Articles about Security

The proceeds of cyber crime make up an estimated eight to 10 percent of total illegal profits laundered globally each year, amounting to an estimated $80-$200 billion.

This is among the findings of a new report, commissioned by virtualization-based security company Bromium, into the economics of cyber crime and how criminals launder and 'cash out' the profits of their endeavors.

Continue reading →

The US has introduced new sanctions against Russia after accusing the country not only of interfering in the 2016 election, but also launching a cyberattack on its energy grid.

Officials say that malware traced back to Moscow had been found to have infected operating systems on computers belonging to companies in the energy sector. The Department of Homeland Security is in no doubt that the Russian government is responsible.

Continue reading →

Cloud access security specialist Netskope is launching an expansion of its Infrastructure as a Service security offering to add continuous security assessment and monitoring capabilities.

With this release customers can use Netskope for IaaS to continuously assess their infrastructure-as-aservice (IaaS) and platform-as-a-service (PaaS) configuration in AWS, with Microsoft Azure to follow soon.

Continue reading →

Microsoft has launched a bug bounty program that will reward anyone who finds the next Meltdown or Spectre vulnerability. Known as speculative execution side channel vulnerabilities, Microsoft is willing to reward anyone who reports bugs that could cause problems like earlier in the year.

The rewards on offer range from $5,000 up to $250,000 depending on the severity of the vulnerability, and the bounty program runs until the end of 2018. Microsoft says that it will operate under the principles of coordinated vulnerability disclosure.

Continue reading →

VPN tools have been in the headlines recently. Firstly, Facebook's Onavo VPN was found to be gathering user data, and then McAfee snapped up VPN firm TunnelBear. Now for users of Hotspot Shield, PureVPN and ZenMate, there's a warning: sensitive data such as your real IP address may be leaked.

A VPN company with a strong interest in privacy, vpnMentor, commissioned research into the three well-known tools, and problems were found in all of them. The developers were notified, but only HotSpot Shield has addressed the problems that were found.

Continue reading →

In the fallout from the revelations about the Spectre and Meltdown vulnerabilities -- and the ensuing chaos relating to patches for the security problems -- Microsoft blocked security updates for Windows 10 users with antivirus software whose compatibility with patches was not known.

Two months after making this decision, Microsoft has changed course and said that updates can roll out to everyone once again. The company says this is a result of working with antivirus partners and patches should no longer lead to problems in most cases.

Continue reading →

Researchers at cyber security platform ERPScan have disclosed details of two vulnerabilities that allow compromise of the widely used SAP CRM system.

CRM is considered as a most critical asset by businesses. A data breach into CRM can be disastrous as it can destroy trust in the business and severely tarnish the brand as well as raising compliance issues.

Continue reading →

DDoS attacks using domain name server (DNS) amplification increased more than 357 percent in the fourth quarter of 2017 compared to the previous year.

A new report by protection specialist Nexusguard attributes the rise to the use of Domain Name System Security Extensions (DNSSEC), a technology that's intended to add integrity and security to the DNS protocol.

Continue reading →

New research reveals the US cities that are best at password security, with Minneapolis topping the list.

The study by password manager Dashlane scores cities based on several metrics, including average password strength and average number of reused passwords.

Continue reading →

Researchers at threat prevention specialist Preempt have discovered a flaw in Credential Security Support Provider protocol (CredSSP), which is used by Remote Desktop and WinRM in their authentication processes.

An attacker with man-in-the-middle control over the session could use this to gain the ability to remotely run code on the compromised server masquerading as a legitimate user.

Continue reading →

Off-the-shelf smart devices that include baby monitors, home security cameras, doorbells, and thermostats can be easily hacked according researchers at Israel's Ben-Gurion University of the Negev (BGU).

As part of their ongoing research into detecting vulnerabilities in devices and networks expanding in the smart home and Internet of Things (IoT), the BGU researchers disassembled and reverse engineered many common devices and quickly uncovered serious security issues.

Continue reading →

Christine Lagarde, the head of the International Monetary Fund (IMF), has said that the blockchain technology behind cryptocurrencies could also be used to regulate them. She suggests that the IMF "fight fire with fire" in trying to address the "dark side of the crypto world."

While acknowledging the potential for the technology behind crypto-assets as being massively empowering -- particularly as a way to provide low-cost payment methods in poorer countries -- she says that cryptocurrencies also need regulation to avoid problems such as money laundering and funding terrorism.

Continue reading →

A new study into privileged access management from account protection specialist Thycotic shows that while over 60 percent of organizations must satisfy regulatory compliance requirements surrounding privilege credential access, a worrying 70 percent would fail an access controls audit.

Access to privileged accounts allows more rights and permissions than those given to standard business users, yet 51 percent fail to use a secure logon process for these accounts.

Continue reading →

The American Civil Liberties Union (ACLU) has filed a lawsuit against the TSA, asking for details to be released about the policies governing searches carried out on phones and laptops on domestic flights.

There have been a number of complaints recently from passengers unhappy with the fact that their devices have been searched without any reason being given. Concerns are mounting about invasion of privacy, hence the ACLU's interest in finding out precisely why the searches are being carried out.

Continue reading →

After a long flight, the first thing we do, as soon as we hit the runway, is switch our phone out of airplane mode and check our messages, emails and make sure we can connect to the local mobile network.

The problem is, this is expensive and most users mobile contract does not offer them free roaming, especially at long-haul destinations. You want to be connected to Wi-Fi as soon as possible.

Continue reading →