Articles about Security

With GDPR implementation only a few months away, a worrying new survey shows that 55 percent of UK businesses are still unaware of the GDPR regulations.

The study by compliance solution PORT.im also reveals that only 27 percent of businesses believe GDPR applies to them, despite 73 percent saying that they collect personal data on their customers -- a strong indication that GDPR does apply.

Continue reading →

Most of the security vulnerabilities we write about are hard to exploit by the average computer user. I consider myself fairly experienced but, honestly, without a step by step guide I would not be able to "hack" a program or operating system even with the full bug report in front of me. And even then I probably would not know what to do to get any meaningful data from it anyway.

But some security vulnerabilities are so easy to exploit that anyone can do it. Unlocking the App Store menu in System Preferences on macOS High Sierra 10.13 is one of them.

Continue reading →

A new survey from Kaspersky Lab reveals that there is a major disconnect between employees and their employer's IT security guidelines.

In a survey of almost 8,000 full-time employees, 49 percent of those employees surveyed consider protection from cyber threats to be a shared responsibility, but only 12 percent of respondents are fully aware of their organization’s IT security policies and rules.

Continue reading →

Security researchers have discovered a method of infiltrating group chats in WhatsApp, effectively rendering the chat tool's end-to-end encryption useless.

Researchers from Germany's Ruhr University Bochum have unearthed an encryption flaw that makes it possible for group conversations to be compromised. While the vulnerability is not one that poses immediate concerns -- it requires direct access to WhatsApp servers -- it still raises questions about the security of the platform.

Continue reading →

As businesses increasingly turn to cloud solutions they rely more on encryption to protect their data. Gartner predicts by 2019, 80 percent of web traffic will be encrypted, but that leads to a problem as it can allow malware to travel undetected.

Detecting malicious content in encrypted traffic is difficult without decrypting it, forcing network operators to choose between privacy and security. A new solution from network specialist Cisco solves this conundrum by allowing traffic to be scanned without decrypting it.

Continue reading →

Security is the top initiative companies plan to pursue in the next 24 months with investments in virus and malware protection, patch management, and intrusion detection and prevention.

According to a new State of Resilience report by big data company Syncsort, 49 percent plan to spend on these areas, with 47 percent planning to spend on business continuity and high availability.

Continue reading →

Security, management and compliance challenges are hitting the benefits businesses are getting from using the cloud as their infrastructures become more complex, according to new research.

The study from security and compliance specialist WinMagic reveals that 39 percent of respondents report their infrastructure is more complex since using the cloud, and 53 percent spend more time on management tasks than they have done previously.

Continue reading →

Wi-Fi Protected Access is commonly used to secure Wi-Fi connections between pretty much all devices that we use nowadays. For many of us, WPA2 -- the most-recent version of the protocol -- is what we tick to make our router's wireless network private. But, pretty soon, there will be a new option available.

The Wi-Fi Alliance has announced the introduction of WPA3, which will be available for both personal and enterprise Wi-Fi devices this year. The big additions over its predecessor, for which certifications began in late-2004, are improved security and privacy.

Continue reading →

Shadow applications -- where employees use their own cloud and other software that isn't approved by the IT department -- is a growing problem for many enterprises as it leaves data exposed outside the corporate firewall.

Cloud Access Security Broker (CASB) specialist Bitglass is launching a new Shadow IT Discovery tool as part of its Zero-day CASB Core product to help businesses to get a handle on the problem.

Continue reading →

Businesses are increasingly turning to software to allow them to spot cyber threats. But this can lead to a problem in the form of alert fatigue, where there are just too many warnings to allow them to be properly investigated.

Network threat detection specialist Bricata has put together an infographic to highlight the problem of alert fatigue.

Continue reading →

Given the high number of data breaches in the past year and the number of records involved, many consumers now rank identity theft as one of their top concerns with 66 percent of Americans saying it's the crime they most worry about.

Security company McAfee is using this week's CES to move beyond its traditional antivirus products and launch its own Identity Theft Protection.

Continue reading →

As if the Meltdown and Spectre bug affecting millions of processors was not bad enough, the patches designed to mitigate the problems are introducing issues of their own. Perhaps the most well-known effect is a much-publicized performance hit, but some users are reporting that Microsoft's emergency patch is bricking their computers.

We've already seen compatibility issues with some antivirus tools, and now some AMD users are reporting that the KB4056892 patch is rendering their computer unusable. A further issue -- error 0x800f0845 -- means that it is not possible to perform a rollback.

Continue reading →

I must be honest -- I am starting to become fatigued by all of the vulnerabilities and security failures in technology nowadays. Quite frankly, between Spectre and Meltdown, I don't even want to use my computer or devices anymore -- I feel exposed.

Today, yet another security blunder becomes publicized, and it is really bad. You see, many Western Digital My Cloud NAS drives have a hardcoded backdoor, meaning anyone can access them -- your files could be at risk. It isn't even hard to take advantage of it -- the username is "mydlinkBRionyg" and the password is "abc12345cba" (without quotes). To make matters worse, it was disclosed to Western Digital six months ago and the company apparently did nothing until November 2017. Let's be realistic -- not everyone stays on top of updates, and a backdoor never should have existed in the first place.

Continue reading →

The revelations about the Spectre and Meltdown vulnerabilities affecting millions of processors around the world has raised a huge number of questions for many people. While businesses and large organizations are rushing to ensure that their systems -- and their data -- are protected, the average computer user has been left wondering what on Earth is going on.

While there are a lot of very technical write-ups about the implications of the Spectre and Meltdown bugs, as well as explanations of just how the exploit works, the average Joe has been left somewhat in the dark. To try to remedy this, Google has answered a series of questions relating to the security issues.

Continue reading →

Since news of the Meltdown and Spectre processor bugs broke, tech companies have been scrabbling to develop patches and get them out to users. Intel, on the other hand, has been desperately trying to salvage its tarnished image. What's not going to improve the mood at the company is the fact that it has been hit by a series of class action lawsuits.

In the days since the processor vulnerability was revealed, three sperate lawsuits have been filed against the chip-maker. Given the scale of the problem, it's likely that more will spring up, and other chip-makers may also be hit.

Continue reading →