A new survey reveals a disconnect between the security solutions organizations spend money on and the ability of those solutions to protect sensitive data.

The study from security solutions company Thales e-Security and 451 Research finds that while 30 percent of respondents classify their organizations as 'very vulnerable' or 'extremely vulnerable' to data attacks the two top spending priorities are network (62 percent) and endpoint (56 percent) protection solutions.

Continue reading →

You no longer have to be a large corporation to draw the attention of cybercriminals. In fact, your small business could be appealing to hackers, simply because you don’t have the same level of security that a big firm can bring to bear.

Learning more about the most common risks can help you protect your organization and ensure you don’t fall victim to a scammer.

Continue reading →

Just over a year ago we reported that, for the first time in five years, human web traffic had overtaken bot traffic.

It seems, however, that human dominance was short lived. The latest Imperva Incapsula Bot Traffic Report shows that in 2016 the bots were back on top with 51.8 percent of online activity, although it's an increase in good bot activity that has driven the trend.

Continue reading →

The Lloyds Banking Group fell victim to a massive cyberattack this week, that was responsible for temporarily disrupting its services.

The attack is being attributed to an international hacking group. It launched a distributed denial of service (DDoS) attack against the company's online services that lasted for two days. During this time, customers were reportedly unable to make payments online or check their account balances.

Continue reading →

Cyber crime is a competitive business, particularly for those who buy and sell their dubious services via online marketplaces.

But that competition can lead to the scammers being scammed. So called 'rippers' seek to defraud other criminals by selling dumps of fake social media credentials or invalid credit card details, or taking money without delivering the promised goods.

Continue reading →

Last year we reviewed the Aegis Secure Key 3.0 encrypted flash drive. Apricorn, the company behind it, has now launched a new 3z version delivering even more security.

The Secure Key 3z offers top-level security innovation (FIPS 140-2 level 3 validation pending) at a lower cost and in a smaller form factor than before. It's accompanied by Aegis Configurator, a Windows-based software package that allows 10 or more compatible Aegis Secure Devices to be set up and configured simultaneously.

Continue reading →

Data breaches can be extremely damaging for enterprises, leading to loss of consumer confidence, loss of revenue and even regulatory fines.

But despite the importance of data security a new study by Forrester Consulting on behalf of data protection specialist Varonis Systems, finds that organizations are often focused on threats rather than their data and don't have a good handle on understanding and controlling sensitive information.

Continue reading →

The Great Firewall of China is a famously totalitarian measure taken by the Chinese government to control what its citizens are able to see and do online. As with any such blockade, where there's a will there's a way, and people have long turned to VPNs to get around the firewall. But with a new 14-month crackdown on the use of such tools, the situation just got a little trickier.

While on the face of it the announcement from the Ministry of Industry and Information Technology in China seems like a new one, it is really just a drive to more strictly enforce existing legislation. The Chinese government is clamping down on the unauthorized use of VPNs in a move that will be seen by the outside world as a prime example of the country's dictatorial control and censorship of the Internet.

Continue reading →

A common recommendation that Android users get for avoiding malware is to stick with Google Play and not download any apps from other sources. Trouble is, as HummingBad proved early last year by penetrating the search giant's defenses, that advice is not exactly bullet-proof.

The malware generated $300,000 in revenue every month and infected over 85 million devices, which, at the time, ran popular versions of Android, like KitKat and Jelly Bean. It was also one of the most dangerous pieces of malware in 2016, representing 72 percent of attacks on mobile and ranking fourth in Check Point's list of "the most prevalent malware globally" in the first half of the year. But that is not the end of the saga, as a new variant, called HummingWhale, has been found on Google Play.

Continue reading →

You may have seen our story earlier today about the worrying permissions used by photo app Meitu -- and you have almost certainly seen the disturbing images created in the app and shared on Facebook. The company behind the app -- also called Meitu -- has jumped to defend itself, insisting there is nothing sinister going on.

The company insists that there is a very good reason for asking for so many permissions on iOS and Android. It insists there is a very good reason for gathering so much information about users. It insists this data is stored securely and is not shared with or sold to third parties. The defense is worth reading, but whether users are happy to accept what the company says about transmitting collected data back to a Chinese server remains to be seen.

Continue reading →

The key to defeating cyber attacks lies in being able to make the correct response in a timely manner, but frontline security staff may lack the skills or resources to spot problems early.

Endpoint security company Endgame is launching an intelligent assistant built to automate security operations analyst actions and guide users of any skill level to detect and respond to advanced attacks.

Continue reading →

The last year has seen fewer of the large scale breaches that made the headlines in 2014 and 2015, but that doesn’t mean the problem has gone away.

A new report from CyberScout and the Identity Theft Resource Center (ITRC) has found a 40 percent increase in the US with a total of 1,093 data breaches in 2016, up from 780 in 2015.

Continue reading →

Carbanak, a powerful cyber-crime group, is using certain Google services as command and control for its malware and other malicious elements. The news was released by cybersecurity firm Forcepoint this week.

Forcepoint uncovered a trojanized RTF document, which, once ran, will "send and receive commands to and from Google Apps Script, Google Sheets, and Google Forms services."

Continue reading →

There has been a sudden craze for freaky-looking photos created using the Chinese app Meitu. The images the app creates are either cutesy or horrific, depending on your point of view, but it's what's going on in the background that has people concerned.

While Meitu has been popular in China for several years --amassing a huge following -- it has only just caught on over here. What many users are unaware of is that while they are busy applying virtual makeup to their face in the app, data such as a phone's IMEI, Mac address, users' precise location and much more is being gathered and shared. The advice? Ditch the app if you're concerned about your privacy.

Continue reading →

If you are like most people, you are beginning to wonder if anyone has even a tenth of a clue about how to protect email. We all watched, for example, as reams of stolen political correspondence from a major email provider were posted each day leading up to the recent election, more than likely influencing the outcome.

And we all watched as another major email provider lost 500 million accounts to hackers who seemed to barely break a sweat in doing so. And, as if that’s not bad enough, the criminal underground put these swiped email goods up for sale at about a millionth of a cent per user account. Sadly, that’s just how trivial the bad guys think it has now become to break into our email. Criminal theft of email has officially become commoditized. The old Pony Express was safer.

Continue reading →