Eighteen percent of UK businesses have been the target of a cyber-attack in the last 12 months, according to a new report by Altodigital. These attacks cost the economy £1.9 billion.

Back in 2013 33 percent of companies were hacked, so Altodigital sees the current figure of 18 percent as a "welcome improvement." Each individual attack cost more than £2,000 last year.

Continue reading →

People like getting friend requests on social media, and hackers are using that to launch successful phishing campaigns. This is according to a new report released by phishd by MMR InfoSecurity.

After reviewing simulated attack campaigns targeting almost a million users, phishd by MMR InfoSecurity says that social media is the most effective lure to have victims clicking email links.

Continue reading →

If you want to keep your computer secure and clutter-free, it's important to keep an eye on what gets installed. This is fairly easy if you're the only person to use your computer, but less so if you share it with kids or other members of your household. To make it easier to lock down Windows 10 Creators Update, you can block the installation of all software that doesn't come from the Windows Store.

Why would you want to do this? Well, blocking non-Windows Store software means blocking traditional programs, and these are the ones that are more liable to be malicious or pose a security threat. Apps that have made it into the Windows Store have -- in theory -- been vetted to some degree, and are less able to wreak havoc. Here's what you need to do.

Continue reading →

Not content with publishing details of an unpatched Windows bug, Google has now gone public with a security vulnerability in both Microsoft Edge and Internet Explorer. Going under the description of "Type confusion in HandleColumnBreakOnColumnSpanningElement", the bug has the potential to allow an attacker to execute malicious code.

The vulnerability has been assigned the code CVE-2017-0037, and details of the flaw have been published under the terms of Google's Project Zero. Microsoft was notified about the problem 90 days ago, and as the company failed to patch it Google has made the problem public.

Continue reading →

Security researchers from Google's Project Zero have uncovered a critical bug in Cloudflare which allowed sensitive data -- like passwords, cookies and encryption keys -- from many hosted websites to leak online.

Patreon, Y Combinator, Medium, 4chan, Yelp, OKCupid, Zendesk, Uber and 23and Me are among the most-important affected websites. This security issue is so important that it is now being referred to as cloudbleed.

Continue reading →

If you want to secure your Galaxy smartphone, the first thing that you should do is set up a screen lock. But what if you want to go a bit further, and protect specific things on the device? Well, Samsung just released Secure Folder, which gives you a "private, encrypted space" to store sensitive data in.

Secure Folder is derived from Knox, the company's secure platform for business users, and can be seen as a consumer-focused iteration. It acts as a sandbox for apps and data and works with existing authentication options to keep them safe.

Continue reading →

Dropbox is looking to tackle unauthorized access and other security incidents in the workplace with a chatbot. Called Securitybot, it that can automatically grab alerts from security monitoring tools and verify incidents with other employers.

The company says that through the use of the chatbot, which is open source, it will no longer be necessary to manually reach out to employees to verify access, every time someone enters a sensitive part of the system.

Continue reading →

The Necurs botnet is one of the largest around at the moment and is principally known for sending spam including the Locky ransomware.

However, new research from BitSight's Anubis Labs has uncovered a new component being loaded in infected systems that allows it to use bots to enable proxy communications and perform DDoS attacks.

Continue reading →

Cyber-attacks against organizations in 2017 will continue to be as successful as they were last year, because organizations aren't addressing the pain points they had last year, a new report says.

Fujitsu's "Blind spots and security basics -- letting your guard down could cost you in 2017" report says that attacks over encrypted channels will continue to be missed, due to the lack of SSL inspection capabilities.

Continue reading →

After two years of research, Google has shown that it has successfully broken SHA-1 encryption. The company is yet to release details of how it achieved the first SHA-1 "collision", but has released a proof of concept.

In keeping with its own disclosure policy, details of how the encryption was effectively broken will be released after 90 days. In the meantime, you can take a look at two specially-crafted PDF files that have identical SHA-1 hashes but different content (the definition of a collision).

Continue reading →

Red Hat Product Security has published details of an "important" security vulnerability in the Linux kernel. The IPv6 implementation of the DCCP protocol means that it is possible for a local, unprivileged user to alter kernel memory and escalate their privileges.

Known as the "use-after-free" flaw, CVE-2017-6074 affects a number of Red Hat products including Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7 and Red Hat Openshift Online v2. Mitigating factors include the requirement for a potential attacker to have access to a local account on a machine, and for IPV6 to be enabled, but it is still something that will be of concern to Linux users.

Continue reading →

When vulnerabilities are found in Microsoft products, collective breaths are held until the company releases security bulletins. But analysis of security issues by software manufacture Avecto shows that the overwhelming majority of these vulnerabilities can be mitigated against by simply removing administrator right from users.

Avecto CEO Mark Austin and CTO Marco Peretti say that organizations need to address the problem of "over privileged users". The duo say that this would help to avoid the security problems caused by 94 percent of critical vulnerabilities in Microsoft products. The research also found that Windows 10 had the highest proportion of vulnerabilities of any operating system.

Continue reading →

The latest software vulnerability report from Secunia Research at Flexera Software reveals that the average US private PC user has 75 installed programs on their PC, 7.4 percent of which are no longer patched by the vendor.

More detailed analysis of the findings shows that 7.5 percent of users had unpatched Windows operating systems in the final quarter of 2016, up from 6.1 percent in Q3 of 2016 and down from 9.9 percent in Q4, 2015.

Continue reading →

Almost half (47.48 percent) of all phishing attacks in 2016 were aimed at stealing victim's money, and the amount of financial phishing attacks increased by 13.14 percent according to a new report.

The study by Kaspersky Lab analyzed attacks registered in 2016 by the company's heuristic detection technologies.

Continue reading →

As enterprises move to Windows 10, and take full advantage of the advanced security features offered in the operating system and in Microsoft Edge, cyber criminals will increasingly look towards the mobile ecosystem for exploits.

This is according to Fujitsu's latest report, which believes 2017 will see an even bigger increase in attacks against the mobile world.

Continue reading →