Articles about Security

The far-reaching tentacles of the likes of Google and Facebook have focused people's attention on online privacy, but for anyone looking to retain a modicum of confidentiality it can be hard to know what to do. There are VPN tools, but these are not for everyone, for anyone looking for a quick solution, Avast Secure Browser could be the answer.

This new Chromium-based browser is billed as being "private, fast, and secure" and it's designed to address the misconceptions many people have about privacy and security online. The browser is a renamed and updated version of SafeZone.

Continue reading →

We already know that cryptomining is currently flavor of the month among malware creators, but a new report released today by Malwarebytes puts some startling figures on the problem.

On consumer systems cryptomining detections were up a massive 4,000 percent in the last quarter, while ransomware detections fell 35 percent over the same period. For businesses cryptomining detections rose 27 percent this quarter and ransomware detections 28 percent. However, Spyware is still the cybercriminals' favourite choice, with over 80,000 detections in January alone.

Continue reading →

Intel has issued a security advisory about its remote keyboard app after discovering a bug that made it possible for a remote user to mimic keyboard and mouse input with elevated privileges.

Intel Remote Keyboard was available for both iOS and Android, but the critical vulnerability -- and two other bugs with a High rating -- means that it has now been pulled from Google Play and the App Store. Intel is also recommending that anyone using the app uninstalls it as soon as possible.

Continue reading →

Verge may not be the biggest cryptocurrency out there, but it does have quite a following and has generated enough interest to attract hackers. The cryptocurrency came under attack for three hours yesterday, enabling a hacker to net 15.6 million Verge coins worth around $780,000.

There was initially speculation that Verge had fallen victim to a ">51% attack" -- in which an attacker is able to forge transactions by taking control of more than half of the network -- but this has been denied by developers. A hard fork is being prepared to patch the bug that allowed the attack to take place.

Continue reading →

Researchers at Recorded Future believe that a Mirai botnet variant, possibly linked to the IoTroop or Reaper botnet, was utilized in attacks on at least one company, and probably more, in the financial sector in late January of this year.

The botnet targeted one company using at least 13,000 devices, each with a unique IP address, and generated traffic volumes up to 30Gb/s.

Continue reading →

The need to protect sensitive data against cyber criminals, address complex compliance requirements, and guard against human error is driving enterprises to adopt encryption.

A new study by cyber security company Thales eSecurity, based on research by the Ponemon Institute, shows that 43 percent of respondents report that their organization has an encryption strategy applied consistently across their enterprise.

Continue reading →

The retail sector suffered the most breaches in 2017, accounting for 16.7 percent followed by the finance and insurance industry at 13.1 percent and hospitality at 11.9 percent.

Geographically, North America is in the lead with 43 percent of breaches, followed by the Asia Pacific region at 30 percent, Europe, Middle East and Africa (EMEA) at 23 percent and Latin America at four percent.

Continue reading →

With little fanfare, Intel has revealed that some processors will simply never receive microcode updates that will patch against the Meltdown and Spectre vulnerabilities.

In a document entitled Microcode Revision Guidelines, the chip-maker says that a wide range of processor families -- equating to over 200 CPUs -- will not receive any more updates. While the majority of the affected chips were on sale between 2007 and 2011, it's safe to assume that a large proportion of them are still in use, meaning that a lot of systems will remain unprotected.

Continue reading →

Serverless computing is increasingly popular because it eliminates infrastructure concerns. However, a new report raises worries about its security.

According to an audit by serverless security company PureSec, more than one in five serverless applications has critical security vulnerabilities.

Continue reading →

Lax policies and a lack of control is giving far too many employees access to sensitive data according to the latest Global Data Risk Report from data security specialist Varonis.

The report, based on analysis of Data Risk Assessments conducted by Varonis in 2017 for customers and potential customers on their file systems, uncovers some startling figures, with 58 percent of organizations found to have more than 100,000 folders open to all employees.

Continue reading →

A new survey from McAfee says that IT security staff report needing to increase their workforces by 24 percent to adequately manage their organization's cyber threats.

Yet a skills crisis means 84 percent admit it's difficult to attract staff and 31 percent say they don't actively do anything to attract new talent. However, 72 percent of respondents say hiring experienced video gamers into the IT department seems like a good way to plug the cyber security skills gap.

Continue reading →

Huawei is being shunned by the US because of the perception that its hardware could be compromised and used by the Chinese government for espionage. The FCC has blocked US mobile carriers from using federal money to purchase products or services from the company on security grounds, and Huawei is understandably unhappy about this.

The smartphone maker has dismissed security claims as "simply not true" and says that it is "no security threat in any country". The Chinese company says that it is disappointed with the FCC's proposal, pointing out that it would give rural operators -- and, in turn, customers -- fewer options to choose from.

Continue reading →

Infrastructure and development practices are changing as companies move towards cloud computing, DevOps, and on-demand SaaS delivery models.

This means security and operations teams must integrate their approach to securing systems. Cloud security company Threat Stack is launching a Cloud SecOps Program to help companies integrate security and operations initiatives and reduce risk.

Continue reading →

Amid growing concern about a disregard for Chrome Web Store policies, Google is slapping a ban on extensions that mine for cryptocurrencies.

With immediate effect, no more cryptomining extensions will be added to the Store, and as of July 2018, any existing mining tools will be removed. Google says that an astonishing 90 percent of mining extensions ignore rules that state cryptomining must be the extension's sole purpose, and users need to be fully informed about the mining.

Continue reading →

Last week there was an outcry after it was revealed that it was relatively simple to determine the location of Grindr users because of a security flaw. The company has now also admitted that it shared information from users' profiles with third parties -- specifically the analytics companies Apptimize and Localytics -- including their HIV status.

Grindr was quick to point out that, firstly, the information was sent via HTTPS, secondly, that the data was not sold to the analytics companies (it was provided free of charge) and, thirdly, that the data was public anyway. All three of these points will come as little comfort to Grindr users, but the company has said that it will now stop the practice of sharing HIV-related information.

Continue reading →