While many people welcomed the arrival of Windows Subsystem for Linux (WSL) in Windows 10, it has been found to be a potential security issue. A new technique known as a Bashware has been discovered by security researchers that makes it possible for malware to use the Linux shell to bypass security software.

While administrator access is needed to execute a Bashware attack, this is fairly easily obtained, and the technique can be used to disguise malicious operations from antivirus software and other security tools. Researchers from Check Point Research point out that the danger stems from the fact that "existing security solutions are still not adapted to monitor processes of Linux executables running on Windows."

Continue reading →

The second quarter of 2017 saw over 18 percent more adverts containing blacklisted content -- phishing, scams, exploit kits, and malware -- than Q1 according to a new report.

The study from threat management company RiskIQ shows some seasonal changes in the pattern of traffic, with a 24.2 percent drop in exploit kits, and a 42.7 percent drop in malware. However this was more than offset by a huge 131.3 percent rise in phishing-related ads.

Continue reading →

The ever-changing security landscape, which revolves around advanced and sophisticated threats aimed at data exfiltration and cyber espionage, has spawned a new breed of technologies. They are focused more on detection and response (EDR) rather than antimalware and anti-spyware capabilities, which are addressed by endpoint protection platforms (EPP). The combination of these technologies will set a new standard for security, providing an approach based on the most used and trusted solutions today.

Consequently, security companies have begun incorporating data protection and device management features into legacy EPP solutions, which in 2015 was an estimated $3.2 billion market. This change is an attempt to expand capabilities and tap into a new market that has typically been segregated from traditional security. Conversely, EDR vendors have begun integrating endpoint protection technologies to keep up with the new functionalities added by EPP vendors.

Continue reading →

Ransomware remains one of the most serious threats to organizations of all sizes, but traditional signature-based detection methods can struggle to identify the latest attacks.

Endpoint security company Carbon Black is launching its latest Cb Defense next-generation anit virus (NGAV) solution using 'Streaming Ransomware Protection' designed to detect and prevent attacks, even if the ransomware employs fileless techniques or unknown tactics.

Continue reading →

The data breach at credit agency Equifax looks to be one of the biggest in recent times. Industry experts have been quick to criticise both the company's security and its response to the breach.

Once again we've seen a breach exploiting a web app vulnerability that has managed to go undetected for several months. There has also been criticism of Equifax executives actions in selling $1 million worth of stock before going public about the breach.

Continue reading →

A security researcher discovered two serious flaws on the HMRC tax website which could have allowed attackers to view, or even edit, tax records. But the researcher, Zemnmez, was astonished not only by the flaws, but also at how hard it was to report them.

In a lengthy blog post entitled "how to hack the uk tax system, i guess," Zemnmez gives details of his findings. He also reveals that it took no fewer than 57 days to successfully report the issues so they could be looked into.

Continue reading →

A new study by application delivery and security company Radware reveals that US schools are uniquely vulnerable to the threat of cyber attacks.

The study of 1,000 US consumers shows that 15 percent of respondents think a 1-6 grade student easily disrupt school or university operations through a cyber attack, while 57 percent believe the same is true for high school students.

Continue reading →

We've seen quite a bit recently about the difficulties of recruiting cyber security personnel, and how the skills needed for the role have changed.

In a new initiative, IBM in the UK is teaming up with ex-forces employment specialist SaluteMyJob and non-profit education body the Corsham Institute to offer a free cyber security training course for military veterans.

Continue reading →

Data breaches are fairly common nowadays. This is unfortunate, as it exposes sensitive information to evil hackers and other nefarious criminals. Look, people are doing their best to make it through the day -- working long hours and struggling to make ends meet. Then, some computer nerd comes along and adds to life's difficulties by stealing identities. Sigh.

Today, another data breach comes to light, but this time it is particularly bad. In fact, it could quite possibly be the worst such hack in history. You see, credit agency Equifax -- a company you'd expect to be very secure -- had consumer information stolen. Now, it isn't just a handful of people that are affected. No, it is a staggering 143 million consumers in the USA! To make matters worse, it includes the holy grail of personally identifiable information -- social security numbers. Besides SSN, the hackers got birth dates and addresses too. For some of these unfortunate folks, even credit card numbers and driver's license numbers were pilfered.

Continue reading →

Most people don't hold onto their mobile devices for very long. New models boasting higher resolution cameras, sharper screens, and an abundance of new features, make buying new and getting rid of the old an annual tradition. However, before you turn it into the carrier for a price rebate, you want to be sure you eliminate all of your personal data first.

If you are selling your device, then you need to take additional precautions, as there may be another consumer utilizing your device and possibly accessing any information that may have been inadvertently left on the device. Mobile devices are built for synchronicity and convenience, so many functions are occurring in the background to offer you a personalized experience. This personalization should be stripped away.

Continue reading →

New technology can be exciting, but it tends to be confusing as well. Those of us who grew up in in the 90s may remember the new fad of installing high-tech security systems with cutting-edge motion sensors and state-of-the art wall panels. Every one of those worked great… for about a week. What began as a flurry of excitement and restful nights quickly turned into a big hassle, as false alarms woke the neighbors, and parents struggled to remember the right key combinations to get things back to normal. After a few short months, those once-exciting upgrades gathered dust, and the home of the future seemed even further from reality.

As you consider making security upgrades to your home today, you might have some reservations due to the technological promises of the past. The good news is that a renaissance of inexpensive technology and consumer-friendly tools has made home security and automation one of the most impactful upgrades you can make for your family.

Continue reading →

Internet of Things devices for the home are becoming extremely popular, but Apple HomeKit, well, isn't. The iPhone-maker's platform for controlling the home hasn't exactly set the world on fire. Slowly but surely, however, device manufacturers are starting to embrace it.

Today, Logitech announces that one of its existing home devices, the Circle 2 Wired security camera, is getting Apple HomeKit compatibility; the wireless variant is not supported at this time. This will allow you to interact with the wired camera using Apple's Home app. It also means Siri support -- a huge convenience.

Continue reading →

Security researchers have discovered that digital assistants, including Alexa, Siri and Cortana, are vulnerable to hacking via inaudible voice commands. Known as the DolphinAttack, the exploit involves the use of ultrasonic commands that cannot be heard by humans.

Researchers from China's Zhejiang University have detailed the attack technique in a paper, but there are so many limitations and caveats that the vulnerability is not something that most people need worry about.

Continue reading →

When looking to protect their systems from attack most companies focus on the  protection of endpoints, but it can prove hard for admins to gain visibility into individual systems.

Endpoint protection specialist SentinelOne is launching a new Deep Visibility module for its SentinelOne Endpoint Protection Platform, aimed at providing better visibility at all levels.

Continue reading →

To improve the security of their products, many high profile tech companies have introduced bug bounty programs. The rewards can be pretty substantial, depending on the severity of the bug and the quality of the report, as Samsung's first such initiative focused on its mobile devices proves.

Called the Mobile Security Rewards Program, Samsung's bug bounty program will pay researchers up to $200,000 for finding security vulnerabilities in its mobile devices and related software.

Continue reading →