Articles about Security

A new study from independent testing lab AV-Comparatives reveals that of over 200 Android security apps tested the majority are dubious, unsafe or ineffective.

The company downloaded 204 apps from the Google Play store in January this year and found 84 of the apps detected over 30 percent of malicious samples, and had zero false alarms. 79 detected under 30 percent of malware samples and/or had a high false alarm rate.

Continue reading →

Correctly calculating the probability of risk is becoming critical to organizations. And it’s not just because it is essential and fundamental to good Risk Management practice, but also because new laws such as GDPR are mandating it. Security measures must be appropriate to the risk, and the risk is suffering a data breach. So, calculating the probability of a data breach happening, regardless of scope, is vital to determining appropriate security measures.

ISACA, previously known as the Information Systems Audit and Control Association but now known solely by its acronym, talks about the probability of risk as:

Continue reading →

It feels like almost every week, we hear of a new breach, and each week, we’re thankful it wasn’t our company. But how long can we dodge the breach bullet? No one wants to be the next headline, but what can we do to ensure that we aren’t?

The common denominator in virtually every breach is that somehow, someone who shouldn’t have access to your company’s system and data sources has found a way in. The bad guys are smart, creative and motivated, and can use even the smallest opening.

Continue reading →

As if the Meltdown and Spectre chip vulnerabilities weren't bad enough in their own right, the patches designed to fix them caused a further series of problems. A Swedish researcher recently discovered that Microsoft's Meltdown fixes lowered security in Windows 7 and Windows Server 2008 R2, and now the company has issued a fix.

As the new patch is being released outside of the usual schedule, it is indicative of the importance of the security update. KB4100480 is a kernel update for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 that addresses CVE-2018-1038 problems.

Continue reading →

The higher education sector has seen a big increase in cryptocurrency mining activity according to a new report from AI security company Vectra.

Vectra used its Cognito platform to monitor traffic and collect metadata from more than 4.5 million devices and workloads from customer cloud, data center and enterprise environments. It discovered that, of all the cryptocurrency mining detections, 60 percent occurred in higher education.

Continue reading →

According to new research, 79 percent of healthcare professionals say they are concerned about the cyber security of their own healthcare information.

At the same time, 68 percent believe their organizations are doing enough to protect patient privacy and personal information from cyber attackers.

Continue reading →

Data breach checking website Have I Been Pwned (HIBP) -- used by governments and individuals around the world -- has announced a new partnership with 1Password.

The arrangement is a first for Troy Hunt's site, but it comes just over a month after 1Password started using a password-checker he developed. Hunt says that he has turned down numerous offers to sponsor Have I Been Pwned, but feels that teaming up with 1Password makes sense.

Continue reading →

Two security issues have been discovered in Grindr, the gay dating app, which could reveal the location of users even if they opted to keep this information private. There are concerns that the privacy compromise could lead to harassment of Grindr users.

Trevor Faden created a site called C*ckBlocked (that's the actual name, we're not being prudish and getting out our censorship pens) which was designed to give Grindr users the chance to see who had blocked them. By exploiting a security loophole similar to the one exposed in the recent Facebook/Cambridge Analytica scandal, Faden's site was able to access a wealth of private data including deleted photos and user locations.

Continue reading →

Security teams are faced with an increasing range of problems, from the volume of attacks, to lack of visibility into networks and shortage of skills.

Endpoint security specialist Carbon Black is launching its own Carbon Black Integration Network (CbIN), a technology partner program designed to improve cybersecurity through collective defense.

Continue reading →

In the wake of the Cambridge Analytica scandal and revelations about call and text logging, Facebook simply could not have got away with doing nothing. Mark Zuckerberg has hardly prostrated himself in front of users in his various recent interviews, but today Facebook announces a series of changes to privacy settings.

The social network is making it easier to find and use privacy settings, and providing users with information about how to delete the data Facebook stores about them.

Continue reading →

Over half (57 percent) of organizations suspect their mobile workers have been hacked, or caused a mobile security issue, in the last 12 months according to a new study.

The study by mobile connectivity specialist iPass shows that public Wi-Fi is the most common source of incidents, with 81 percent of respondents saying they had seen Wi-Fi related security incidents in the last year.

Continue reading →

If you're running Windows 7 and you've not yet installed the March updates, now is very much the time to do so. It turns out that the Meltdown patches released in January and February actually opened up a security hole in both Windows 7 and Windows Server 2008 R2.

A Swedish security researcher found that the patches changed access permissions for kernel memory, making it possible for anyone to read from and write to user processes, gain admin rights and modify data in memory.

Continue reading →

One of the basic problems businesses face in preventing attacks is effective discovery and identification of their technology assets.

This is made worse by the growth of BYOD and Internet of Things devices. Israel-based Axonius is looking to solve this problem with the launch of its Cybersecurity Asset Management Platform to enable customers to see and secure all their devices.

Continue reading →

A new report from threat intelligence specialist Recorded Future looks at the changing way in which attackers are using vulnerabilities.

In contrast to previous years, most of the criminal exploit kits and phishing campaigns seen in 2017 have favored Microsoft products, rather than the Adobe Flash vulnerabilities which previous research showed as being the most popular.

Continue reading →

Cyber security company McAfee is announcing an expanded product portfolio that evolves security operations capabilities and allows for rapid response to today’s threats.

McAfee's updated Enterprise Security Manager (McAfee ESM 11) uses a new data architecture optimized for scalability, performance, faster search, and collaboration. This is combined with the newly launched McAfee Behavioral Analytics, and enhanced McAfee Investigator, McAfee Advanced Threat Defense, and McAfee Active Response.

Continue reading →