Ransomware continues to be the most lucrative business model for cyber crime, and a new study indicates that existing endpoint protection methods may not be enough to guard against it.

The survey from security awareness training organization KnowBe4 questioned more than 500 organizations about the current state of their ransomware protection, whether they were a victim of ransomware, the impact of a successful breach and their remediation tactics.

Continue reading →

Since October, Datto has been conducting testing designed to quickly detect ransomware in backup data sets. Here’s why: it has become a major threat to individuals and businesses over the past few years, and the cyber extortionists behind these attacks operate with increasing sophistication. SMBs can be particularly vulnerable to attacks and are more likely to pay a ransom to get their data back than large businesses.

In many cases, these attacks are conducted by large criminal organizations using wide-reaching botnets to spread malware via phishing campaigns. Victims are tricked into downloading an e-mail attachment or clicking a link using some form of social engineering. Fake email messages might appear to be a note from a friend or colleague asking a user to check out an attached file. Or, email might come from a trusted institution (such as a bank) asking you to perform a routine task. Sometimes, ransomware uses scare tactics such as claiming that the computer has been used for illegal activities to coerce victims. When the malware is executed, it encrypts files and demands a ransom to unlock them.

Continue reading →

2016 was a record setting year for data breaches and hacks. In the last few months of the year Yahoo began making headline news for all the wrong reasons with two stories around how it was the victim of the largest cyber-attack in history, which saw one billion accounts being compromised. Making this situation all the more worst for Yahoo, was the fact that it was in the process of being acquired by Verizon.

This hack in fact has resulted in Verizon paying $350 million less for Yahoo and receiving confirmation from Yahoo’s board that any future legal costs or reparations will be jointly covered. The bad news of companies across the globe is that Yahoo’s attack is likely to only be the beginning. As cyber attacks escalate in both their volume and size the dangers to companies looking at acquiring others rises.

Continue reading →

Privacy and security are major concerns when it comes to life online, but a survey by Mozilla reveals that a worrying number of people do not know how to stay in control of them. The company also found that a third of people feel they have no control over their information online, with a similar number confessing to knowing "very little" about encryption.

But these are not the only concerns of internet users. Mozilla also asked about people's greatest online fears. Topping the list is "being hacked by a stranger" (a fear held by 80 percent of people), and "being tracked by advertisers" (61 percent). As well as presenting the results of its survey, Mozilla also has some important advice.

Continue reading →

Vulnerabilities in software are at the heart of many security problems, providing a foothold for hackers that they can use to gain access to systems.

The latest Vulnerability Review from the Secunia Research arm of Flexera Software maps the security threat presented to IT infrastructures and explores vulnerabilities in the 50 most popular applications on private PCs.

Continue reading →

Last year's highly publicized Yahoo and LinkedIn breaches exposed millions of users' passwords to the public and saw them for sale on the dark web.

Researchers at behavioral firewall company Preempt have analyzed the leaked LinkedIn passwords to find out how many were weak before the breach occurred.

Continue reading →

Despite being based on the very secure Linux kernel, Android isn't necessarily a very secure operating system. Unlike iOS which does a great job of shielding its users from installing apps from outside Apple's own App Store, it is far too easy to do so on Google's mobile OS. Also, there is nothing requiring manufacturers to issue device updates, meaning many users are forced to use outdated and vulnerable versions of the operating system.

For the most part, however, Android users can remain safe by acting intelligently, such as only installing apps from the Play Store. Well, that might not be so true anymore. You see, it has been discovered that many models of Android smartphones -- from manufacturers such as Samsung, LG, and even Google's own Nexus line -- are being sold with malware pre-installed. This is particularly bad malware, as it can steal user information. Some devices even came pre-loaded with ransomware!

Continue reading →

The Vault 7 leaks this week suggest that the CIA has been able to exploit vulnerabilities in a wide range of popular hardware and software, including Windows, macOS and Linux. One of the suggestions is that the agency produced EFI (Extensible Firmware Interface) rootkits for MacBooks called DarkMatter.

To help calm the fears of MacBook owners, Intel Security has pushed out a tool to check for such rootkits. Apple issued a statement earlier this week indicating that it had addressed "many of the issues" exposed by WikiLeaks, but Intel Security's further intervention will bring some peace of mind to concerned users.

Continue reading →

We’ve been losing the war on cybercrime for some time. Research firm Forrester reports over a billion accounts stolen in 2016 alone, and these data breaches are going up, not down. We are having to wade through more incident data, and people cannot keep up. Could machine learning help solve the problem?

For years, researchers hoped that artificial intelligence would produce human-like machines. Now, they focus on a subset of AI that can solve more realistic and useful challenges. Machine learning cannot do everything a human can, but it doesn’t have to. Instead, we can train it to be good at narrowly-defined tasks -- even better at them than humans, in some cases.

Continue reading →

More than a fifth (21 percent) of all websites are still using an insecure certificate, which is leaving them open to different types of cyberattacks. This is according to a new report from cyber security experts Venafi.

The report says many sites are still using the SHA-1 certificate, which means they’re vulnerable to man-in-the-middle attacks, brute force attacks and collision attacks, all of which can expose the site’s sensitive data.

Continue reading →

AgileBits, the company behind popular password manager 1Password, is raising the top bug bounty reward from $25,000 to $100,000, following the discovery of serious vulnerabilities in popular password managers, including its own service, that could have allowed attackers to gain access to user data.

To receive the highest reward in its bug bounty program, AgileBits says that a researcher would have to access an unencrypted "bad poetry" flag that is stored in a 1Password vault.

Continue reading →

When your job is writing about technology you get used to receiving the somewhat off the wall ways companies come up with to promote their products.

Kaspersky's latest endeavour though had us scrambling for the calendar to check whether it was April 1st, as the company is launching a fragrance. Described as 'threatening yet provocative' the rather disturbingly named Threat de Toilette comes, like all the best scents, in pour femme and pour homme versions.

Continue reading →

Last week 0patch produced what was described as the first 0-day patch for Windows in lieu of Microsoft's usual Patch Tuesday release. It came after Google revealed a pair of vulnerabilities affecting IE/Edge and Windows.

Having addressed the problem in Windows, 0patch is at it again, this time patching the "type confusion" bug (CVE-2017-0037) that plagues Internet Explorer and Edge. This patch is described as an attempt to "release a simple temporary patch that blocks an attacker than try to create a perfect patch", and it's available for anyone who is willing to place their trust in third-party patching.

Continue reading →

Technology companies will be given access to the CIA's hacking tools revealed earlier in the week, Julian Assange said today. The WikiLeaks founder said that full details of the exploits used by the CIA would be shared with a view to allowing companies to patch the security holes.

Apple has already said that it has fixed many of the iOS vulnerabilities mentioned in the document cache, and we know that the CIA exploited vulnerabilities in all major operating systems as well as weaponizing numerous popular programs. While WikiLeaks has made certain details of the CIA's hacking tools public, it intends to share them in their entirety privately so software developers can create patches.

Continue reading →

Businesses and consumers recognize the benefits of mobile payments, but worries over security are holding back adoption according to a new report.

The study by Oxford Economics interviewed 2,000 consumers and 300 business executives and finds that 62 percent of consumers say mobile money enhances their buying experience, and 72 percent of executives say mobile payments can boost their sales.

Continue reading →