However much technology you throw at protecting your organization's systems the weakest link is still the person sitting in front of the endpoint.

No surprise then that social engineering is increasingly the attacker's weapon of choice for gaining access to sensitive systems. Security rating and risk monitoring company SecurityScorecard has put together an infographic showing the five most common attacks and their impact on enterprises.

Continue reading →

The bring your own access (BYOA) movement has presented a number of challenges and opportunities to IT leaders in recent years. Since the dawn of the smartphone, the consumerization of IT has left CIOs fighting to keep up with the latest trends in productivity, communication and creativity apps.

Driven by simple user interfaces and the promise of fast synchronization across devices, business users have flocked away from the typical corporate IT stacks and begun to pick and choose their own tools, often without the consent of IT.

Continue reading →

Microsoft has a long tradition of publishing Security Bulletins to share information about patches and security fixes that it releases. But starting next year this is going to change.

As of February 2017, Microsoft will make use of the newly launched Security Updates Guide database. This, on the face of it, sounds like a great idea -- a searchable database of information -- but it changes the way information is presented and is unlikely to be well-received by users.

Continue reading →

It’s fair to say, yesterday’s US election result sent shockwaves around the world. Donald Trump was seen as an outside bet by many people, but now he’s won the race for the White House, the big question, is what will his victory mean for the people, both at home and abroad?

Former NSA contractor turned whistleblower Edward Snowden has a lot to say on government matters, and today in a live Q&A he’ll be opining on how the US election results could affect your privacy, as well as any potential pardon for himself, and answering questions submitted via social media.

Continue reading →

A new report from Kaspersky Lab reveals that its products blocked 73,066,751 attempts to attack users with malicious attachments during the third quarter of this year.

This represents the largest amount of malicious spam since the beginning of 2014 and is a 37 percent increase compared to the previous quarter. The majority of the blocked attachments were ransomware trojan downloaders.

Continue reading →

Microsoft has kept its promise and delivered a vulnerability patch for its Windows operating system, for a flaw, revealed by Google, which allowed attackers to gain full control of a targeted system.

Releasing the details in a security bulletin, Microsoft says the flaw in the Windows kernel "could allow elevation of privilege if an attack logs onto an affected system and runs a specially crafted application that could exploit the vulnerabilities".

Continue reading →

Many people use Google Chrome, and rightfully so. The cross-platform web browser works brilliantly, and is super-fast. Plus, the search-giant's browser is very secure too, right? Not so fast...

Today, Sophos drops a bombshell by revealing that scammers are actively targeting Chrome users by leveraging a bug. These bad guys pose as Microsoft tech support and display an in-browser message that says the user's computer is infected with "Virus Trojan.worm! 055BCCAC9FEC". To make matters worse, Google has apparently known about the exploit for more than two years and simply failed to patch it.

Continue reading →

Google today launches a revamped version of its Safe Browsing site, bringing a number of tools and services under one roof. The tag line for the site is "Making the world's information safely accessible," and Google makes much of fact that it now keeps more than two billion devices safe online -- desktop and Android, as well as devices running Google tools such as Chrome and Gmail.

One of the main purposes of the site is to make it easier for people to report malicious sites they encounter, so other internet users can be warned and protected. But the updated site is also home to additional information from Google, such as its Transparency Reports and company policies.

Continue reading →

According to a recent report from cyber-security experts at RSA, in today’s increasingly computerized world, cyber-crime issues "comprise a threat horizon that continues to accelerate and expand with no end in sight".

Since much the same can be said about the growth of computing power in today’s vehicles -- which rely on technology for everything from 3D navigation graphics to semi-autonomous driving capabilities -- the risks for having your car or truck hacked would seem to be on the rise as well. But should current drivers be worried about the issue right now, or is it time to pump the brakes on the car-hacking panic?

Continue reading →

The head of of the GCHQ believes that distributed denial of service (DDoS) attacks could be eliminated completely if internet service providers (ISPs) were to completely rewrite their software and its code.

The technical director of GCHQ's National Cyber Security Centre, Ian Levy, is already preparing to engage in talks with ISPs, such as BT, over how they could be the key to ending DDoS attacks. After the cyber attacks that occurred as a result of the Mirai malware were made public, GCHQ made it a priority to prevent further attacks that could be launched using the same measures.

Continue reading →

What once was the plot of creative Hollywood blockbuster movies is now becoming a reality. The Internet of things (IoT) continues to grow as consumers, businesses and governments recognize the benefit of connecting devices to the internet, be it smart phones, wearable devices or smart homes. It is estimated that the number of connected devices in use by 2020 will be 30 billion, one in five cars will be connected vehicles in the next five years and by 2025 the IoT is predicted to have a global economic impact of US $11trillion.

The growing presence of connected devices is increasing efficiency in homes, workplaces and other areas of life that have seen the introduction of the IoT. Despite the expansion of connected devices however, there remains a number of consumers who are reluctant to adopt the IoT due to security concerns.

Continue reading →

A new cybersecurity law has been passed in China which will give the country even more control over the Internet and will require foreign companies to store their data locally.

The National People's Congress Standing Committee passed the new law on Monday, causing a great deal of concern amongst human rights groups and foreign businesses. China already limits access to the Internet through its own online security system known in the west as "the Great Firewall" but this new cybersecurity law will allow the country to further censor and control the internet.

Continue reading →

Security company McAfee warns that the cybercriminals behind the Cerber ransomware have begun to target businesses as well as individuals by encrypting their databases until payment is received.

During July, those responsible for Cerber launched over 160 campaigns at 150,000 users. These attacks generated $195,000 in that month -- of which the developer behind the ransomware received $78,000. Overall it is estimated that creating and using ransomware to launch cyberattacks earns the creators of the malware and those who employ it in their attacks around $1 million to $2.5 million a year. The infosec firm Trustwave noted in 2015 that a ransomware creator could earn up to $84,000 a month just by selling their malware on the dark web.

Continue reading →

As traditional password security methods become increasingly discredited, enterprises are turning to other technologies to secure systems and transactions.

Though many of the technologies are still in their infancy, others are becoming mainstream. We spoke to David Gerulski, vice president of fingerprint device specialist Integrated Biometrics to find out more about then latest technologies and how they're being used to address privacy concerns.

Continue reading →

Tesco Bank has taken the extraordinary measure of temporarily halting online transactions after thousands of customers experienced criminal activity in their accounts over the weekend. The move also means that customers are unable to use contactless payments.

Customers were alerted over the weekend via text message after suspicious activity was noticed in numerous accounts. Some have found that hundreds of pounds have gone missing from their accounts, but it is not clear whether the problem stems from a direct hack of Tesco Bank, or if a retailer suffered a security breach.

Continue reading →