The Mirai botnet is thought to have affected more than 1.5 million smart devices over the past few months.

Router manufacturer Securefi is aiming to combat this problem with the launch of a new IoT device security service. Initially available for the company's Almond 3 routers, Securifi's solution protects connected home devices like DVRs, IP cameras, and smart thermostats from a number of key online threats.

Continue reading →

Ransomware has been one of the major threats faced by both businesses and individuals in 2016 and many security analysts don't see it going away any time soon.

Threat intelligence specialist Recorded Future echoes that view and believes we’ll see more attacks aimed at shaming the victims.

Continue reading →

Security breaches have been one of the major themes of 2016, so going into the new year it’s no surprise that companies are keen to try to make things more secure.

Password manager Dashlane is announcing enhancements to its software to make use of Intel Software Guard Extensions, a powerful security technology built into the latest Intel Core processors.

Continue reading →

A new report from IT research and consulting company Osterman Research reveals that employee turnover and attrition is the number one data protection concern for enterprises.

Of the organizations surveyed, 69 percent indicate that they have suffered significant data or knowledge loss resulting from employees who had left the business.

Continue reading →

The system used by millions of travelers each day to share data between travel agencies, airlines, passengers and websites is incredibly insecure. Security researchers have presented details that highlight just how easy it is to hack flight bookings.

German security firm SR Labs says that using nothing more than a traveler's surname and a six-digit Passenger Name Record (PNR), it is possible to not only gather personal information about people, but also make changes to bookings.

Continue reading →

The election of Donald Trump has alarmed privacy advocates who worry that the self-described "law-and-order" president will take a more heavy-handed approach towards issues of security and privacy. Of particular concern are fears that there will be attempts to weaken or otherwise disable the encryption that is widely used to protect sensitive data and maintain user privacy.

Based on the proposed cabinet-level nominees put forth by Trump, these fears may be well-founded.

Continue reading →

With so much expectation placed on the impact of Blockchain technology, which platform is going to help the industry deliver on those expectations?

If you find that question surprising it is because you’ve only ever heard of Bitcoin when it comes to Blockchain technology, then you won’t be alone.

Continue reading →

Already an attractive option for a variety of consumer applications, crowd sourcing is now catching on in the corporate world. One emerging area of crowd sourcing is bug bounty programs. These are rewards offered by organizations to security researchers or whitehat hackers, who receive recognition and financial compensation for finding and reporting bugs, exploits and vulnerabilities in the organizations’ websites and applications.

As a technology company or security professional, it’s easy to see the attraction of running bug bounty programs. But these programs are not without risk, and timing can be a critical factor. Unless they are managed carefully, bug bounty programs can come with serious consequences for your overall security posture.

Continue reading →

The use of mobile devices continues to increase, with there being no sign of it slowing down anytime soon. The use of mobile apps is also increasing and is completely dominating mobile internet usage, so it’s no surprise that enterprises are investing in mobile apps in order to boost the impact of their product or service.

The most dominant channel through which to download consumer apps is through stores such as Apple’s iTunes and Google’s Play Store, as well as some third-party marketplaces. A large corporate organization will need to ensure that all information placed within their mobile app is secure. Whether the app is for internal employee use alone, or will be shared with customers, security must be the top priority.

Continue reading →

In September 1996 New York City’s original Internet Service Provider, Panix, was hit by a SYN flood denial of service attack that took the company offline for several days. At a time when only 20 million Americans were online this was one of the first high profile examples of how fragile internet infrastructure could be.

Fast forward 20 years and businesses and individuals are now hugely dependent on the Internet services they both offer and use, and the primary threat to the availability of those Internet is the distributed denial of service (DDoS) attack. DDoS attacks have evolved consistently over the last 20 years and have moved from being a curiosity, to a nuisance, and, now, to a serious business continuity risk.

Continue reading →

A website run by the Nevada state government has been pulled offline after it was discovered a vulnerability was leaking personal details of thousands of people applying to sell medical marijuana.

Nevada's Department of Health and Human Services confirmed that the personal details -- including addresses and social security numbers -- of more than 11,000 applicants were accessible by simply typing in the correct URL.

Continue reading →

In the past year we’ve already seen the Internet of Things used to carry out cyber attacks, and many experts are predicting that this is a problem that will grow in coming months.

Given that many people may have acquired new IoT devices over the holiday period, financial advice website RefiGuide has put together a timely infographic looking at the risks IoT devices can pose and what you can do to protect yourself.

Continue reading →

Earlier in the year, a huge DDoS attack was launched on Krebs on Security. Analysis showed that the attack pelted servers with 620 Gbps, and there were fears that the release of the Mirai source code used to launch the assault would lead to a rise in large-scale DDoS attacks. Welcome Leet Botnet.

In the run-up to Christmas, security firm Imperva managed to fend off a 650 Gbps DDoS attack. But this was nothing to do with Mirai; it is a completely new form of malware, but is described as "just as powerful as the most dangerous one to date". The concern for 2017 is that "it's about to get a lot worse".

Continue reading →

An impressive and user-friendly digital presence is an indispensable asset to any brand. It is often the first point of contact for customers who expect and demand great functionality and engaging content across multiple platforms. The finding that nearly half of us won't wait even three seconds for a website to load bears witness to ever increasing customer expectations which must be met.

Partnership with a digital agency can be a great way to keep up to speed with rapid change and innovation, but, to ensure the very best outcome, both client and agency need to find an optimum commercial, creative and secure cultural fit. This should be a priority for both sides from the very first pitch. The promise of exceptional creativity and customer experience is one thing, but considering the more practical aspects of how the relationship will work is entirely another.

Continue reading →

Threat intelligence is a popular topic in security circles these days. Many organizations are now using a threat feed that comes bundled with some other security product, such as McAfee’s GTI or IBM’s X-Force feeds. Lots of products, notably SIEMs, have added support for some sort of integration with specific threat intelligence feeds or more generic imports via STIX/TAXII. With many now hoping to take advantage of the large number of open source and free intelligence feeds available. Some are even investing in commercial intelligence feeds.

However, as many organizations quickly discover, without effective management of the threat intelligence lifecycle, making effective use of this valuable information is nearly impossible. Today, an organization has two choices for managing threat intelligence, these are to deploy a threat intelligence management platform, or a manual in-house management program. The steps required to set up a manual threat intelligence lifecycle program will be outlined below for those who prefer this approach.

Continue reading →