As we reported earlier this week Yahoo has suffered yet another major security breach. This will have sent many users scurrying to change their passwords, but what else can you do to protect your account?

Adam Levin, chairman and founder of identity protection specialist IDT911 suggests that users need to start telling lies. He doesn't mean lying about the fact that you have a Yahoo account -- though given the severity of breaches it has suffered that might save you some embarrassment. No, he means telling lies in the answers to your security questions.

Continue reading →

Popular Linux distros such as Ubuntu and Fedora -- including the newly-released Fedora 25 -- are vulnerable to zero-day exploits, shattering the myth that the open source software is ultra-secure. Vulnerabilities can be exploited that allows an attacker to run any code he wants on a victim's computer -- with potentially devastating consequences.

Security researcher Chris Evans has published details of exploits that can be used to compromise systems running Linux. All it takes is a malicious audio file to hijack a computer, or even just having Google Chrome installed. One of the exploits takes advantage of a flaw in the Game Music Emu library, an audio library used by the gstreamer framework to emulate music from games consoles such as the SNES.

Continue reading →

There has been great concern over the last day or so following an update to Evernote's Privacy Policy. The update said that Evernote employees might be able to access unencrypted notes as part of a human review of machine learning technologies. Users were unsurprisingly rather concerned, and there was much talk online of a mass exodus to OneNote and other alternatives.

In the face of a user backlash, Evernote CEO Chris O'Neill has issued an apology for any "angst we may have caused" and stressed that "privacy has always been at the heart" of the company. He concedes that the changes to the Privacy Policy were "communicated poorly"... but then managed to half-shift the blame for upset back onto users by saying the change "resulted in some understandable confusion".

Continue reading →

While 75 percent of organizations set fixed time limits for investigating potential security incidents, many of them fail to meet their investigating and reporting targets.

According to a study from contextual security technology company Balabit 44 percent of respondents report missing internal or external deadlines for investigating or reporting a breach in the last year, and seven percent say a missed deadline had resulted in serious consequences.

Continue reading →

The world of cyber-security presents us with a tangled web of information. 2016 had its fair share cyber security tales and it’s clear that the hackers aren’t slowing down in their attacks.

In our increasingly paranoid online world, we are told what we can and can’t open, when and where we will be hacked, and how the cyber criminals are inescapable. Individuals and businesses are bombarded by the influx of guidelines on how to live their internet lives -- but how can this information be filtered into something tangible for everyday use?

Continue reading →

Evernote has published an update to its Privacy Policy, revealing that as of 23 January 2017, employees will be able to access unencrypted notes. The change is being wheeled in because of the apparent failings of machine learning.

Perhaps more worrying is the fact that Evernote says that it is not possible to opt out of having employees possibly accessing your unencrypted notes. The only way to fully protect your privacy is to delete all your notes and close your Evernote account.

Continue reading →

Modern day malware is all about stealing, whether it's data or money. That means to be effective it needs to communicate with its command and control servers.

A new technology released by cloud-based anti-malware company Percipient Networks for its Strongarm product aims to break this link without the need for VPNs or other potentially hard to implement solutions.

Continue reading →

Despite seeing how painful poor cyber-security posture can be on a company, IT decision makers are still skeptical of the funds given to them by upper management to combat the threat, and lack the confidence, too. This is according to a new report by cloud business applications provider Intermedia.

The company surveyed 350 ITDMs, asking questions in four categories: security, general IT services, infrastructure and skilled IT workforce. Overall, the confidence score is 7.2 out of 10, which Intermedia calls "modest" (0 means a company is not confident at all, and 10 means the company is "extremely confident").

Continue reading →

Cybersecurity, the Internet of things, driverless cars, artificial intelligence. These topics were hot in 2016, and interest in them should continue strong in 2017. However, the discussions will take new turns. Where will they go?

I predict that three particular trends will gain real momentum and re-shape the cyber landscape in 2017.

Continue reading →

We've already seen this week that ransomware is an increasingly popular attack method. The fact that it's a profitable activity for cyber criminals is underlined today by a new report from IBM Security which reveals that 70 percent of businesses pay up to regain access to their data.

This puts criminals on target to make nearly $1 billion in 2016 from their use of the malware. Indeed, the report shows that ransomware made up nearly 40 percent of all spam e-mails sent in 2016, up from less than 0.6 percent in the previous year.

Continue reading →

In the second decade of the 21st century, the blind excitement about the internet has worn off -- now users are aware of the dangers and are concerned about privacy. Cookies have been around for just about as long as web connections, but there are all manner of ways to track people and spy on online activity. This is something that Privacy Badger 2.0 aims to help with.

Coming from the digital rights group Electronic Frontier Foundation, the tool takes the form of a browser extension -- available for Chrome, Opera and Firefox. It blocks online trackers that can be used to monitor your activity, ensuring your privacy.

Continue reading →

Ransomware remains a major threat with attacks using Locky and Cryptowall both increasing by 10 percent in November compared with the previous month.

The latest report from threat prevention specialist Check Point based on its Global Threat Index shows the number of active malware families and number of attacks remain close to an all-time high thanks to continued relentless attacks on business networks.

Continue reading →

Weak or reused passwords are one of the main causes of security breaches and nobody is immune from the problem.

Password manager company Dashlane is seeking to raise awareness of the issue with the release of what it calls its P@ssholes List, highlighting the celebrities and high profile organizations that have fallen victim to poor password habits in the past year.

Continue reading →

Once again, the world has woken up to news of another huge data breach and another reason that the current password security system for business applications and websites is flawed. This time it was 412 million reasons, this being the number of accounts and user credentials that were exposed following the breach of FriendFinder Networks.

Despite this becoming such a common occurrence, so common that headlines can be saved for "Business name suffers data breach and X number of details have been hacked", the cybersecurity world has not woken up to the real problem or implemented a solution that actually works.

Continue reading →

Ransomware is the malware du jour and those seeking to extract money from victims have started to use a pyramid scheme system to increase the rate of infection. Not content with encrypting a victim's files and holding them to ransom, the Popcorn Time ransomware encourages those who have been struck to pass on the infection.

As is the norm with ransomware, Popcorn Time gives the victim the chance to pay a Bitcoin ransom to decrypt their files, but it also offers a self-described "nasty way" to unlock files for free. Think of it as a ransomware referral scheme.

Continue reading →