It should come as no surprise that hackers have been busy lately. According to my go-to resource on hacking stats, the Identify Theft Resource Center, breaches jumped from 780 in 2015 to 1,093 in 2016. Is there a way to take a proactive approach to data security that doesn’t involved investing in more firewalls or virus protection software and ultimately get to the real-source of vulnerabilities?

Yes and yes. The answer is penetration testing, or pen testing for short. It’s a white-hat approach that challenges organizations to expose the vulnerabilities inside their own systems by understanding how a cybercriminal could exploit their internal information.

Continue reading →

A couple of bizarre incidents happened to Three users in the UK recently, and the media are suspecting the company might be facing a new data breach.

According to a report by The Guardian, some customers, logging into their accounts, were "presented with the names, addresses, phone numbers and call histories of strangers."

Continue reading →

Mature development organizations make sure automated security is built into their DevOps practice early, everywhere and at scale, according to a new report by Sonatype.

The report, entitled 2017 DevSecOps Community Survey, is based on a poll of 2,292 IT professionals, and also says IT organisations continue to struggle with data breaches.

Continue reading →

Today Google published its third annual Android Security Year in Review, the day after the launch of the developer preview of Android O. Looking back at 2016, the report details the steps the company has taken to keep Android users and their data safe. Google cites a crackdown on Potentially Harmful Apps as a particular success, and points to the fact that security updates have been issued to 735 million devices.

But it’s not all good news. Many of the security improvements are to be found in Android 7 Nougat which is only available on a limited number of devices. Additionally, a large number of handsets are not eligible for the monthly security updates the company pushes out.

Continue reading →

A modified version of a threat that first appeared in 2014 is successfully targeting users in Latin America according to the SPEAR research team at threat prevention specialist Cylance.

Attackers using the El Machete malware -- first identified by Kaspersky -- have moved to new C2 (command and control) infrastructure, based largely around dynamic DNS domains, in addition to making some minimal changes to the malware in order to evade signature-based detection.

Continue reading →

Microsoft could be on the verge of making greater headway in China after completing a modified version of Windows 10 for the Chinese government.  The operating system has been banned for governmental use for some time despite the fact it is already available to consumers in the country.

A joint venture with state-owned China Electronics Technology Group, Microsoft's modifications are now awaiting government approval. While details of the included changes are not being released, China's concerns about other nations implementing surveillance through the software will almost certainly have been a key factor.

Continue reading →

New research from software supply chain automation company Sonatype reveals that the adoption of DevOps is leading businesses to adopt a different approach to security.

The survey shows that mature development organizations are ensuring automated security is woven into their DevOps practice, early. But the results reveal that IT organizations continue to struggle with breaches as a nearly 50 percent increase was recorded between Sonatype's 2014 and 2017 surveys.

Continue reading →

Not content with its second crack of the whip with a travel ban, the Trump administration has now issued a ban on larger electronic devices being taken on flights from certain countries. Devices larger than a cell phone will not be permitted in cabin baggage but must instead be checked in.

The ban is set to run indefinitely, and means that laptops, tablets, portable DVD players, ebook readers, portable games consoles and other larger electronic devices will be banished to the holds of aircraft. While the ban focuses on individual airports rather than countries, it has been noted that they are located in Muslim-majority parts of the world

Continue reading →

It was a big day for IBM today, as it unveiled its first Blockchain-as-a-service. Unveiled at the Interconnect conference, this commercial blockchain service is based on the open-source Hyperledger Fabric 1.0, built by The Linux Foundation.

In a nutshell, IBM Blockchain allows customers to build their own secure blockchain networks. It took the company a year to bring it from the initial announcement to a finished product.

Continue reading →

An old vulnerability was just discovered in the Linux kernel, potentially allowing hackers to gain privilege escalation, or cause a denial of service. The vulnerability was quickly fixed and there have been no signs of it in the wild, although that does not necessarily mean it went unnoticed.

According to Positive Technologies expert Alexander Popov, the CVE-2017-2636 vulnerability is seven years old and has affected the majority of popular Linux distributions, including RHEL 6/7, Fedora, SuSE, Debian, and Ubuntu.

Continue reading →

Almost a third of companies have suffered either data loss or a security breach because their employees use mobile technologies to work. This is according to a new report by Apricorn. The company polled 100 IT decision makers in the UK for the report.

Almost half (44 percent) expect mobile workers to expose their company’s data to risks of breaches and theft. Nearly half of respondents also agree that employees are the biggest security threat to their company.

Continue reading →

Gaining access to accounts is often done the old-fashioned way, using brute force guesses, but a new report reveals that many devices and accounts still have default usernames and passwords.

The study from visibility and testing company Ixia shows the top five username guesses as root, admin, ubnt, support, and user -- ubnt being the default username for AWS and other cloud services based on Ubuntu.

Continue reading →

Once again, an urban myth turns out to be true. People know mobile apps can be targeted by hackers, they fear the scenario, yet they’re doing very little to protect themselves from such potential attacks.

The confirmation was released by F5 Networks, in a study into the UK’s app-centric society and consumer behaviors.

Continue reading →

M-Kavach is a versatile Android security app from the Center for Development of Advanced Computing, a research and development arm of the Indian government.

The app offers several modules and security layers to protect you from a range of threats. M-Kavach can restricts app access to key resources, including Wi-Fi, Bluetooth, camera and mobile data.

Continue reading →

The CIA's hacking tools leaked in the WikiLeaks Vault 7 disclosure revealed vulnerabilities in a range of popular software titles. Julian Assange has said that his organization will share details of the zero days revealed in the documents with the respective technology companies, but it now transpires that there are certain conditions to meet first. It’s a situation that has more than a slight air of "ransom" to it.

Microsoft has initially complained that after the initial leak there had been no contact from either WikiLeaks or the CIA, but it seems that contact has now been made with the Windows-maker and other companies. Mozilla is among those to have been contacted and to have responded, and sources suggest that Assange has attached conditions to disclosing details of vulnerabilities.

Continue reading →