Articles about Security

Apple has pushed out the latest updates to macOS High Sierra and iOS. macOS 10.13.1 and iOS 11.1 include a range of bug fixes, and also herald the arrival of a new batch of emoji.

The two relatively minor updates also address the recently-discovered KRACK security vulnerability. But while the WPA2 patch will be welcomed by many people, it is not available for all iPhones and iPads, meaning that large numbers of people will be left exposed.

Continue reading →

I am a strong believer in home Wi-Fi security cameras. Being able to monitor my house while away is a godsend. Yeah, it is great for security purposes, but you know where else these products shine? Pets! Yeah, with one of these cameras, you can keep tabs on your dog, cat, bird, lizard -- whatever. If you are at work and want to check in on your pup or kitty, just launch an app and there they are.

Unfortunately, these cameras can be expensive and difficult to set up. But, what if they weren't? What if there was a Wi-Fi camera that was easy to set up and cost, I don't know, say, $20? Surely you cannot get such a Wi-Fi security camera for an "Andrew Jackson," right? Actually, you can! The WyzeCam is that inexpensive and even promises an easy app-based setup process. Quite frankly, the boxy design is quite adorable too. Shockingly, it even streams at 1080p.

Continue reading →

Nearly a third of enterprises plan to increase their public cloud usage in the next 12 to 18 months, but the majority harbor significant concerns about cyber attacks and breaches in their hybrid environments.

An international survey of 450 senior security and network professionals by security vendor AlgoSec reveals the greatest concerns about applications in the cloud are cyber attacks (cited by 58 percent) and unauthorized access (53 percent), followed by application outages and mis-configured cloud security controls.

Continue reading →

Code signing certificates are used to verify the authenticity and integrity of software and are a vital element of internet and enterprise security. By taking advantage of compromised code signing certificates, cybercriminals can install malware on enterprise networks and consumer devices.

A study for machine identity protection company Venafi by the Cyber Security Research Institute shows that digital code signing certificates are changing hands on the dark web for up to $1,200, making them worth more than credit cards, counterfeit US passports and even handguns.

Continue reading →

The people behind phishing attacks are always looking for ways to improve their profitability. They quite often re-use material by bundling site resources into a phishing kit, uploading that kit to a server and sending a new batch of emails.

Sometimes though they get careless and leave the kits behind allowing them to be analyzed. Trusted access specialist Duo Security carried out a month-long experiment to track down these abandoned kits.

Continue reading →

Secure software development practices are increasingly being adopted by open source software (OSS), and are underscoring the importance of managing OSS risk.

The latest report from development platform Synopsys uses results from the free Coverity Scan static analysis solution to assess the quality of development practices and the overall maturity of the OSS ecosystem.

Continue reading →

Weak or reused passwords are a common cause of security breaches but are something that it’s hard for administrators to police.

Intelligence-led security company FireEye is releasing a new password cracking tool to enable security professionals to test password effectiveness, develop improved methods to securely store passwords, and audit current password requirements.

Continue reading →

According to a new study, 80 percent of businesses across the US and UK will change how they deal with security in the coming 12 months.

The survey of more than 400 SMEs and enterprises by service management company SolarWinds MSP finds that 17 percent of companies intend to switch their current service provider in the next 12 months, 10 percent want to cease outsourcing in favour of in-house management, and 49 percent planning to outsource their security for the first time.

Continue reading →

The New York Times has announced that it is launching a Tor Onion Service version of its website. The new, more secure way to access the site will open it up to people around the world whose internet connections are blocked or monitored.

It also caters to a growing breed of people who are concerned about what their web browsing habit might reveal and who have turned to Tor to protect their privacy.

Continue reading →

Singles looking for love using mobile dating apps could be putting their device security at risk, experts have warned.

An investigation into many of the world's most popular dating apps by Kaspersky Labs has found that many services are not providing sufficient levels of data protection, with hackers able to potentially identify users and steal personal information.

Continue reading →

Data breaches have become commonplace these days, and it doesn't appear there will be any slowing down. Companies keep making headlines because either their data is ransomed, or it's been discovered that their data storage isn't properly locked down. Big, global brands are suffering at the hands of these attacks, and we are starting to see some common patterns emerge that might help us identify a new, different approach to cloud security.

One has to wonder if anyone is learning anything in the midst of all this hacking. How much high profile content must be leaked, and how many credit card numbers have to be exposed before someone says, "All the effort we're putting into security and compliance can be dismantled with a single, unnoticed misconfiguration. How can we avoid that?"

Continue reading →

Just as Kaspersky says that it will open up its source code in the name of transparency, so McAfee has indicated something of a step in the other direction. The security software manufacturer has announced that it is no longer going to allow foreign governments to scrutinize its code.

The practice was originally introduced to help convince other countries -- particularly Russia -- that its software did not include backdoors that could be used for espionage. But there have been concerns that opening up source code to examination could also give foreign powers the ability to detect and abuse vulnerabilities.

Continue reading →

Using passwords to get online may soon be a thing of the past thanks to a new launch from Intel.

The computing giant has revealed that its Intel Online Connect service will now ship in all 7th and 8th-generation Core processors, allowing users a smoother and easier way to get online quickly using just a fingerprint -- with users of Lenovo's latest PC devices the first to benefit from safer browsing.

Continue reading →

Nation-state attacks and hacktivists are among the biggest worries for IT security professionals according to a new study.

The report by AI security company Cylance and the Enterprise Strategy Group shows that 82 percent of respondents are concerned or extremely concerned by the threat posed by nation-states, and 79 percent are by the threat of hacktivists.

Continue reading →

Conventional antivirus solutions are failing to protect users from attacks according to a  Malwarebytes report.

The study is based on real-world clean up scans performed by Malwarebytes. Nearly 40 percent (39.18percent) of all malware attacks cleaned on endpoints with an AV installed occurred on endpoints that had two or more traditional AV solutions registered.

Continue reading →