A new report from Kaspersky Lab on botnet-assisted DDoS attacks shows a steady growth in their numbers the second quarter of this year.

SYN DDoS, TCP DDoS and HTTP DDoS remained the most common attack scenarios, but the proportion of attacks using the SYN DDoS method increased 1.4 times compared to the previous quarter and accounted for 76 percent.

Continue reading →

Google continues to take steps to improve the security of Android, and the latest addition starts to roll out today. Lengthily referred to as "Android notifications for newly added devices", the feature does exactly what you would expect it to do.

Whenever a new device is added to an account, a native Android notification will appear. This gives users the opportunity to review the device and determine whether it is something suspicious.

Continue reading →

Cyber attacks are increasingly happening at the mobile and IoT application layer. This allows hackers to bypass server-level security and go straight for the binary code, to steal IP, credentials and other sensitive information.

Attack prevention company Arxan Technologies is launching new features to help guard against this type of threat. These include new and enhanced support for major operating systems and languages, including QNX (a subsidiary of Blackberry) and Apple's Swift programming language, as well as new white-box cryptographic schemes including SHA-3.

Continue reading →

Kaspersky Labs has released Kaspersky Anti-Virus 2017, Kaspersky Internet Security 2017 and Kaspersky Total Security 2017 in the US and Canada. New features include Secure Connection, a virtual private network which automatically kicks in to protect you when using wifi hotspots, web banking sites and more.

An Installation Assistance tool looks out for adware and other pests that get silently installed with some free software, and the Software Cleaner helps you decide what to remove.

Continue reading →

Windows 10 will not load unsigned kernel mode drivers, starting with version 1607 of the operating system. This is something that had been announced back in 2015, but is only just being implemented.

The decision was taken in order to improve the security of Windows 10, but Microsoft says that "due to technical and ecosystem readiness issues, this was not enforced by Windows Code Integrity and remained only a policy statement". Now it is a reality, and it's something developers and users need to keep in mind.

Continue reading →

For any site you visit nowadays, HTTPS should be offered by default. I don't care about the content of the site -- there is no reason to go HTTP only in 2016. Security matters, folks.

Google.com -- one of the world's most popular domain names -- is aiming to get even safer by implementing HSTS. The search giant has recently enabled this technology for the benefit of its users, and it should start paying security dividends immediately.

Continue reading →

The majority of IT security experts actually struggle to measure the return on investment in security measures, Tenable Network Security says.

Based on a survey of 250 IT security professionals, conducted during the Infosecurity Europe 2016 summit, it says that the majority can only measure the return on less than 25 percent of their security spend.

Continue reading →

There has been a huge increase in the number of DDoS (distributed denial of service) attacks in the second quarter of this year, a new research report by security experts Nexusguard says.

According to Nexusguard’s Q2 2016 Threat Report, there has been more than 182,900 attacks in Q2 this year, with the majority falling onto Russia.

Continue reading →

Who doesn't love a good AI-driven keyboard, eh? Well, people who have discovered that the keyboard is sending their email address and phone number to strangers, for starters. And that seems to be precisely what's happening with SwiftKey.

The Microsoft-owned company has disabled the syncing of data between devices after users complained not only about the appearance of unknown email addresses and phone numbers in suggestions, but also suggestions in unknown foreign languages. The problem became apparent when users who saw the random email address suggestions contacted the owner of the address.

Continue reading →

Increased reliance on mobile devices opens enterprises up to a new range of threats. While mobile management solutions can do a good job of protecting the device, it's harder to guard against attacks on individual apps.

Mobile security company Appmobi is launching a new solution that detects and resolves attacks at the app level.

Continue reading →

A security researcher is warning WhatsApp users that their chats can be retrieved even after they have been deleted, cleared, or archived. Jonathan Zdziarski says that even using the 'Clear All Chats' option leaves behind a 'forensic trace'.

He warns that the only way to be certain that your chat history is deleted, is to get rid of the app entirely. The problem appears to stem from WhatsApp's use of SQLite which fails to overwrite deleted data by default, rendering it recoverable.

Continue reading →

At a time when computer security has been front and center in the Election news, given the Clinton private server scandal and the DNC hack, not to mention one candidate calling on a foreign nation to hack our systems -- something he later walked back on, saying it was sarcasm -- this is a bad time to put additional questionable practices on display.

Now that things are wrapped up and we have two official nominees, we also have a report of the major failures that were on display (not just politically).

Continue reading →

Financial services need to rethink crime protection and prevention because the current measures are simply not cutting it, according to PwC. In the company’s new paper, it examines the industry to find out to what extent it is complying with the latest rules and regulations, whether it is investing heavily in protection and prevention, and what are the results.

Basically, financial institutions have always been, and it seems as they will continue to be, cyber-criminals’ most wanted target. They are under intense scrutiny by regulators, and they are investing heavily in both protection and prevention.

Continue reading →

Historically hackers have pursued and targeted individuals more frequently than they have targeted businesses as they are typically the path of least resistance. However, the number of organizations worldwide falling victim to major cyber attacks is dramatically rising. More and more, hackers are infiltrating businesses of all sizes -- and not just through traditional system hacks, but now increasingly through social engineering.

Tricking people to access money or sensitive information on the Internet is by no means a new concept -- these cleverly disguised emails were behind the infamous ‘Celebgate’ hacking case, which exposed nude photos of celebrities. Except now, fraudsters are doing their homework to perfect their technique.

Continue reading →

Slack is the largest enterprise chat platform in the world with more than 2.7 million daily active users who spend an average of 140 minutes per day using it.

Not surprising then that alert attackers see it as an opportunity to expand their social engineering campaigns. The fact than many people use Slack without the IT team's knowledge creates a further security issue.

Continue reading →