Articles about Security

One of the areas that can often be overlooked when companies are formulating data protection strategies is what happens to information at the end of its life.

It's important to dispose of unneeded information securely and data erasure specialist Blancco Technology Group is offering a new erasure as a service (EaaS) process. It's making this available through a partner program so that managed service providers can integrate it into their IT service offerings.

Continue reading →

As we bring more and more smart devices into our homes, we potentially open ourselves up to a variety of new risks with devices opening back doors into networks or falling prey to botnets.

German antivirus company Avira is launching a new approach to home security which needs no new infrastructure on the domestic network and no configuration done by the user.

Continue reading →

New research into insider threats reveals that 24 percent of UK employees have deliberately shared confidential business information outside their company.

The study from privacy and risk management specialist Egress Software Technologies also shows that almost half (46 percent) of respondents say they have received a panicked email recall request, which is not surprising given more than a third (37 percent) say they don’t always check emails before sending them.

Continue reading →

Connected devices like smart TVs and webcams aren't new -- but since their inception 30 years ago, the number of humans connected to the internet has been surpassed by the number of devices connected to it.

In fact, industry analysts estimate the number of connected devices will reach 50 billion by 2020. And as the number of connected devices increases exponentially, so the number of security risks grows as well.

Continue reading →

Google's bug-tracking database -- the Google Issue Tracker which is known as the Buganizer System within the company itself -- had its own security holes which left it vulnerable to hackers.

Researcher Alex Birsan was able to exploit vulnerabilities so he could gain wider access to Google's database than he should have been able to. The trick was a simple matter of fooling the system into letting him register a @google.com email address that would ordinarily be reserved for Google employees.

Continue reading →

Anyone running a website powered by WordPress is being told to upgrade to version 4.8.3 immediately after the discovery of a serious security issue.

The problem -- an SQL injection vulnerability -- affects millions of websites running WordPress 4.8.2 and older. In addition to installing the latest update, site owners are advised to update plugins that could be exploited.

Continue reading →

Allowing employees to access corporate data via their own devices is increasingly popular, but it does present risks if not implemented correctly.

A new report from data protection company Bitglass finds one in four organizations do not have multi-factor authentication methods in place to secure BYOD -- a well-known enterprise security gap.

Continue reading →

With the iPhone X due to ship to those who have pre-ordered tomorrow as well as being available in stores in limited numbers, it has emerged that Apple is allowing app developers to access facial data.

Concerns have already been voiced about the privacy of Face ID and how facial data is used, but Apple responded to these saying the data remains on the iPhone X and is never sent to the cloud. But contracts seen by Reuters show that app developers are permitted to take facial data off phones, providing certain criteria are met.

Continue reading →

Passwords are fundamental to modern life, both at home and at work. In the workplace, the security of passwords is paramount, and ensuring that employees are taking matters seriously is an important part of safeguarding any business.

A new report by LastPass -- The Password Exposé -- reveals the threats posed, and the opportunities presented, by employee passwords. The report starts by pointing out that while nearly everyone (91 percent) knows that it is dangerous to reuse passwords -- with 81 percent of data breaches attributable to "weak, reused, or stolen passwords", more than half (61 percent) do reuse passwords. But the real purpose of the report is to "reveal the true gap between what IT thinks, and what's really happening."

Continue reading →

Apple has pushed out the latest updates to macOS High Sierra and iOS. macOS 10.13.1 and iOS 11.1 include a range of bug fixes, and also herald the arrival of a new batch of emoji.

The two relatively minor updates also address the recently-discovered KRACK security vulnerability. But while the WPA2 patch will be welcomed by many people, it is not available for all iPhones and iPads, meaning that large numbers of people will be left exposed.

Continue reading →

I am a strong believer in home Wi-Fi security cameras. Being able to monitor my house while away is a godsend. Yeah, it is great for security purposes, but you know where else these products shine? Pets! Yeah, with one of these cameras, you can keep tabs on your dog, cat, bird, lizard -- whatever. If you are at work and want to check in on your pup or kitty, just launch an app and there they are.

Unfortunately, these cameras can be expensive and difficult to set up. But, what if they weren't? What if there was a Wi-Fi camera that was easy to set up and cost, I don't know, say, $20? Surely you cannot get such a Wi-Fi security camera for an "Andrew Jackson," right? Actually, you can! The WyzeCam is that inexpensive and even promises an easy app-based setup process. Quite frankly, the boxy design is quite adorable too. Shockingly, it even streams at 1080p.

Continue reading →

Nearly a third of enterprises plan to increase their public cloud usage in the next 12 to 18 months, but the majority harbor significant concerns about cyber attacks and breaches in their hybrid environments.

An international survey of 450 senior security and network professionals by security vendor AlgoSec reveals the greatest concerns about applications in the cloud are cyber attacks (cited by 58 percent) and unauthorized access (53 percent), followed by application outages and mis-configured cloud security controls.

Continue reading →

Code signing certificates are used to verify the authenticity and integrity of software and are a vital element of internet and enterprise security. By taking advantage of compromised code signing certificates, cybercriminals can install malware on enterprise networks and consumer devices.

A study for machine identity protection company Venafi by the Cyber Security Research Institute shows that digital code signing certificates are changing hands on the dark web for up to $1,200, making them worth more than credit cards, counterfeit US passports and even handguns.

Continue reading →

The people behind phishing attacks are always looking for ways to improve their profitability. They quite often re-use material by bundling site resources into a phishing kit, uploading that kit to a server and sending a new batch of emails.

Sometimes though they get careless and leave the kits behind allowing them to be analyzed. Trusted access specialist Duo Security carried out a month-long experiment to track down these abandoned kits.

Continue reading →

Secure software development practices are increasingly being adopted by open source software (OSS), and are underscoring the importance of managing OSS risk.

The latest report from development platform Synopsys uses results from the free Coverity Scan static analysis solution to assess the quality of development practices and the overall maturity of the OSS ecosystem.

Continue reading →