Articles about Security

For a vestige of the past, the password has managed to hold on and remain alive -- even though some of the top people in computing said that it had already died over a decade ago. In one of his more famous predictions, Microsoft founder Bill Gates said that passwords were on the way out already in 2004. Problem is that Gates, for all his wisdom, didn’t tell us what to use to replace passwords.

"There is no doubt that over time, people are going to rely less and less on passwords," Gates said at the RSA conference in 2004. "People use the same password on different systems, they write them down and they just don't meet the challenge for anything you really want to secure." How prescient he was, it turns out. There were hackers back in 2004, but hacking was nothing like the major international industry it is today -- responsible for tens of billions in losses every year, and endangering businesses large and small.

Continue reading →

The percentage of ransomware attacks almost doubled in the first half of 2017 compared to the first half of 2016, from an average of 26 percent to an average of 48 percent of the main attack categories worldwide.

This is according to a mid-year cyber attack trends report from threat prevention company Check Point. It also finds that 23.5 percent of organizations were impacted by the RoughTed malvertising campaign, and 19.7 percent of organizations were impacted by the Fireball malware over the same period.

Continue reading →

Researchers have discovered that cyber attackers are exploiting a vulnerability that allows them to elude antivirus software to deliver malware via Microsoft PowerPoint.

The flaw itself exists in the Windows Object Linking and Embedding (OLE) interface and attackers have previously used it to deliver infected Rich Text File (.RTF) documents. Trend Micro's researchers noticed that attackers have now infected PowerPoint files to deliver malicious code.

Continue reading →

A new survey of information security professionals carried out at last month's Black Hat conference suggests that the majority think encryption backdoors are ineffective and potentially dangerous.

The study carried out by machine identity protection company Venafi finds that 72 percent of respondents don't believe encryption backdoors would make their nations safer from terrorists.

Continue reading →

Malware threats have reached dangerously high levels, according to a new report that highlights the sheer scale of threats facing businesses today.

The latest Kaspersky Lab Malware report, covering the three months of Q2 2017, claims that Kaspersky Lab's products blocked more than five million attacks involving exploits in this time period.

Continue reading →

Amazon Web Services has launched a new machine learning service aimed at helping organizations protect their sensitive data in the cloud.

Macie's general premise is quite simple: it analyzes data on the S3 storage service, and is capable of identifying names, addresses, credit card numbers, driver licenses or social security numbers, stuff like that.

Continue reading →

According to a new survey, workloads run on in-house systems suffer 51 percent more security incidents than those on public cloud services.

The study from cloud security and compliance company Alert Logic analyzed more 2 million security incidents captured by its intrusion detection systems over 18 months.

Continue reading →

Passwords and their effectiveness is a subject that continues to come under the spotlight, particularly with the publication of a recent United States National Institute for Standards and Technology (NIST) document recommending a move to passphrases.

Security awareness training specialist KnowBe4 has carried out a survey of 2,600 IT professionals to look at how organizations are managing passwords and determine how the proposed passphrase concept stacks up against methods currently in use.

Continue reading →

Security researchers have managed to infect a computer with malware embedded in a strand of human DNA.

The news sounds like a science-fiction writer's dream, but when biologists want to handle large amounts of DNA samples, they need to digitize them and process them on their computers. But the software that they use to process these samples is usually open-source and often doesn't follow security best practices.

Continue reading →

Today our lives are inextricably tied to our mobile devices. We use them just like mini-computers, handling sensitive personal and work-related matters throughout the day. This trend is concerning because mobile devices were not designed with security in mind and are now arguably the biggest threat to both consumer and enterprise security.

Just like we have seen with the evolution of computer threats, cybercriminals are catching onto the new opportunities mobile presents. This past year, we have witnessed a dramatic spike in mobile-first cyberattacks like social media and SMS phishing, malicious apps and even robocalls. These attacks are also only going to increase with the bring your own device workplace.

Continue reading →

IT systems at the Scottish Parliament have been struck by a "brute force cyber-attack" from an unknown source. Staff have been advised to change passwords as a result of the attack.

Paul Grice, Chief Executive at Holyrood, says that the attack is similar to the one Westminster suffered back in June. The hackers have attempted to crack passwords as well as trying to access parliamentary emails.

Continue reading →

As the internet of things spreads into more and more areas, increasing numbers of medical devices are now connected, making them vulnerable to cyber attacks that could shut down medical processes, expose critical hospital and patient data, and ultimately put patient safety at risk.

Many medical devices are not built with cybersecurity in mind, yet a survey by Deloitte Cyber Risk Services of over 370 professionals organizations operating in the medical device/IoT arena shows that 36.5 percent have suffered a cyber security incident in the past year.

Continue reading →

Businesses are struggling to keep pace against the rising level of cyber security threats, according to a new study.

The Threat Monitoring, Detection and Response Report from Crowd Research Partners -- produced in partnership with a number of leading cyber security vendors -- finds that the biggest concern is dealing with advanced threats in three key areas, ransomware (48 percent), phishing attacks (48 percent) and attendant data loss (47 percent).

Continue reading →

Accessing privileged accounts is the hacker's number one choice of the easiest and fastest way to get access to critical data according to a new study.

Privileged account solutions specialist Thycotic carried out a survey of more than 250 hackers at 2017's Black Hat conference and found that 32 percent of respondents see privileged accounts as the best way of getting hold of sensitive data, with 27 percent preferring access to user email accounts.

Continue reading →

There’s a penchant by many to measure the quality of IPS (Intrusion Prevention System) solutions by the number of threat signatures supported by the vendor. Checkpoint points to how it delivers "1,000s of signature, behavioral and preemptive protections." Fortinet claims its FortiGuard IPS service inspects "over 8,000 signatures consisting of 15,649 rules." Cisco IOS Inline IPS "supports more than 7000 signatures."

Presumably, the more signatures the more thorough the IPS. But is that really the right measure for today’s defending against today’s threat landscape?

Continue reading →