Articles about Security

The recent Spectre and Meltdown vulnerabilities have been well documented, but for businesses it can be difficult to know which fixes to prioritize.

Software management and security specialist Flexera is announcing a set of recommendations to provide a standardized, risk-based approach to managing this type of vulnerability.

Continue reading →

The fallout from the Meltdown and Spectre bugs continues to plague Intel. The company has been hit with lawsuits, users complained about performance drops, and some users found that their computers were rendered unbootable. For people with Broadwell and Haswell chips, there was a problem with random reboots, and as a result of this -- some two weeks down the line -- Intel is now advising people to stop installing its patches.

Executive vice president Navin Shenoy says that the company is close to determining the root cause of the problem, apologized for reboots and "unpredictable system behaviour," and warns that customers should stop deploying the current version of the patches until an update is produced.

Continue reading →

As the digital economy expands and software becomes more critical, security worries grow. In a new survey, 74 percent of respondents agree that security threats due to software and code issues are a growing concern.

The study of over 1,200 IT leaders, conducted by analysts Freeform Dynamics for software company CA Technologies, finds 58 percent of respondents cite existing culture and lack of skills as hurdles to being able to embed security within processes.

Continue reading →

Last week it emerged that OnePlus was conducting an investigation after a number of customers complained about fraudulent credit card charges. Now the company has given an update on the matter, saying that its website was attacked and a malicious script stealing credit card details was injected, affecting up to 40,000 people.

The company has issued an apology for the incident and says that it has contacted those it feels may have been directly affected. In a statement, OnePlus explains that over a two-month period, customers who entered their credit card details at oneplus.net may be at risk.

Continue reading →

Gaining threat intelligence from the dark web can be a difficult task for security providers due to its unstructured nature.

Similarly, when data breaches occur, companies often face the problem of knowing exactly which data has been exposed on underground marketplaces.

Continue reading →

With the 24th Winter Olympics due to start in Pyeongchang, South Korea in a few weeks, athletes are not the only ones preparing for the event.

A report from security analytics platform Cybereason shows that hackers and cyber criminals are gearing up too, the scale and cost of the event making it a prime target.

Continue reading →

In the increasingly complex threat landscape faced by businesses, insiders continue to be a problem, accounting for around half of data breaches, according to a recent Forrester report.

One way that companies are combating this threat is with the use of User and Entity Behavior Analytics (UEBA). This detects abnormal behavior, adds contextual information to confirm the behavior is abnormal, and then prioritizes the riskiest insiders for analysts to investigate.

Continue reading →

The idea of security by design is something we'll hear much more of as GDPR implementation looms. But many organizations still struggle when it comes to implementing a least privilege security model.

Access management specialist Thycotic is launching a new command line interface for its Secret Server privileged account management solution, enabling DevOps teams to bring best practice privileged account management to their code, build scripts, and configuration files.

Continue reading →

While the notorious Meltdown and Spectre chip bugs are still yet to pose a real threat in their own right, it's rather a different story when it comes to the patches designed to fix the problems. Microsoft had to pause the rollout of patches after reports that they were leaving some AMD systems unbootable.

Now the software giant has released two new updates -- one for Windows 7 (KB4073578) and one for Windows 8.1 (KB4073576) -- to fix the "Unbootable state for AMD devices" issue. But it's not all good news. These are updates that have to be manually downloaded and installed, and Microsoft has provided no instructions about how to use them.

Continue reading →

Cyber attacks driven by ransom demands are on the increase as criminals seek to cash in on the soaring values of crypto currencies according to a new report.

The 2017-2018 Global Application and Network Security Report from cyber security company Radware finds that reported ransom attacks surged in the past year, increasing 40 percent from the 2016 survey. Half of companies surveyed suffered a financially motivated attack in the past year.

Continue reading →

While a majority of businesses around the world have adopted cloud services, a study released today reveals a wide gap in the level of security precautions applied by companies in different markets.

The study from digital security company Gemalto finds that German businesses are more cautious when it comes to sharing sensitive information in the cloud (61 percent) than British (35 percent), Brazilian (34 percent) and Japanese (31 percent) organizations.

Continue reading →

The Meltdown and Spectre bugs have been in the headlines for a couple of weeks now, but it seems the patches are not being installed on handsets. Analysis of more than 100,000 enterprise mobile devices shows that just a tiny percentage of them have been protected against the vulnerabilities -- and some simply may never be protected.

Security firm Bridgeway found that just 4 percent of corporate phones and tablets in the UK have been patched against Spectre and Meltdown. Perhaps more worryingly, however, its research also found that nearly a quarter of enterprise mobile devices will never receive a patch because of their age.

Continue reading →

2017 delivered a good deal of excitement (as well as massive, massive headaches) in IT security. WannaCry attacked more than 300,000 computers in 150 countries only to be followed by Petya a month later. And the pain extended beyond the enterprise when consumers bore the brunt of one of the most devastating hacks to hit the U.S.: the Equifax breach. The Equifax hack reportedly affected 145.5 million U.S. consumers -- or approximately 44 percent of the U.S. population -- leaving people vulnerable to financial fraud for potentially the rest of their lives.

These were just some of the year’s lowlights, all of which point to a future where nearly every organization is reliant on successful cybersecurity. It can literally mean the difference between a company’s survival and extension. As such, 2018 should be all about advancing enterprise security initiatives, and below are my top predictions to ensure the integrity of systems across the globe.

Continue reading →

A number of OnePlus customers have reported unusual credit card transactions after buying products from the smartphone maker's online store. And, today, OnePlus announces a formal investigation.

OnePlus reveals that the complaints come only from users who have made direct purchases and adds that purchases involving third-party services -- PayPal, for example -- are not affected.

Continue reading →

News of the Meltdown and Spectre processor bugs quickly spread around the world, as companies and individuals tried to protect their systems. But in addition to concerns about the performance hit patches may have on computers, Malwarebytes has also issued a stark warning about fake patches.

The security firm warns that criminals have used interest in Meltdown and Spectre to push out fraudulent bug fixes that are laced with Smoke Loader malware.

Continue reading →