Articles about Security

As online retailers gear up for their busiest period of the year, how prepared are they to face the threat of cyber attacks?

A new study from cyber security company Tripwire reveals that just 28 percent of respondents say they have a fully tested plan in place in the event of a security breach.

Continue reading →

Secure Shell (SSH) provides a secure channel for communication over unsecured networks and is therefore a popular technology in the financial services sector.

But a new study for machine identity protection company Venafi shows that even though SSH keys provide the highest levels of administrative access, they are routinely untracked, unmanaged and poorly secured.

Continue reading →

Endpoint protection company enSilo has used this week's Black Hat Europe conference in London to reveal how Microsoft Windows features can be used to slip malicious ransomware and other threats past most updated, market-leading AV products.

enSilo researchers demonstrated how, by manipulating how Windows handles file transactions, they could pass off malicious actions as benign, legitimate processes, even if they use known malicious code.

Continue reading →

Third-party Android and iOS keyboard ai-type is at the center of something of a privacy nightmare after a misconfigured database leaked the personal details of more than 31 million of its users.

Researchers at Kromtech Security Center discovered an unprotected database had been exposed by developers, revealing incredibly detailed information about its users. The database was found to be freely available for anyone to download, with no password required to access a treasure trove of information.

Continue reading →

A market cap of over $350 billion, daily volumes in excess of $10 billion, fast rising prices, a growing number of investors and little to no regulation all combine to make the cryptocurrency space a prime target for hackers. What's more, security is not exactly a main priority for many investors and exchanges, as numerous thefts go to show.

Making things even more complicated is the fact that lots of cryptocurrency apps, that let investors and trader store coins, have dangerous vulnerabilities that hackers can exploit to steal users' funds.

Continue reading →

War always sparks innovation, and over the years conflict has led to improvements in technology and the acceleration of development in things like radar and the jet engine.

So, is the war against cyber crime driving technologies that will improve the internet? Security education site Cyber Security Degrees thinks so and has produced an infographic to prove it.

Continue reading →

Over the last year attacks like WannaCry and Petya have brought ransomware into the public eye like never before.

Security intelligence platform CyberSight is launching a new solution to predict, detect and stop ransomware attacks.

Continue reading →

Google is introducing changes to its Safe Browsing policies, requiring Android apps to display their own privacy warning if they collect users' personal data. The company says that if app developers refuse to comply, Google will display a warning of its own.

Developers have been given 60 days to comply with what is described as an expansion of Google's existing Unwanted Software Policy. Interestingly, it does not matter whether apps are featured in Google Play or they come via other marketplaces.

Continue reading →

A few days ago, a serious security flaw with macOS High Sierra came to light. It was discovered that it was possible to log into the "root" account without entering a password, and -- although the company seemed to have been alerted to the issue a couple of weeks back -- praise was heaped on Apple for pushing a fix out of the door quickly.

But calm those celebrations. It now transpires that the bug fix has a bug of its own. Upgrade to macOS 10.13.1 and you could well find that the patch is undone. Slow hand clap.

Continue reading →

There have been concerns about Russian security firm Kaspersky in the US for some time, and now these fears have spread across the Atlantic to the UK. The director of the UK National Cyber Security Centre (NCSC) has issued a warning that no Russian-made security software should be used on systems that could represent a national security threat if accessed by the Russian government.

Ciaran Martin's warning comes after the US government banned the use of Kaspersky software on its computer systems, but the UK security director says that talks are underway with Kaspersky Lab with a view to setting up a review process for its software.

Continue reading →

The healthcare sector is a popular target for phishing attacks, yet it's failing to adopt simple measures like DMARC that could offer protection to both patients and staff.

A new report from cyber security company Agari reveals that fewer than 10 percent NHS Trusts and Boards in the UK have self-certified as using DMARC. Globally 77 percent of healthcare organizations don't have a DMARC policy.

Continue reading →

With the massive rise in popularity -- and value -- of cryptocurrencies such as Bitcoin, it's little wonder that people are seeking out ever more imaginative and sneaky ways to mine coins without having to invest in dedicated hardware.

Websites that mine for cryptocurrency in the background, making use of visitors' CPU time, are nothing new -- the Pirate Bay has been caught red-handed, for instance, using a Monero miner in the form of the Coinhive JavaScript Miner. But now researchers have discovered that some websites are using a drive-by mining technique that allows them to continue cryptomining even after the site is closed.

Continue reading →

Apple's macOS is a great operating system. Not only is it stable and beautifully designed, but it is very secure too. Well, usually it is. Unless you live under a rock, you definitely heard about the macOS High Sierra security bug that made the news over the last couple of days. In case you somehow are unaware, the bug essentially made it so anyone could log into any Mac running the latest version of the operating system.

Luckily, Apple has already patched the bug, and some people -- like me -- have forgiven the company. Understandably, not everyone will be as forgiving as me. Undoubtedly, there are Mac users that are ready to jump ship as a result of the embarrassing bug. While that is probably an overreaction, if you are set on trying an alternative operating system, you should not go with Windows 10. Instead, you should embrace Linux. In fact, rather serendipitously, a Linux distribution with a UI reminiscent of macOS gets a new version today. Called "deepin," version 15.5 of the distro is now ready to download.

Continue reading →

Endpoint systems continue to be the weakest point for most organizations, allowing a potential route for hackers to penetrate networks and steal data.

IT and security operations specialist Ivanti is launching a new version of its Endpoint Manager and Endpoint Security aimed at simplifying endpoint management and security with an integrated console and workflows.

Continue reading →

I am not a rich man. With that said, when I bought my first-ever Mac computer last year -- a 2016 MacBook Pro with Touch Bar -- parting with that much cash was a very big deal for me. I spent more on this laptop than my first car! Why did I buy it? After being impressed by iOS and liking the way the two operating systems worked together, I decided to use Mac OS X (now macOS) in addition to my favorite Linux distributions. To be honest, I feel more safe on Apple's desktop operating system than on Windows 10. I also like how Tim Cook and company stand up for privacy. In other words, I trusted Apple.

And then yesterday happened. It was revealed that macOS High Sierra had one of the worst security bugs ever. By entering "root" as the username, followed by a blank password, anybody could access any Mac running macOS 10.13.1. As soon as I read about this embarrassing vulnerability, my heart sank. I gave Apple thousands of my hard earned dollars because I valued security and privacy, and I was rewarded with incompetence. Well, I am happy to say that my head is much cooler today, and Apple has regained my trust. Why? Because the company has already patched the bug.

Continue reading →