There are a number of concerns that companies have over migrating to the cloud, but one of the key ones is who else might have access to the data.

Cloud security company Bitglass has released the results of its latest Mitigating Cloud Risks survey in conjunction with the Cloud Security Alliance, which shows that potential government access to encrypted data is an issue.

Continue reading →

Shortage of skills is one of the main reasons businesses give for not achieving their objectives according to Gartner and this is especially true in the cybersecurity field.

Access control specialist SecureAuth is aiming to address this with the launch of its SecureAuth University, a continuing education program for customers, partners and employees.

Continue reading →

Microsoft has created a backdoor in Secure Boot, the security feature designed to ensure that a device can only run the operating system that it is meant to. And, to make matters worse, it has just accidentally leaked the "golden keys" needed to bypass it.

The Secure Boot backdoor is there to, for instance, allow a Microsoft developer to install a new build of Windows on a device -- that has the security feature enforced -- without it having to be digitally signed beforehand. It makes their job easy, but it also makes the security system ineffective if -- when -- the golden keys that unlock it make their way into the wrong hands.

Continue reading →

Remember that cyber-experiment when a couple of hackers managed to take control over a speeding car in the middle of the highway?

Well, IOActive has published a study, entitled Commonalities in Vehicle Vulnerabilities, after three years of testing, and the results are quite scary.

Continue reading →

There has been a "sharp increase" in the number of lost and stolen corporate data in the past two years, according to a new report by the Ponemon Institute and Varonis Systems. But it’s not as straightforward as you’d think.

The new report, titled Closing Security Gaps to Protect Corporate Data: A Study of U.S. and European Organisations, says that 76 percent of respondents experienced either data loss, or theft, in the past 24 months.

Continue reading →

Kaspersky Lab's security researchers have found a new cyber-espionage malware, most likely built by a nation-state to use against other states' organizations.

Dubbed "ProjectSauron", it is "particularly interested" in accessing encrypted communications. The malware hunts such communications down using an "advanced modular cyber-espionage platform", comprised of a number of different and unique tools.

Continue reading →

Shadow IT is an increasingly major concern for businesses, the use of public cloud services offers convenience for workers but risks confidential information being exposed outside the organisation.

Canadian endpoint security company Absolute is launching new functionality for its Absolute Data and Device Security (DDS) product that detects data at risk on endpoints associated with cloud storage applications.

Continue reading →

Following the lead of Apple with Safari in macOS Sierra, and Mozilla with Firefox, Google has announced that Chrome will begin to block Flash content. Starting with Chrome 53 in September, Google will "de-emphasize Flash in favor of HTML5".

Google says that the decision has been made to improve security, performance, and battery life, and it builds on an earlier change that made some Flash content click-to-play rather than loading it by default.

Continue reading →

If you have just upgraded to Windows 10 Anniversary Update, you have possibly noticed the addition of a Windows Defender icon in the notification area. Then again, you may not -- a quick straw poll in the BetaNews newsroom reveals that not everyone is seeing it.

Assuming the icon has suddenly appeared for you, it's possible that you'd rather it vanished. Here's what you need to do if you would like to banish the Windows Defender icon and clean up your notification area.

Continue reading →

The discovery of QuadRooter is one of the biggest security threats to Android users since Stagefright. Security firm Check Point Software has released a tool to help people determine if their phones are at risk, but Google says that it is already able to block apps with the QuadRooter exploit.

The Verify Apps feature of Google Play Services is able to detect and block any apps that feature QuadRooter. As the exploit has to be delivered via an app, this effectively protects the vast majority of handsets that are threatened.

Continue reading →

After a yearlong study into 'unwanted software' Google has published a report that shows that there is a good deal of money to be made out of bolting crapware onto software installers. The authors suggest that unwanted software is a problem that affects three times as many people as malware, making it an incredibly lucrative business.

The paper, entitled "Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software", is a joint venture between Google and New York University and it reveals the techniques used by developers to evade detection. It also found that Pay-Per-Install (PPI) methods are used to deliver not only harmless unwanted software, but also malware.

Continue reading →

The arrival of Linux in Windows 10 caused ripples of excitement in certain circles. But as well as making it possible to run GUI Linux apps on the desktop, there are also concerns that there are security risks associated with having the Bash feature from Linux available in Windows 10 Anniversary Update.

Speaking at the Black Hat USA security conference, Alex Ionescu from Crowdstrike said that he had reported some concerns to Microsoft during the testing period of Windows 10. While some of the issues he raised have been addressed, he says that the presence of Linux represents a "new potential attack surface" that users need to be aware of.

Continue reading →

The latest vulnerability for Android handsets is QuadRooter, and there are an estimated 900 million devices at risk. Just shy of a billion phones and tablets is undeniably a lot, but how can you know if you are affected?

While a list of devices that are definitely affected has been published, it is far from exhaustive. Thankfully the good folk at Check Point Software have put together a special app that will test your phone or tablet and let you know the risk.

Continue reading →

Bug bounty programs have become commonplace in recent years. Tech companies offer up rewards to coders, engineers and hackers who manage to unearth security vulnerabilities in software, and this means that problems are detected and patched faster than normal.

It is something that the likes of Google and Microsoft have offered for some time, and now Apple has decided it wants a piece of the action as well. Starting in September, the company will pay out up to $200,000 to anyone identifying vulnerabilities in its software and services.

Continue reading →

As a Linux desktop user, you'd think I'd be a big Android proponent. Actually, I rather detest Google's mobile operating system lately. Other than Nexus devices, most Android devices fail to get regular updates, leaving users exposed to vulnerabilities. That is unacceptable! It is why I own an iPhone now, but I digress.

Sadly, yet another set of vulnerabilities have been discovered for Android. Dubbed 'QuadRooter', all Qualcomm devices are affected. In other words, this is really, really, bad, folks. You see, 900 million phones and tablets are impacted, and most of them will probably never be patched. The Android sky is falling!

Continue reading →