Microsoft has published its latest transparency report and, for the first time, disclosed the contents of a National Security Letter it received. In addition to the debut appearance of such a letter in the report, Microsoft also reveals that in the reported period in 2016 the number of FISA orders more than doubled compared to the previous period.

As with previous reports, Microsoft is not permitted -- for reasons best known to the US government -- to reveal precise numbers when talking about the number of official requests for data it has received. As such, we know that in the most recent reporting period, it received between 1,000 and 1,499 FISA orders, up from 0-499.

Continue reading →

New legislation being considered by the Trump administration suggests that UK citizens traveling to the United States would have to hand over personal information such as passwords to their social media accounts and access to the contacts in their mobile phone or risk being denied entry to the country.

This comes just weeks after another travel-based regulation that banned certain electronic devices from some countries in North Africa and the Middle East bound for either the US or UK. At the same time, the upcoming GDPR is putting huge pressure on organizations to secure their data. How do these new travel regulations impact organizations trying to secure their sensitive data?

Continue reading →

Insider attacks can prove more costly than outsider ones, yet a good deal of enterprise security effort is still expended on protecting the perimeter.

Inside risk solutions specialist RedOwl is releasing the latest version of its Insider Risk Framework, designed to offer out-of-the-box capabilities to fight insider threats and which companies can quickly deploy with minimal specialist expertise.

Continue reading →

Enterprises are accelerating their use of encryption and the strategy is being driven by business units rather than IT teams.

This is among the findings of a study into encryption habits by cyber security company Thales, based on research carried out by the Ponemon Institute. It finds that 41 percent of enterprises now have an encryption strategy in place.

Continue reading →

Security professionals are putting pressure on themselves to secure their organization's systems according to the findings of a new report.

The 2017 Security Pressures Report from managed security specialist Trustwave surveyed over 1,600 security decision makers around the world and finds that while 53 percent of respondents report increased pressure in trying to secure their organization, that pressure is becoming more personal as 24 percent say they put the most pressure on themselves, up from 13 percent last year.

Continue reading →

The Brexit process is now officially underway, but there is still a good deal of talk about the validity of the outcome. A number of members of parliament have expressed concerns that a foreign government may have interfered with the referendum, making it difficult or impossible for people to register to vote.

The Commons public administration and constitutional affairs committee (PACAC) has published a report which looks at the possible causes for the crash of the "register to vote" site last year. It suggests that the crash bears the hallmarks of a DDoS attack, and notes that this is a tactic employed by both Russia and China in the past.

Continue reading →

Originally developed as a digital camera platform, Android has definitely come a long way. It just surpassed Windows to become the most popular operating system for Internet usage in the global digital realm.

This has been established through a report by StatCounter, which states that the global OS Internet usage market share of Android (37.93 percent) is 0.2 percentage points ahead of Windows (37.91 percent). You can check out the global operating system market share map, here. This is a huge win for Android, which accounted for a mere 2.4 percent of the worldwide Internet usage almost five years ago. Interestingly, Microsoft had been leading this market since 1980.

Continue reading →

While companies are keen to benefit from the agility and cost savings of using the cloud, there are still concerns about the ability to monitor and secure systems to an enterprise standard.

Ireland-based network analysis specialist Corvil is addressing this with the launch of a software-defined solution for packet-level instrumentation of virtual machines in public, private and hybrid cloud infrastructures.

Continue reading →

On March 14, the UK National Crime Agency and National Cyber Security Center sounded the alarm about the growing cyber threat. One of their conclusions was that ransomware represents a significant, and growing, threat to UK business. Combine this with the fact that the last 12 months has seen cyber attacks on an unprecedented scale, and you’ve got a melting pot of cyber activity right now.

These warnings come as no surprise. Ransomware use has exploded over the past year or so, particularly in the UK, simply because it is an easy way for cyber criminals to make significant amounts of money. Ransomware works, simply because many firms are forced to pay the ransom because they don’t have the defense systems in place to avoid doing so.

Continue reading →

The CIA's range of hacking tools revealed as part of WikiLeaks' Vault 7 series of leaks have been used to conduct 40 cyberattacks in 16 countries, says Symantec. The security firm alleges that a group known as Longhorn has been using tools that appear to be the very same ones used by the CIA.

While it would be obvious to jump to the conclusion that the CIA was itself responsible for the attacks -- and that Longhorn is just a branch of the CIA -- Symantec opts for a rather more conservative evaluation of things: "there can be little doubt that Longhorn's activities and the Vault 7 documents are the work of the same group."

Continue reading →

Security issues with Word documents are nothing new, but they have a tendency to rely on macros -- something which users have learned to become very wary of. But now security firms FireEye and McAfee have discovered a new attack strategy that takes advantage of Windows Object Linking and Embedding (OLE).

The attack can be used to infect even a fully patched computer with malware, and it is believed to be effective in most -- if not all -- versions of Microsoft Word, and Windows 10 offers no protection. The 0day works by using code embedded in a document to pull in malware from a remote server, using various techniques to hide what is going on.

Continue reading →

Last year, hacking group TheShadowBrokers released a number of NSA exploits into the wild, showing how the agency was able to exploit big-name firewalls. At the same time it also released a second cache of documents, encrypted and password protected. Now, in protest against Donald Trump, the group has released the password for the encrypted data.

TheShadowBrokers used a Medium post over the weekend to express their disgust at Trump's presidency. The documents and tools released allegedly demonstrate that the US government, through the NSA, has been actively hacking foreign government networks, and reveal an exploit for the Unix-based Solaris operating system.

Continue reading →

Wonga.com -- the payday loan website -- is investigating a security breach which exposed the personal details of tens of thousands of customers. Up to 270,000 customers in the UK and Poland are believed to have been affected by the breach.

The incident happened last week, but Wonga initially played down its significance. However this weekend the company determined that customer data was involved, including names, addresses, phone numbers, bank account numbers and sort codes and started an investigation.

Continue reading →

Mobile users frequently stray from official app stores when looking for new mobile applications, putting themselves under increased risk from malware, ransomware and other malicious actors. This is according to a new report by RiskIQ, which says that users in the UK are a bit more "conservative," and a bit more on the safe side compared to mobile users in the US.

The report, entitled "Appsession: Is our appetite for mobile apps putting us at risk?" is based on a poll of 2,000 mobile users -- 1,000 in the UK and another 1,000 in the US.

Continue reading →

The latest batch of documents published by WikiLeaks as part of its Vault 7 CIA series purportedly reveals the tools used by the agency to create malware for Windows. The Grasshopper framework is revealed in 27 documents, and they show how to create Windows installers with a malware payload.

Importantly, Grasshopper allows for the easy creation of custom malware delivery options, dependant on the operating system and virus protection detected on a target machine. The documents show that the CIA repurposed malware from Russian and Italian organized crime groups.

Continue reading →