Articles about Security

The Spectre/Meltdown debacle continues to rumble on, and now the chip manufacturer has announced the availability of a new "microcode solution" to the Spectre vulnerability. The updated firmware applies to 6th, 7th and 8th Generation Intel Core devices, and the release sees the company crossing its fingers and hoping that everything works out this time.

This is Intel's second attempt at patching the Spectre vulnerability, and this time around both the company and its customers will be praying that the fix for Skylake, Kaby Lake and Coffee Lake chips actually does the job.

Continue reading →

We all know cyber crime is a major problem, but just how big is its worldwide impact? A new report from McAfee and the Center for Strategic and International Studies (CSIS) reckons it costs businesses almost $600 billion a year or 0.8 percent of global GDP.

Global losses in 2014 were estimated at $445 billion and the report puts the increase down to criminals quickly adopting new technologies, the ease of engaging in cyber crime -- including an expanding number of cyber crime centers -- and the growing financial sophistication of top-tier criminals.

Continue reading →

Organizations are facing an unprecedented variety of cyber risks that have the potential for devastating consequences, but a new study reveals that IT, security and compliance teams individually lack the resources to deal with them.

The study for communications compliance specialist Actiance and conducted by IDG Research finds enterprises moving towards a collaborative risk management model with increasing overlap between the different teams.

Continue reading →

Analysis of the internet presence of 25 out of 50 top US banks reveals a worrying number of online security flaws.

Threat management company RiskIQ used its Digital Footprint product, which provides a real-time inventory of all internet-facing assets, including the components running on assets that may expose the organization to vulnerability risk. It also correlates newly discovered vulnerabilities with internet-exposed components and assets, highlighting those at risk to inform patching and remediation planning.

Continue reading →

Google has revealed details of a security vulnerability in Microsoft Edge before a patch has been produced. Through Project Zero, Google notified Microsoft about a bug in the browser's Arbitrary Code Guard (ACG) feature back in November, giving the company the usual 90-day disclosure deadline.

Google went further, granting Microsoft a further grace period of two weeks on request, but the vulnerability remains unfixed in Windows 10. As such, details of the "ACG bypass using UnmapViewOfFile" bug have now been made public.

Continue reading →

We hear a lot about cyber attacks and the latest threats, but it can sometimes be hard to comprehend the scale of the problem.

Network security company Bricata has produced an infographic that sets out some of the statistics to put things into context.

Continue reading →

According to Networking specialist Cisco, almost half of SMBs and enterprises in the US are outsourcing at least some of their security to managed security service providers (MSSPs) in order to counter the latest advanced threats.

The company is targeting this market by launching a set of new endpoint security solutions aimed specifically at MSSPs. These include three powerful cloud-based tools.

Continue reading →

The US government has joined the government of the UK in pointing the finger of blame at Russia for the NotPetya cyberattacks. The ransomware/destructoware hit computers around the world last June.

After speculation that the attack was a state-sponsored one carried out by Russia, this position has now been confirmed as the White House accused the nation of the "reckless and indiscriminate." At the same time, the UK's National Cyber Security Centre said that the Russian military was "almost certainly" responsible for the attack.

Continue reading →

While Android ransomware is still growing, it's doing so at a slower rate than at its peak in 2016. However, it is using sneaky new techniques to trick users.

New findings from researchers at ESET reveal techniques like the misuse of Android's Accessibility services being used to infect devices. The most popular attack technique though remains screen-locking followed by a ransom demand. The most frequently detected variant being the Android/Locker family.

Continue reading →

More than 20,000 new vulnerabilities were cataloged in 2017 according to breach analysis specialist Risk Based Security.

The figures from the company's own VulnDB eclipsed the total covered by MITRE's Common Vulnerability Enumeration (CVE) and the National Vulnerability Database (NVD) by more than 7,900.

Continue reading →

While US government agencies are continuing to improve their security performance over time, the contractors they employ are failing to meet the same standards according to a new report.

The study by security rankings specialist BitSight sampled over 1,200 federal contractors and finds that the security rating for federal agencies was 15 or more points higher than the mean of any contractor sector.

Continue reading →

Facebook and privacy are not words that really belong in the same sentence, so the idea that the social network is offering a VPN tool might well raise your suspicions. Back in 2013, Facebook acquired Onavo, the company behind the VPN tool Protect.

Recently, users of the Facebook iOS app noticed a link to something labelled Protect within settings. While this appears to be a built-in setting, it is in fact just a link to the Onavo Protect VPN app -- and the idea of a Facebook-owned VPN tool being promoted from within the Facebook app has people concerned. Take a look at the app description, and you may well understand why.

Continue reading →

Intel has updated its bug bounty program, offering up to $250,000 to anyone identifying vulnerabilities in its hardware and software. The key update here is that the program is now open to everyone through the HackerOne platform -- it was previously open to selected security researchers on an invite-only basis.

The move comes in the wake of the Meltdown and Spectre chip vulnerability revelations, and it's clearly an attempt by Intel to not only ramp up its security, but to be seen doing so. The company says it wants to create "a process whereby the security research community can inform us, directly and in a timely fashion, about potential exploits that its members discover."

Continue reading →

Malware seeking to steal processor time for crypto currency mining continues to be a problem, with 23 percent of organizations globally affected by a Coinhive variant in January.

These findings come from a study by Check Point which discovered three different variants of cryptomining malware in its top 10 most prevalent listing, with Coinhive ranking first.

Continue reading →

With a wider threat landscape presented by cloud and digital transformation strategies, accurate and up to date threat intelligence is more important than ever to protect against attacks.

To meet this need, NTT Security, the specialized security company of NTT Group, has partnered with ThreatQuotient to offer an improved threat intelligence capability.

Continue reading →