Until now, anyone using the Google cloud platform, Google Compute Engine, was forced to use encryption keys generated by Google. Clearly this spooked a lot of people, and there have long been calls for users to be granted greater control of security.

Now this is happening -- users are able to provide their own encryption keys. Customer-Supplied Encryption Key (CSEK) are used to provide a second layer of security, on top of the Google-generated keys that are used by default.

Continue reading →

There once was a time when most people hadn’t heard of casual dating site Ashley Madison. That all changed in July 2015, when hackers stole sensitive customer information and posted the information on the dark web in a massive data dump, 9.7 gigabytes in size. The files included account details and logins for approximately 32 million of the dating site’s users.

One year later, the dating site is doing several things to redeem its damaged reputation, including rebranding its parent company from Avid Life Media to Ruby, bringing in a new CEO and President to lead the business, revamping their value proposition and launching their first-ever TV ad.

Continue reading →

​Application control, such as greylisting, paired with selective local admin rights management, is 100 percent effective against ransomware and unwanted file encryption.

This is according to CyberArk Labs’ new report, based on the analysis of more than 23,000 real-world samples from common ransomware families, such as Cryptolocker, Petya and Locky. More than 30 different malware families were tested, and the results posted in the report entitled Analyzing Ransomware and Potential Mitigation Strategies.

Continue reading →

Google and online identity and password management company Dashlane are announcing the upcoming launch of a new, open-source API project to enhance user security.

The collaboration between Dashlane and Google, plus other leading password managers, will develop OpenYOLO (You Only Login Once), an open API that will enable app developers to access passwords stored in password managers to easily and securely log users into their Android applications.

Continue reading →

Businesses in industries like healthcare, financial services, insurance, retail and government hold sensitive data and need to be able to keep it safe at all times.

Compliance with regulations like PCI and HIPAA often requires new layers of security between the public internet and protected data. Network management software company Ipswitch is tackling this with the launch of Ipswitch MOVEit 2016.

Continue reading →

The HTTP/2 standard was approved some time ago, but it is yet to be widely adopted. Before the standard can become widespread, however, there are four serious vulnerabilities that need to be addressed.

The high-profile issues were revealed at Black Hat USA 2016 by Imperva researchers. They found that exploits similar to those that work on HTTP/1.x also work on the HTTP/2 protocol. The problems specifically affect server implementations from Apache, Microsoft, NGINX, Jetty, and nghttp2, but it is likely that other implementations are also at risk.

Continue reading →

The privacy implications of the Pokémon Go craze have already had plenty of publicity, but according to a report from cloud security specialist CloudLock employees are granting access to corporate environments, despite these warnings, and are potentially opening backdoors to their organization's most sensitive databases via the app.

CloudLock analyzed more than 900 corporate environments and found that 44 percent of all organizations have employees who have granted access to Pokémon Go using their corporate credentials.

Continue reading →

Ransomware is one of the biggest security threats that organizations face. New research from malware prevention and removal specialist Malwarebytes across the US, Canada, UK and Germany and finds that nearly 40 percent of businesses have experienced a ransomware attack in the last year.

The study conducted by Osterman Research also reveals that of those that have fallen victim more than a third lost revenue and 20 percent had to stop business completely.

Continue reading →

Updated versions of the Gozi malware are being used in currently active campaigns targeting global financial brands according to threat intelligence experts buguroo Labs.

Targets of the attack include PayPal, CitiDirect BE, ING Bank, Société Générale, BNP Paribas, and the Bank of Tokyo. It's expected that attacks currently being perfected in Poland, Japan and Spain, will soon be launched in the US and Western Europe.

Continue reading →

Enterprises are still not doing enough to protect corporate data on their employee’s mobile apps and devices from cyber threats, according to a new report from MobileIron.

According to the Mobile Security and Risk Review report for Q2 2016, less than five percent of enterprises are using mobile threat detection software and only eight percent have an enforced operating system update policy in place.

Continue reading →

The theft of 119,756 Bitcoin from the Bitfinex exchange has seen the price of the cryptocurrency plummet by 23 percent. In what has been described as the second biggest Bitcoin theft after MtGox, $72 million worth of Bitcoins vanished from user's accounts.

It seems that Bitfinex suffered a massive security breach when it was hit by hackers who started to filter money out of segregated wallets. Despite the hack, the exchange says that this incident doesn’t "expose any weaknesses in the security of a blockchain".

Continue reading →

Despite the constant warnings experts keep giving out to businesses concerning cyber-security, UK’s firms won’t be prioritizing it in the next 12 months.

This is according to a new quarterly survey by Close Brothers. Its key takeaway is that 63 percent of companies decided not to invest in better security, while the other 37 percent decided to do so.

Continue reading →

The most common way for malware to get onto a PC is via files downloaded from the web. According to Exploits at the Endpoint: SANS 2016 Threat Landscape Study, 41 percent of people suffered their worst security events from drive by downloads and 80 percent suffered phishing attacks.

Threat protection specialist CheckPoint is launching a new anti-malware and anti-phishing extension for web browsers to address this growth in web-based malware and social engineering attacks.

Continue reading →

Depending on their size and the sector they operate in, businesses need to respond to threats of different types and require intelligence to suit.

Endpoint protection specialist CrowdStrike is launching a tiered eCrime subscription that will allow customers to choose the option that best meets their needs to gain new capabilities and insights into the entire eCrime adversary ecosystem, and orchestrate detection and response options in a more effective manner.

Continue reading →

As growing numbers of devices are connected to the internet, security and privacy concerns grow. Businesses are looking for solutions that provide protection for both the endpoint and the network.

Israel-based Allot Communications is announcing a new collaboration with Intel Security to introduce McAfee Unified Security Powered by Allot, providing complete end-to-end security capabilities.

Continue reading →