More than half of businesses in the UK were victims of cybercrime last year, according to a new report by Beaming. The report says that 2.9 million UK firms, or 52 percent, experienced some form of cyber-security incidents, costing them £29.1 billion.

Most common incidents included virus infections and phishing attacks. Both of them have an equal share of attacks -- 23 percent. Less than a fifth (18 percent) went on hacks and data breaches.

Continue reading →

Password managers are often pitched as a convenient way to secure online accounts. Their main appeal is that they can generate and store very complex, distinct passwords -- that would normally be virtually impossible for the average person to memorize (or for someone to crack) -- and the user only has to remember a master password -- that encrypts them -- to access those credentials.

But, for password managers to be truly effective, they have to be secure in the first place. And that may be a problem, according to a new report by TeamSIK, which found serious vulnerabilities in many of the popular options available on Android, including LastPass, Dashlane, and 1Password.

Continue reading →

Following the revelation of vulnerabilities in Windows, Internet Explorer and Edge by Google, and the delaying of the traditional Patch Tuesday, Microsoft security update practices have been in the spotlight. Google's Project Zero has exposed security issues that Microsoft is yet to fix, so a third party has decided to step in to help out.

A new project going by the name of 0patch has created a "0patch" for a zero-day, addressing the Windows gdi32.dll memory disclosure (CVE-2017-0038) yet to be fixed by Microsoft. As the issue is unlikely to receive an official patch until at least the middle of March, this third-party option is all that's available for now.

Continue reading →

A new report suggests that Mike Pence not only used a personal email account to handle state business, but also that the email address was hacked. The US Vice President was one of many who were very vocal in denigrating Hillary Clinton for her use of a private email server in the run-up to the election.

The Indy Star says that Pence used an AOL email address to conduct public business during his time as governor of Indiana. The report also says that his email account was hacked, with a perpetrator gaining access to it in the middle of last year and sending out a fake email to his contacts.

Continue reading →

Researchers at Trustwave have uncovered a backdoor in IoT devices from a Chinese manufacturer that could leave them open to exploitation.

The backdoor is present in almost all devices produced by VoIP specialist DBLTek, and appears to have been purposely built in for use by the vendor.

Continue reading →

Advertising agencies, search engines and cybersecurity specialists should work collectively to tackle the security threat from rising malvertising.

According to Ben Williams, head of operations and communications at Adblock Plus unless this happens more users will be exposed to potential security compromises such as malware and phishing, and this will drive further adoption of adblockers as a solution to these threats.

Continue reading →

Yahoo CEO Marissa Mayer is not going to receive her annual bonus this year as the company punishes her for failing to react quickly enough to a security breach in 2014. Her bonus is to be shared between staff instead.

The security breach, followed by another in 2016 involving the use of forged cookies, meant Yahoo's sale to Verizon had to be renegotiated, slashing millions of dollars from the price. The company has revealed that around 32 million user accounts were accessed using forged cookies, and while this is nothing like the 500 million accounts affected by the 2014 breach, it rocked faith in Yahoo and Mayer felt it best to also pass on her stock award.

Continue reading →

Windows 10 Creators Update is expected to launch in April, and will deliver a wealth of new features and improvements. While a lot of the focus is on 3D creation, gaming enhancements, and security, Microsoft has also made a lot of welcome changes to the user experience.

Michael Fortin, CVP of Windows and Devices Group Core Quality, reveals today that the Creators Update will give users much greater control over privacy, security, and updates.

Continue reading →

We've heard the phrase, "users are the weakest link," more than we can count. Building a more resilient cyber security strategy means flipping the model on its head and making people part of the solution. Instead of starting with a technology-based strategy, Absolute discusses how and why organizations can take a people-first security strategy.

Paul Proctor, chief of research for risk and security at Gartner was quoted as saying: "we are facing a cultural disconnect [...] executives believe that IT risk and security is a technical problem." Of course, that’s wrong. Deep down, we know it’s wrong. Security, is, and always will be, a people problem. At least until the robots fully take over. Until then, though, we have to come to grips with the simple fact that with the way security is typically deployed in enterprises today, users will continue to click on things they shouldn’t, visit sites they shouldn’t, or make other uninformed or careless choices leading to breaches, incidents, or loss in availability of systems and data.

Continue reading →

Data breaches caused by account take overs (ATOs) are a growing problem, partly due to people reusing passwords so that when a high profile breach -- such as the recent one at Yahoo -- occurs other accounts are put at risk.

User behavior specialist Sift Science is taking on this threat and expanding into the cyber security market with a new tool to detect ATOs.

Continue reading →

With increasing amounts of sensitive data stored in the cloud and accessed on mobile devices, protecting that information presents a major challenge.

Data management specialist Informatica is adding to its Secure@Source platform with behavioral analytics to detect high risk data and ensure it's properly protected.

Continue reading →

While storing data in the cloud is undoubtedly convenient it also introduces risks and encryption is increasingly seen as a way of helping combat them.

Database-as-a-service company mLab is introducing encryption-at-rest as an opt-in data security measure for customers of its most popular plans, at no additional cost.

Continue reading →

With more and more organizations moving their operations to the cloud, old approaches to security are put under strain and struggle to cope with the new way of working.

Network security specialist Observable Networks has put together an infographic looking at the current state of cybersecurity and how old approaches don’t adapt to the cloud.

Continue reading →

Mobile malware detection almost tripled in 2016 and advertising Trojans exploiting super-user rights became the top threat.

These are among the findings of Kaspersky Lab's 2016 Mobile Threat report released today, which looks at reports generated by the company's mobile products.

Continue reading →

The Internet of Things will have been adopted by 85 percent of businesses by 2019 according to a new global study.

The report from Aruba Networks shows that there are clear business benefits from IoT investments despite the fact that they can lead to additional risk.

Continue reading →