The Magecart attack which injects JavaScript into unpatched eCommerce sites in order to capture payment information first appeared in October last year.

Researchers at threat management specialist RiskIQ have been following a new strain of Magecart and found that it offers a rare insight into the operations of the actors behind digital threats.

Continue reading →

There’s plenty of talk on how small and medium-sized businesses can and should protect themselves from cyber-attacks. However, when it comes to the aftermath of a cyber-attack, things are awkwardly quiet.

This is according to a new report by PolicyBee, which says cyber recovery is not really in the minds of SMB owners. This is despite a third of those surveyed saying that they think a cyber-attack is inevitable, with a further quarter believing it is "likely" to happen.

Continue reading →

Recently there has been much talk of the death of the password and a switch to other forms of authentication, like biometrics, which are seen as more secure.

But is biometric security a complete answer, and do we risk swapping usability for security? We spoke to Perry Chaffee, vice president of strategy at password-less security company WWPass to find out about the latest trends in authentication.

Continue reading →

Brits still use public Wi-Fi for things they should not, a new report by Norton by Symantec claims. By doing so, they’re putting a lot of their personal information at risk.

The report says most consumers have a "false sense of security" when using public Wi-Fi. Almost two thirds (65 percent) feel safe when they use public Wi-Fi, and less than a fifth (19 percent) use a VPN.

Continue reading →

Researchers at behavioral firewall specialist Preempt have discovered two vulnerabilities within the Microsoft Windows NT LAN Manager (NTLM) security protocols.

The first involves unprotected Lightweight Directory Access Protocol (LDAP) from NTLM relay, and the second discovery impacts Remote Desktop Protocol (RDP) Restricted-Admin mode. Both vulnerabilities can result in unauthorized credential use, risk of password cracking and potentially domain compromise.

Continue reading →

Recent high profile ransomware attacks including WannaCry and NotPetya have highlighted the fact that often the time organizations take to recover is just as damaging as the attack itself.

Network visibility firm Portnox is aiming to tackle this with the launch of Rapid Ransomware Response and Control as part of its suite of network access control (NAC) systems.

Continue reading →

Cloud security specialist Barracuda Networks is announcing enhancements to its firewall products to help customers speed up Microsoft Azure adoption and become cloud ready.

Barracuda NextGen Firewall and Barracuda Web Application Firewall (WAF) both now integrate with Microsoft Operations Management Service (OMS). A Barracuda WAF specific dashboard is now available in the Azure Marketplace, making it easy for administrators to take advantage of this integration.

Continue reading →

Solid state drives (SSDs) are a compelling proposition for IT procurement, as they have several advantages over hard disk drives (HDDs). The lack of moving parts means they generally last longer and are more reliable. Their faster access speed enables programs to run faster. Plus, they use less power, which improves device battery life and generates less noise. Prices are dropping fast, making this less of a factor when evaluating the two technologies side-by-side.

It’s no surprise that Gartner predicts 2017 will be the year revenue from enterprise sales of SSDs surpasses that from the older, more established technology. However, if organizations don’t want to run into substantial problems further down the line, a key question must be asked. Do IT and security teams have a good enough understanding of the technology to manage it appropriately? Take the data sanitization process at the point when an SSD-based device is due to be recommissioned, recycled or resold. Are the correct methods for carrying out and validating the complete sanitization and erasure of data both known and understood? Unfortunately, our research proves they’re not.

Continue reading →

If you use Facebook at all, you have almost certainly seen warnings recently that make reference to Jayden K Smith. You've probably not only been warned about this "hacker" but also been advised to make everyone you know aware of the danger they pose.

"Please tell all the contacts in your messenger list not to accept Jayden K. Smith friendship request. He is a hacker and has the system connected to your Facebook account. If one of your contacts accepts it, you will also be hacked, so make sure that all your friends know it," reads the message. It is -- of course -- utter nonsense, yet it is being shared far and wide. Stop it. Stop it this instant.

Continue reading →

Almost two thirds of IT decision makers in the UK (61 percent) think budget cuts will leave a mark on their IT investment abilities.

This is according to a new report by Sungard Availability Services, which also reported that almost half (48 percent) of those surveyed expressed worries that their security could also be affected by budget cuts.

Continue reading →

Just like in a real-life crime scene, forensic evidence for cyber-crimes must not be tampered with. That's why sometimes investigations take too long -- forensic researchers need a lot of time to reach the crime scene and extract malware samples without compromising evidence.

Kaspersky Lab identified this as a huge pain point in the combat against cyber-crime, and has since released a tool to help all researchers do their work faster and with more precision.

Continue reading →

The fact that cybercriminals like to be paid in Bitcoin to unlock encrypted files or sell private information gives the impression that criminals must be major users of cryptocurrency. However, a new report from the European Commission suggests that the reality is very different.

Criminal organizations rarely use cryptocurrency (or, as the European Commission calls it, virtual currency) for illegal activities, like financing terrorism and money laundering, because it requires a certain level of technical expertise that hampers adoption.

Continue reading →

The meeting between Donald Trump and Vladimir Putin was always going to generate a great deal of interest. After the two presidents had their first (official) meeting on Friday, Trump tweeted on Sunday that the pair has discussed "forming an impenetrable Cyber Security unit."

Considering Trump has accused Russia of hacking the US election, such an arrangement would seem unlikely. Nonetheless, the topic was broached. It was brought up "so that election hacking, & many other negative things, will be guarded and safe." But it didn’t take Trump long to back down from the idea.

Continue reading →

There has been a significant increase in the amount of cyber-attacks targeting UK’s businesses in the second quarter of 2017, a new report has claimed

Research by business ISP Beaming found that the number of online attacks rose significantly in the three months from April to June. During this time, 65,000 attacks were recorded -- a 52 percent increase compared to Q1 2017.

Continue reading →

The Petya ransomware -- and several variants -- wreaked havoc with data around the world, but now the author of the original malware has released the master decryption key.

Janus Cybercrime Solutions has provided a key that work with all "official" variants of Petya (meaning NotPetya is not included). The key was released to -- of all places -- Mega, and its authenticity has been verified. While Petya has already been cracked, the key offers the fastest and most reliable decryption method yet.

Continue reading →