future back in November finds that CNNVD is faster than the US national vulnerability database (NVD) in reporting vulnerabilities -- NVD trails CNNVD in average time between initial disclosure and database inclusion (33 days versus 13 days).

Continue reading →

Microsoft has stopped a large scale malware distribution campaign that tried to infect almost 500,000 Windows PCs with a cryptocurrency miner.

Windows Defender antivirus software detected 80,000 instances of several Trojans with the payload known as Dofoil or Smoke loader, at noon PST on March 6.

Continue reading →

Cisco's Prime Collaboration Provisioning (PCP) software has a hardcoded password that could be used by an attacker to gain full control of a system. The company even says that "extenuating circumstances" exist that could enable an attacker to elevate privileges to root.

The vulnerability (CVE-2018-0141) affects version 11.6 of the software. A patch has been made available, and users are encouraged to install it as soon as possible as there are no other workarounds.

Continue reading →