At the USENIX Enigma conference, Facebook unveiled a new way to overcome the problem of forgotten passwords. Known as Delegated Recovery, the mechanism essentially allows two online services a user has accounts with to be used as a form of two-factor authentication.

Delegated Recovery is something of a new take on 2FA, building on Facebook's previously announced support for U2F Security Keys. The problem with password recovery via email or SMS, is that it's easy for the recovery medium to be compromised, and security questions are easily guessed. Delegated Recovery takes a new approach, and it's being trialed on GitHub.

Continue reading →

Security researchers from Context IS have uncovered serious vulnerabilities in a number of premium Samsung Galaxy phones which allow attackers to crash devices using a single SMS message and initiate ransomware attacks.

The report is part of a series which aims to show "how, even in 2017, SMS-based attacks on Android phones are still viable". As longtime readers might recall, iOS too was vulnerable to such attacks -- but that was nearly two years ago. While the report focuses on Samsung's Android handsets, the researchers suggest that the vulnerabilities could be found in other vendors' smartphones as well.

Continue reading →

USB flash drives are great for storing personal files on, so you can have easy access to them wherever you go. But what happens if you lose a drive or it gets stolen? All of your personal data could be at risk.

While there are ways to secure the contents of a flash drive using software, you need to remember to do so every time. The datAshur PRO, from iStorage, offers a hardware solution that’s simple to use and will protect your data with military grade XTS-AES 256-bit encryption.

Continue reading →

The way people access the internet is changing, with a shift towards portable devices, and that in turn has led to a shift in the software they use.

Independent testing company AV-Comparatives has conducted its annual survey focusing on which security products (free and paid) are employed by users, along with their OS and browser usage.

Continue reading →

Here we are, at the end of the first month of a new year and where are we? Well, I guess that very much depends on who you are. If you're a hacker, then things are looking good for you. If you're a consumer, the evidence suggests you won't be fooled twice, but is that good enough? And if you're a business, you've got the same security problems as last year but with enhanced threats from hackers and careless employees as well as enhanced expectations from consumers.

So, exactly what is happening in today's security world and what does it mean for you?

Continue reading →

New vulnerabilities discovered in 31 models of NETGEAR router are reckoned to leave at least 10,000 devices at risk and could affect many more.

Cyber security company Trustwave has released details of the vulnerabilities which allow an attacker to discover or completely bypass any password on a NETGEAR router, giving them complete control of the router, including the ability to change configuration, turn infected routers into botnets or even upload entirely new firmware.

Continue reading →

The proliferation of cloud services and diverse platforms in modern enterprises makes guarding against risk and protecting data a major challenge.

Cyber risk assurance company TechDemocracy is addressing this problem with the launch of a new platform to analyze the effectiveness of existing cyber risk and compliance solutions and offers a consolidated view of enterprise risk posture.

Continue reading →

With web browsers being among the most frequently used pieces of software out there, it's little wonder that there is so much concern about security surrounding them. Browser plugins can be a major security worry, and with Chrome 57 Google has taken the strange decision to block users from disabling them or changing their settings.

While this is not the same as preventing users from changing the settings for extensions, or removing them, it still has important implications -- particularly if a security problem should be discovered in a plugin Google bundles with Chrome.

Continue reading →

VPN software can be used to not only circumvent geoblocking, censorship and ISP blocks, but also to remain anonymous online. At least that's the idea. If you're an Android user who has a VPN app installed on your phone or tablet, the chances are that it is not safe.

Research shows that the majority of VPN apps to be found in Google Play contain spyware or malware, leak data, or include tracking components. This is in stark contrast to what most people would expect from such apps, and users are warned to double-check the choice they have made.

Continue reading →

Connected devices are a big part of all our lives and that goes for younger members of the family too, but of course connecting to the internet means risk.

A new survey from Intel Security shows 40 percent of British parents do not keep track of their children's online activity, so they don't know when their children are online or what websites and content they're accessing.

Continue reading →

To say that IT security professionals in the UK are in demand would be a severe understatement. A new report by Experis says there has been an increase of 46 percent in the demand for both permanent and contract IT security professionals.

The report, entitled Tech Cities Job Watch, says companies are putting more emphasis on long-term investments.

Continue reading →

Mid-market enterprises have very high confidence in their cyber security defenses, but in reality they struggle to defend against malicious activity which has become more sophisticated, more targeted and more severe.

Security operations-as-a-service company Arctic Wolf Networks along with research firm Vanson Bourne, surveyed IT decision makers at 200 companies with between 500 and 3,000 employees and uncovered a disparity between what IT professionals believe versus the reality of their security posture.

Continue reading →

Security is now the top priority for app development, surpassing availability, a new report by F5 Networks states. The State of Application Delivery report is based on a poll of more than 2,000 IT, networking, application, and security professionals worldwide.

Looking at how they are deploying and managing their applications in a rapidly evolving landscape, the report also says that organizations in the EMEA region (Europe, Middle East, Africa), expect more than three quarters (76 percent) of their apps in the cloud this year.

Continue reading →

Hackers are always keen to get their hands on people's social media accounts, so adding two-factor security is a good way of keeping your login details secure if someone tries to access your account on another device.

Facebook has offered verification by SMS message or mobile app for a while but it's now going a step further by making the FIDO U2F (universal 2nd factor authentication) security key available as part of its login process.

Continue reading →

Cyber criminals are employing more sophisticated techniques in their attacks, including the use of 'false flagging' to disguise their true source.

This is one of the findings of the latest threat intelligence report from NTT Security, on a positive note though it records a 35 percent decrease in the number of attacks in the final quarter of 2016.

Continue reading →