Articles about Security

VMware has revealed how it wants to help businesses across the world keep their data secure.

At the company’s VMworld Europe 2017 event in Barcelona earlier this week, CEO Pat Gelsinger outlined the company’s new security strategy, including how its new AppDefense tool can help enterprises of all sizes stay safe online.

Continue reading →

How many desktops do you have out there that are still not on Microsoft Windows 10? Given the security vulnerabilities associated with earlier versions of Windows, the simple answer for most executives is too many. With new attacks like WannaCry and NotPetya appearing far too frequently, your IT teams are probably hard at work on a migration plan to move your older desktop systems to the more secure Windows 10 OS. In my company’s recent survey of nearly 500 IT professionals, nearly 80 percent of the respondents indicated that the enhanced security features of Windows 10 were the primary reason they were eager to migrate.

Still, migration takes time, and though it is comforting to know that more and more systems may be migrated over to Windows 10 each day, the lingering awareness of how many systems have yet to be migrated is reason for concern. It’s hard to be fully comfortable when you know how much of your organization is missing out on the security improvements of the new OS.

Continue reading →

Infamous hacker group OurMine has struck video streaming service Vevo. The group breached Vevo late on Thursday, gaining access to, and leaking, more than 3 terabytes of internal videos and documents.

OurMine -- more recently involved in HBO hacks and Game of Thrones leaks -- managed to get hold of office documents, videos and promotional materials. While many of the files and documents are fairly innocuous, at least some of them would be considered "sensitive" in nature.

Continue reading →

As of August 28, certain financial services companies based in New York now have to comply with the state’s new cybersecurity requirements, known by the (very long) acronym 23 NYCRR 500. On the line for affected banks and insurers are both penalties for non-compliance and potential business loss if they continue to expose their businesses to cyber threats.

The regulations took effect March 1, but included a three-month grace period for companies to get organized before needing to meet the first wave of mandates. Companies will have ongoing deadlines over the next two years as further layers of compliance continue to take effect. Notably, affected financial services companies will need to have an encryption strategy in place by September 2018.

Continue reading →

An interesting side effect of the recent hurricanes Harvey and Irma is that malware infections in the Florida and Texas areas have seen a dramatic fall.

Data released by Enigma Software Group, makers of the SpyHunter anti-malware software, shows that infections in the Houston area showed a 52.5 percent drop from the average on August 29th.

Continue reading →

With the launch of the iPhone X, Apple unleashed Face ID biometrics on the world. During a demonstration of the feature there was a SNAFU when Face ID failed to work as intended (due, Apple says, to staff playing around with the device beforehand), and there are many questions hanging over the idea of using one's face to unlock a phone -- Senator Al Franken has many questions, for example.

Among the questions posed by Franken and others are queries such as "what's to stop someone using a photo or mask to unlock my phone?", and "if a mugger steals my phone, could they not unlock it just be holding it in front of my face?" Good points, though Apple Senior VP Craig Federighi says there are built-in measures to prevent such instances of unauthorized unlocking.

Continue reading →

Chrome will stop trusting any security certificates issued by Symantec, Google has confirmed.

In a blog post, Chrome Security's Devon O’Brien, Ryan Sleevi and Andrew Whalley say that certificates from the security firm will be "distrusted," starting with version Chrome 66. This affects all certificates issued before June 1, 2016.

Continue reading →

From the moment Apple started to talk about Face ID, there were concerns voiced about privacy and security. It's not just security experts and potential users who have these worries; Senator Al Franken has written to Tim Cook asking for details about the safeguards Apple has put in place to protect users.

On top of this, Franken wants to know more about how Apple trained the Face ID algorithm, and seeks assurances that third parties will not be able to access or be granted access to Face ID data.

Continue reading →

Cyber criminals supplementing their income by mining cryptocurrencies like Bitcoin is nothing new. Usually this has been done by installing malware or PUPs on the machines of unsuspecting users.

But now researchers at ESET have discovered a new method of mining cryptocurrencies, which can be done directly within your web browser, using JavaScript. This gives attackers the potential to reach a greater number of victims, by infecting websites, rather than by targeting individual machines.

Continue reading →

Most app stores are still failing to adequately protect their users from malicious and fraudulent app downloads.

This is one of the findings of a new report by threat management company RiskIQ which analyzed 120 mobile app stores and more than 2 billion daily scanned resources.

Continue reading →

The Department of Homeland Security has told US government agencies to remove Kaspersky software from their systems. The directive was issued because of concerns about influence exerted over the company by the Russian government.

Government agencies have been given three months to identify and start to remove Kaspersky's security products. Kaspersky has constantly denied connections to the Russian government, but the US is simply not willing to take the risk.

Continue reading →

A recent report from Check Point Research suggested that the presence of Windows Subsystem for Linux (WSL) in Windows 10 poses a security risk to Microsoft's operating system. Researchers from Check Point highlighted the issue of Bashware attacks which use WSL to bypass security products.

Microsoft, predictably enough, disagrees with the findings -- and so do other researchers. The Windows-maker says it views the risk of Bashware as "low". But is the company being too dismissive?

Continue reading →

With internet threats showing no signs of slowing down, it's vital to keep all of your devices protected and this applies in the home as much as the workplace.

With the launch today of its latest consumer products, McAfee is aiming to protect against threats as well as offering online privacy and safety for the whole family.

Continue reading →

It's widely accepted that there is a shortage of people with cyber security skills, yet a new study shows that companies are failing to give IT professionals -- the people implementing and operating security strategies for most organizations -- the training and responsibility they need to take on a more proactive cyber security role.

The study, from security training company (ISC)2 also reveals that many IT professionals feel their security guidance is being ignored by business leadership.

Continue reading →

Armis Lab, the Internet of Things security firm, has revealed details of BlueBorne, a Bluetooth vulnerability that affects millions of iOS and Android smartphones, IoT devices, and Windows and Linux systems. In all, 5.3 billion devices are believed to be at risk.

The BlueBorne attack makes it possible for an attacker to spread malware or take control of nearby devices. What's particularly concerning is that for an attack to be successful, there is no need for device pairing, or even for a target device to be in discoverable mode. There's also no need for any sort of interaction by the victim -- everything can happen completely silently in the background.

Continue reading →