Articles about Security

Connected devices like smart TVs and webcams aren't new -- but since their inception 30 years ago, the number of humans connected to the internet has been surpassed by the number of devices connected to it.

In fact, industry analysts estimate the number of connected devices will reach 50 billion by 2020. And as the number of connected devices increases exponentially, so the number of security risks grows as well.

Continue reading →

Google's bug-tracking database -- the Google Issue Tracker which is known as the Buganizer System within the company itself -- had its own security holes which left it vulnerable to hackers.

Researcher Alex Birsan was able to exploit vulnerabilities so he could gain wider access to Google's database than he should have been able to. The trick was a simple matter of fooling the system into letting him register a @google.com email address that would ordinarily be reserved for Google employees.

Continue reading →

Anyone running a website powered by WordPress is being told to upgrade to version 4.8.3 immediately after the discovery of a serious security issue.

The problem -- an SQL injection vulnerability -- affects millions of websites running WordPress 4.8.2 and older. In addition to installing the latest update, site owners are advised to update plugins that could be exploited.

Continue reading →

Allowing employees to access corporate data via their own devices is increasingly popular, but it does present risks if not implemented correctly.

A new report from data protection company Bitglass finds one in four organizations do not have multi-factor authentication methods in place to secure BYOD -- a well-known enterprise security gap.

Continue reading →

With the iPhone X due to ship to those who have pre-ordered tomorrow as well as being available in stores in limited numbers, it has emerged that Apple is allowing app developers to access facial data.

Concerns have already been voiced about the privacy of Face ID and how facial data is used, but Apple responded to these saying the data remains on the iPhone X and is never sent to the cloud. But contracts seen by Reuters show that app developers are permitted to take facial data off phones, providing certain criteria are met.

Continue reading →

Passwords are fundamental to modern life, both at home and at work. In the workplace, the security of passwords is paramount, and ensuring that employees are taking matters seriously is an important part of safeguarding any business.

A new report by LastPass -- The Password Exposé -- reveals the threats posed, and the opportunities presented, by employee passwords. The report starts by pointing out that while nearly everyone (91 percent) knows that it is dangerous to reuse passwords -- with 81 percent of data breaches attributable to "weak, reused, or stolen passwords", more than half (61 percent) do reuse passwords. But the real purpose of the report is to "reveal the true gap between what IT thinks, and what's really happening."

Continue reading →

Apple has pushed out the latest updates to macOS High Sierra and iOS. macOS 10.13.1 and iOS 11.1 include a range of bug fixes, and also herald the arrival of a new batch of emoji.

The two relatively minor updates also address the recently-discovered KRACK security vulnerability. But while the WPA2 patch will be welcomed by many people, it is not available for all iPhones and iPads, meaning that large numbers of people will be left exposed.

Continue reading →

I am a strong believer in home Wi-Fi security cameras. Being able to monitor my house while away is a godsend. Yeah, it is great for security purposes, but you know where else these products shine? Pets! Yeah, with one of these cameras, you can keep tabs on your dog, cat, bird, lizard -- whatever. If you are at work and want to check in on your pup or kitty, just launch an app and there they are.

Unfortunately, these cameras can be expensive and difficult to set up. But, what if they weren't? What if there was a Wi-Fi camera that was easy to set up and cost, I don't know, say, $20? Surely you cannot get such a Wi-Fi security camera for an "Andrew Jackson," right? Actually, you can! The WyzeCam is that inexpensive and even promises an easy app-based setup process. Quite frankly, the boxy design is quite adorable too. Shockingly, it even streams at 1080p.

Continue reading →

Nearly a third of enterprises plan to increase their public cloud usage in the next 12 to 18 months, but the majority harbor significant concerns about cyber attacks and breaches in their hybrid environments.

An international survey of 450 senior security and network professionals by security vendor AlgoSec reveals the greatest concerns about applications in the cloud are cyber attacks (cited by 58 percent) and unauthorized access (53 percent), followed by application outages and mis-configured cloud security controls.

Continue reading →

Code signing certificates are used to verify the authenticity and integrity of software and are a vital element of internet and enterprise security. By taking advantage of compromised code signing certificates, cybercriminals can install malware on enterprise networks and consumer devices.

A study for machine identity protection company Venafi by the Cyber Security Research Institute shows that digital code signing certificates are changing hands on the dark web for up to $1,200, making them worth more than credit cards, counterfeit US passports and even handguns.

Continue reading →

The people behind phishing attacks are always looking for ways to improve their profitability. They quite often re-use material by bundling site resources into a phishing kit, uploading that kit to a server and sending a new batch of emails.

Sometimes though they get careless and leave the kits behind allowing them to be analyzed. Trusted access specialist Duo Security carried out a month-long experiment to track down these abandoned kits.

Continue reading →

Secure software development practices are increasingly being adopted by open source software (OSS), and are underscoring the importance of managing OSS risk.

The latest report from development platform Synopsys uses results from the free Coverity Scan static analysis solution to assess the quality of development practices and the overall maturity of the OSS ecosystem.

Continue reading →

Weak or reused passwords are a common cause of security breaches but are something that it’s hard for administrators to police.

Intelligence-led security company FireEye is releasing a new password cracking tool to enable security professionals to test password effectiveness, develop improved methods to securely store passwords, and audit current password requirements.

Continue reading →

According to a new study, 80 percent of businesses across the US and UK will change how they deal with security in the coming 12 months.

The survey of more than 400 SMEs and enterprises by service management company SolarWinds MSP finds that 17 percent of companies intend to switch their current service provider in the next 12 months, 10 percent want to cease outsourcing in favour of in-house management, and 49 percent planning to outsource their security for the first time.

Continue reading →

The New York Times has announced that it is launching a Tor Onion Service version of its website. The new, more secure way to access the site will open it up to people around the world whose internet connections are blocked or monitored.

It also caters to a growing breed of people who are concerned about what their web browsing habit might reveal and who have turned to Tor to protect their privacy.

Continue reading →