Articles about Security

Microsoft has released an update to its free Windows Analytics tool, giving system administrators a new way to check for the Meltdown and Spectre vulnerabilities.

The update not only makes it possible to see whether firmware patches are already installed or if they are needed, but also helps sysadmins to determine whether the patches are causing problems of their own. The checking tool is available for fully updated versions of Windows 7 through Windows 10.

Continue reading →

Formerly a Windows 10 exclusive, Microsoft today announced that Windows Defender Advanced Threat Protection (ATP) is coming to Windows 7 and Windows 8.1.

That's not to say that the older operating systems are set to gain the full benefit of ATP, however. Microsoft says that it is the Endpoint Detection & Response (EDR) functionality that will make its way to Windows 7 and 8.1 at some point this summer. This cloud-driven feature will be made available as a preview in the spring.

Continue reading →

A new survey of managed security service providers (MSSPs) reveals that they are suffering an avalanche of false positive security alerts.

The study from Advanced Threat Analytics reveals that 44 percent of respondents report a 50 percent or higher false-positive rate, half of those experience a 50-75 percent false-positive rate and the remainder a startling 75-99 percent rate.

Continue reading →

Now that the initial shock about the Spectre and Meltdown chip vulnerabilities has died down, the focus is very much on getting the problems sorted. As has been noted already, there has been concern about the impact on performance that the bug fixes will bring.

Intel has been eager to downplay any suggestion of major slowdown, but the exact performance hit will vary from system to system depending on the tasks being performed. Brendan Gregg -- a Netflix engineer whose work involves large scale cloud computing performance -- has conducted some tests into the impact patches will have on Linux systems, concluding that "patches that workaround Meltdown introduce the largest kernel performance regressions I've ever seen."

Continue reading →

Thousands of government websites around the world have been hijacked to mine the cryptocurrency Monero. A commonly-used accessibility script was hacked to inject the Coinhive miner into official sites in the US, UK and Australia. One security researcher described it as the biggest attack of its type that he'd seen.

In the UK, websites for the NHS and Information Commissioner's Office were affected; in the US, the United States Courts' site was hit; in Australia, government sites including that of the Victorian parliament were hit by the cryptojacking code. What all of the sites had in common was the fact that they included the text-to-speech accessibility script Browsealoud from Texthelp.

Continue reading →

Businesses go to great lengths to protect their corporate networks, but when staff take work home it can be hard to ensure data is kept secure when using personal devices and accessing data from the cloud.

In an innovative move, endpoint protection company Cylance is offering employees of companies that use its software the chance to use Cylance's enterprise-grade AI-powered endpoint prevention to protect their family's home PCs and Macs against malicious attackers.

Continue reading →

As enterprises move more of their system to the cloud, they open up more of their workloads to potential attack.

In order to offer protection against cyberattacks on cloud infrastructure workloads, services and software-as-a-service applications on public and private cloud platforms, Check Point is launching a new family of cloud security products.

Continue reading →

It may have been a while since there was major news about the Spectre and Meltdown bugs, but the problems have not gone away. After previously releasing unstable patches, Intel has now launched a microcode update for Skylake systems.

Despite the problems with both stability and performance with Spectre and Meltdown patches, Intel uses an announcement about the latest updates to stress the importance of installing patches in a timely fashion. There's more than a hint of irony in the fact that Intel had to tell users to stop using an earlier update because of the problems it was causing.

Continue reading →

There are many reasons for turning to VPN software, but anonymity and hiding one's location are pretty high up the list. A newly-discovered flaw in the popular free VPN Hotspot Shield, however, means that it is possible to determine key pieces of information about users.

The VPN -- produced by AnchorFree -- is used by 500 million people around the world, and security researchers have discovered a vulnerability (CVE-2018-6460) that means it is technically possible to home in on the location of an individual using the service.

Continue reading →

Hackers and cyber criminals are becoming wise to the fact that they can use cloud applications to spread malware.

In response, top cloud providers now offer malware protection in an attempt to stop files containing malware being uploaded. But a new report reveals that placing your trust in this protection may be ill-advised.

Continue reading →

As businesses are keen to embrace flexible working and digital transformation, there’s increased focus on collaboration and sharing of information.

But with existing regulations like HIPAA and upcoming ones like GDPR it's important to keep collaboration secure. German company Nextcloud is launching a solution in the form of a self-hosted, open source platform offering end-to-end encryption, video and text chat, and enhanced collaboration.

Continue reading →

Most organizations employ some kind of detection-based security to protect their systems. But a new report by cyber security company Bromium reveals that this approach has major hidden costs.

Upfront licensing and deployment costs security-detection tools like anti-virus are dwarfed by the cost of human skills and effort needed to manage and assess the millions of alerts and false-positive threat intelligence generated.

Continue reading →

A trio of NSA exploits leaked by hacking group TheShadowBrokers has been ported to work on all versions of Windows since Windows 2000.

The EternalChampion, EternalRomance and EternalSynergy exploits were made public by the group last year, and now a security researcher has tweaked the source code so they will run on nearly two decades' worth of Microsoft operating systems -- both 32- and 64-bit variants.

Continue reading →

With GDPR coming into force in May this year, companies are preparing themselves to comply with the new legislation, in particular putting in place procedures to deal with data breaches.

But some, like Uber -- who have suffered a breach in the past and covered it up -- may well be wondering whether it’s better to disclose these events now rather than risk them leaking out once GDPR is in force.

Continue reading →

With the EU's GDPR legislation coming into force in a few months, and new and potentially tougher legislation on data breaches planned in the US, a new study reveals that many enterprises are under prepared.

The report from integrity assurance company Tripwire shows that less than a fifth (18 percent) say that they are fully prepared with a process in place to notify consumers in the event of a data breach. The majority (73 percent) say they are 'somewhat prepared' and would have to figure things out 'on the fly.'

Continue reading →