It's becoming increasingly clear that data breaches can happen to any company and at pretty much any time.

Protecting your company's data isn't just about securing your own systems, it also means ensuring that any third-parties you contract out services too are taking appropriate care too.

Continue reading →

Businesses increasingly face threats from within, but traditional security models are based around protecting a network from outside attacks.

A new report by trusted access specialist Duo Security looks at the new threat landscape where companies need to be able to verify the identity of users and the integrity of devices. It finds that while things are looking up, failure to keep systems up to date is still presenting a major risk for many organizations.

Continue reading →

Cisco and IBM have announced a new partnership that will see both companies integrate their security services, products and threat intelligence in an effort to bolster their cybersecurity offerings.

Both companies already have sizable security businesses and the partnership will see them share research and services with one another. Cisco's security suite will integrate with IBM's QRadar across networks, end points and cloud while IBM Global Services will offer support in managed security services to the company.

Continue reading →

There’s a huge number of creative hackers out there finding new and infuriatingly clever ways to compromise data. Then there’s an even more massive number of not-so creative hackers using the same old strategies because the same old vulnerabilities keep popping up in organizations the world over.

Either way, a data breach is devastating, but one route is far worse when it comes to explaining to affected users, investors and the Securities and Exchange Commission how the personal data of 1.2 million of a company’s users ended up for sale on the dark web. Now is the time to get to know six of the most common database security vulnerabilities -- before the FBI start asking some pretty tough questions.

Continue reading →

Google has updated Gmail with a number of new security features aimed at businesses that require better protection against malware and phishing scams.

The company announced today that it is bringing early phishing detection to its email service by using machine learning along with click-time warnings for malicious links found in emails as well as unintended external reply warnings.

Continue reading →

Password management service OneLogin has fallen victim to a serious attack. The company says that it "detected unauthorized access to OneLogin data in our US data region" -- this was blocked, but not before the attacker gained access to AWS keys and the ability to decrypt data.

The company warns that "all customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data." OneLogin has provided a guide for securing data, but it's possible that it may be too late for some people.

Continue reading →

Intel revealed in early-May that there is a critical security vulnerability in its Active Management Technology, which can be exploited to gain remote access to PCs. The feature is designed to help system administrators manage devices, so, due to its nature, it is more likely to affect enterprise users than consumers.

However, since the Surface line is popular with businesses, Microsoft wants to let its enterprise users know that no Surface devices are affected by the AMT vulnerability, despite it being offered in some of the processors available with its tablets and laptops.

Continue reading →

Realizing that its security settings were off-putting to many people due to being a shambolic mess, Facebook has rolled out a redesign which it says helps to improve clarity.

As well as giving greater prominence to the most important security settings, some options have been renamed. This comes after Facebook conducted some research into why users were clicking certain options but not changing them -- it turns out they had no idea what the settings actually did.

Continue reading →

Data security services company Egress has released data from the UK's Information Commissioner's Office (ICO) which shows that the health sector accounts for nearly half (43 percent) of all data breaches.

It also shows that human error, rather than external threats, is the main cause of incidents across every sector. Staff mistakes accounted for 49 percent of all breach incidents in the last quarter of 2016.

Continue reading →

A report published by the British American Security Information Council (BASIC) cautions that the UK's fleet of Trident submarines faces "growing potential for cyber-attack." The authors issue a stark warning that "a successful attack could neutralise operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads."

Government officials have long dismissed the risk of hacking the nuclear subs because they are not connected to the internet. But the report, entitled Hacking UK Trident: A Growing Threat, suggests that risk of malware infection during manufacturing or software updating are just two possible attack vectors that could lead to the compromise of nuclear weapons.

Continue reading →

Cyber attacks will cost businesses across the world $8 trillion in the next five years, according to a new Juniper Research report. Just to put things in perspective, India's entire GDP crossed $8 trillion two years ago.

The report says that we'll hit that threshold very soon due to higher levels of Internet connectivity, and inadequate enterprise-wide security.

Continue reading →

New research from the Ponemon Institute and risk assurance body Shared Assesments reveals a high level of concern among organizations about the security of IoT, yet a gap in understanding of how to mitigate and communicate the risks, especially as it relates to third parties.

The study of 553 individuals in industries such as financial services and healthcare reveals that 76 percent say a DDoS attack involving an unsecured IoT device is likely to occur within the next two years.

Continue reading →

TheShadowBrokers, the hacking group behind the leak of NSA malware, has announced further details of the "Data Dump of the Month" subscription service it has previously talked about. Now known as "TheShadowBrokers Monthly Dump Service," the launch sees the group switching from Bitcoin to Zcash as its currency of choice.

Signing up for the service will set interested parties back 100 ZEC (Zcash). As this equates to over $20,000, it's not a subscription that many people are likely to be taking out, particularly as there is no evidence that the group has more exploits to offer. The hacking group has previously said that it has Windows 10 vulnerabilities to expose.

Continue reading →

Google-owned Nest has unveiled the latest addition to its range of smart products -- the Nest Cam IQ. The new security camera not only boasts a 4K video sensor, but builds upon the motion detection feature offered by other similar cameras by adding facial recognition.

What this means is that the Nest Cam IQ is able to send out personalized alerts when it detects the presence of a particular person -- such as when your kids arrive home from school -- but it can also send out warnings when an unrecognized person is spotted. There's even Night Vision so it functions as a nighttime security camera.

Continue reading →

Millions of Android devices could have been affected by a new auto-clicking adware program found in apps developed by a Korean company.

Uncovered last week by security company Check Point malicious apps included a series of casual cooking and fashion games under the 'Judy' brand.

Continue reading →