Articles about Security

More than 20 million Chrome users have been tricked into installing fake ad blockers that could see their machines recruited into a botnet, according to a new report.

A fake AdBlock Plus extension fooled many users last year. As many Chrome users discover ad blocking by browsing available extensions, so creating cloned fakes has become a popular tactic for cyber criminals according to AdGuard.

Continue reading →

After around six months in beta -- and two years in the making -- the team behind the TunnelBear VPN tool has officially launched its password manager, RememBear.

Vying for attention in an already somewhat crowded marketplace, RememBear takes a leaf out of TunnelBear's book, and concentrates on offering functionality that's simple to use. There's also the same quirky use of animations throughout, but this should not distract from the fact that this is a powerful and secure place to store passwords.

Continue reading →

More than 30 technology companies have signed the Cybersecurity Tech Accord, making a number of pledges relating to cyberattacks. Microsoft, Facebook, Dell, HP and LinkedIn are just a few of the companies signing on the dotted line, promising -- among other things -- never to help a government launch cyberattacks against innocent citizens and enterprises.

The overall aim of the accord is to protect customers against malicious attacks by cybercriminal enterprises and nation-states. It is described as a "watershed agreement", and it sees a number of very big names coming together -- although there are a few notable exceptions.

Continue reading →

The Spectre and Meltdown vulnerabilities really focused people's attention on the security of processors, and Intel has been at pains to convince users that it takes security seriously. With this in mind, the company has now announced a new Threat Detection Technology which introduces two new malware-fighting techniques.

Accelerated Memory Scanning offloads malware scanning to GPUs, taking the strain off CPUs and helping to improve performance. There's already interest, with Microsoft planning to add support to Windows Defender Advanced Threat Protection. Intel has also revealed Advanced Platform Telemetry which is supposed to cut down on false positives.

Continue reading →

Hardware authentication specialist Yubico is announcing a new FIDO2 compatible security key which will be supported in Windows 10 devices and Microsoft Azure Active Directory (Azure AD).

This means that organizations will have the option to enable employees and customers to sign in to an Azure AD joined device with no password, simply by using the security key to get single sign-on to all Azure AD based applications and services.

Continue reading →

IKEA-owned TaskRabbit is offline while the company investigates a "cybersecurity incident". Very little information has been given about the incident, but the company says that it is working with "an outside cybersecurity firm and law enforcement to determine specifics" of what happened.

While even vague details are unavailable, the fact that the TaskRabbit website and app have been taken offline could well be indicative of the severity. The company is advising its customers to change their passwords elsewhere if they have reused their TaskRabbit credentials for other sites and services.

Continue reading →

Global fears about cyberattacks by Russia are not calming down, and the US and UK have just issued a joint alert warning of state-sponsored attacks on network infrastructure devices, including residential routers.

The west is accusing Russia of an espionage-driven malicious cyberoffensive, and the Technical Alert -- which comes following a joint effort between the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the UK's National Cyber Security Centre (NCSC) -- warns that both governmental and residential hardware is being targeted to "potentially lay a foundation for future offensive operations".

Continue reading →

The US Department of Commerce has implemented a ban on American companies selling components to ZTE. The Chinese telecoms firm is being punished for violating sanctions on Iran and North Korea after pleading guilty last year.

At the same time, the UK's cyber defense watchdog, the National Cyber Security Centre (NCSC), has warned UK telecoms firms that the use of ZTE equipment or services pose a risk to national security. The action taken by the two nations is expected to have severe implications for the company.

Continue reading →

Public cloud services are now in use in 97 percent of organizations, but one in four have experienced data theft and cloud-first strategies are on the decline.

These are among the findings of the latest annual cloud report from McAfee. Among other highlights are that 83 percent store sensitive data in the public cloud and 69 percent trust the public cloud to keep their sensitive data secure. However, one in five organizations has experienced an advanced attack against its public cloud infrastructure.

Continue reading →

Cyber security company ESET is using this week's RSA Conference in San Francisco to launch its new range of enterprise security products.

These include a new ESET Enterprise Inspector, an Endpoint Detection and Response (EDR) solution, and ESET Dynamic Threat Defense, a tool that provides off-premise cloud sandboxing, which leverages machine learning and behavior-based detection to prevent zero-day attacks.

Continue reading →

A large number of free Android apps suffer with flaky security because software developers are leaving cryptographic keys embedded and passwords hard-coded.

Speaking at the BSides security conference in San Francisco, software vulnerability analyst Will Dormann revealed how he had found serious security problems in thousands upon thousands of apps. After testing 1.8 million apps, he found almost 20,000 featured built-in passwords and keys, and even when a separate password store was used, user data was still open to attack from simple password crackers.

Continue reading →

Breaches related to open source components have grown 50 percent since 2017, and an eye-opening 121 percent since 2014, according to a new survey from open source governance and DevSecOps automation specialist Sonatype.

But the survey finds that those companies with mature DevOps practices are 24 percent more likely to have deployed automated security practices throughout their development lifecycle.

Continue reading →

In a classic example of social engineering, well-known names from the BBC's Dragons' Den TV series and others are being used to advertise a cryptocurrency scam.

Websites claiming to offer cryptocurrency investments are using images and false recommendations from prominent individuals including Deborah Meaden and Peter Jones from Dragons' Den, and Martin Lewis, the founder of MoneySavingExpert.com, without their consent.

Continue reading →

If you thought your Android phone was patched with all of the latest security updates, it might be time to think again. A report by Security Research Labs found that some phone manufacturers were not only failing to deliver security updates, but were hiding this fact from users.

The company found that some devices suffered a "patch gap" whereby manufacturers altered the date reported to Android -- and users -- about when security updates were last installed, without actually installing any patches.

Continue reading →

Targeted attacks launched via a compromised account were the most successful email attack vector in the past 12 months according to new research.

The study carried out for email security company Agari by Osterman Research reveals that 44 percent of organizations have been victims of a successful ATO-based attack.

Continue reading →