Articles about Security

There's no denying the massive popularity of Kodi, and the streaming media center has become infamous as well as famous. While the negative press concerning the software tends to focus on the potential for piracy, there's also the question of privacy and security.

Kodi includes -- as does the likes of Plex -- a remote access feature. While wonderfully useful for when you're away from home, it also poses a security risk and represents a serious privacy concern if not correctly configured.

Continue reading →

Apple has a tendency to pride itself on security, but a researcher has released details of a macOS vulnerability that allows for complete system control by an unprivileged user.

A self-described "hobbyist hacker," Siguza, has published details of the exploit which is thought to have existed, undetected and unpatched for at least a decade. As well as details of the security flaw, Suguza has also published proof-of-concept code for the IOHIDeous vulnerability on GitHub.

Continue reading →

In a cautionary tale for the festive season, unorthodox security guru John McAfee claims to have had his Twitter account hacked.

The account sent out a number of 'coin of the day' Tweets on December 27th encouraging followers to buy some lesser known crypto currencies. Nothing especially strange in that as McAfee has himself sent this type of message in the past.

Continue reading →

The name Edward Snowden will always be associated with the NSA, but the man has fingers in many other pies. His latest venture is an app called Haven which can turn a smartphone into a security device that keeps an eye on your possessions.

Haven is an Android app, currently in beta, designed to be installed on an "extra" phone that you wouldn't mind losing. Placed with your belongings, it uses a phone's sensors -- microphone, camera, gyroscope, accelerometer, and so on -- to detect and record theft and tampering.

Continue reading →

The biggest threat facing cybersecurity is not advanced attackers or evolving technology. It is the lack of people able to defend networks.

Cybersecurity experts predict that by 2021 there will be 3.5 million unfilled cybersecurity jobs. That number is up from one million in 2016. The reasons behind this global issue are complicated, but many of them stem from the overarching issue of security burnout and the difficulty of new individuals entering the cybersecurity workforce to reduce the overall workload.

Continue reading →

It's the time of year when industry experts like to dust off their crystal balls, examine the pattern of tea leaves in the bottom of their cups and try to predict what the coming year is going to hold.

As far as security is concerned most commentators think we can expect the increase in numbers and sophistication of attacks we've seen in 2017 to continue, but there are some new things to worry about too.

Continue reading →

Cybersecurity experts are in agreement: enterprises simply cannot afford to skip investing in protections that safeguard their networks, systems and data. But with budgets straining, even as attacks are more prolific and powerful than ever, they need security that doesn’t break the bank. Fortunately, there several steps enterprises can take to cost-effectively bolster their cybersecurity.

In 2017, there were plenty of high-profile attacks to put people on edge. It’s been reported that there have been millions of records stolen using ransoms and extortion attempts. Who can forget WannaCry, the massive cyberattack in mid-May that spread around the world in days, crippling businesses in 150 countries by hijacking more than 230,000 computers, locking up data and demanding money to set them free? The attack used ransomware, a type of malware that encrypts data until you pay a ransom. Then there were other ransomware attacks like Petya and NotPetya. And of course, there’s always the steady drumbeat of viruses and distributed denial of service (DDoS) attacks.

Continue reading →

2017 was an eventful year in the world of email and cybersecurity. Large companies made headlines in 2017, falling victim to cyber attacks and data breaches that compromised millions of customer records. Email harassment and invasion of privacy tactics also rose to prominence in 2017.

Through it all, email has showcased its staying power and the ability to adapt to the ever-changing landscape of personal and business communications.

Continue reading →

Cyber attacks have been on the rise throughout 2017. According to endpoint security specialist Carbon Black, from January to December there has been a 328 percent jump in attacks against endpoints.

This means a business with 10,000 employees seeing about 1,000 attacks every single day. It's ransomware that continues to be a main attack vector for criminals though. Not only is it proliferating in underground markets on the dark web, it also cost global businesses an estimated $5 billion in 2017 - according to Cybersecurity Ventures.

Continue reading →

Researchers at cyber security company Kaspersky Lab have discovered a new Android mobile Trojan called Loapi.

It uses a modular architecture, allowing functions to be added to the software so it can be used for anything from crypto currency mining to DDos attacks. Crucially though Loapi can create such a heavy workload on an infected device that the battery overheats and destroys the phone.

Continue reading →

US concerns about links between Kaspersky Labs and the Russian government led to a ban on the security software being used on US government computers. The ban was only recently signed into law by Donald Trump, and now Kaspersky has filed a lawsuit against the Department of Homeland Security in response.

Kaspersky Labs is asking a federal court to overturn Trump's ban. The Moscow-based company maintains that it does not have links to the Kremlin, and has published an open letter saying that it had not been afforded "adequate due process" and that the US government's decision was based on flawed information.

Continue reading →

New research from cyber exposure company Tenable reveals a widespread lack of consumer awareness surrounding the impact of data breaches.

The results based on an online Harris Poll of more than 2000 US adults show that only 12 percent think their data has been stolen over the past year. But given the Equifax breach exposed up to 143 million Americans, that number is statistically impossible.

Continue reading →

Although the adoption of cloud services has increased over the past few years, many organizations are still unwilling to make the move to the cloud due to security and compliance concerns.

But Jim Hansen, VP of product marketing at security management firm AlienVault argues that companies with limited resources and budget should actually consider moving to the cloud in order to benefit from stronger security and compliance, in addition to other business benefits. We spoke to him to find out more.

Continue reading →

Microsoft has been bundling a password manager that features a dangerous flaw with some versions of Windows 10, a Google security researcher has revealed. Tavis Ormandy noticed that his copy of Windows 10 included Keeper, which he had previously found to be injecting privileged UI into pages.

The version that Microsoft was including with Windows 10 featured the same bug. What does this mean? In short, it allows any website to steal passwords from you.

Continue reading →

It's quite interesting to see just how far Microsoft has come since Satya Nadella became CEO. The company has gotten out of its comfort zone and made its products more appealing to a wider range of customers, embracing rival platforms and the open-source community. Having Visual Studio on Macs and tons of apps on Android and iOS is something that would have been unheard of only a few years ago.

The same goes for offering a subsystem for Linux or OpenSSH support on Windows 10. That last bit may not excite everyone, but it is especially useful for those who want to log in remotely on Linux devices -- which would have normally required third-party tools like PuTTY. Microsoft is not stopping there though, as it's taking things to the next level by adding a native OpenSSH client and server to Windows 10.

Continue reading →