Articles about Security

Amid growing concern about a disregard for Chrome Web Store policies, Google is slapping a ban on extensions that mine for cryptocurrencies.

With immediate effect, no more cryptomining extensions will be added to the Store, and as of July 2018, any existing mining tools will be removed. Google says that an astonishing 90 percent of mining extensions ignore rules that state cryptomining must be the extension's sole purpose, and users need to be fully informed about the mining.

Continue reading →

Last week there was an outcry after it was revealed that it was relatively simple to determine the location of Grindr users because of a security flaw. The company has now also admitted that it shared information from users' profiles with third parties -- specifically the analytics companies Apptimize and Localytics -- including their HIV status.

Grindr was quick to point out that, firstly, the information was sent via HTTPS, secondly, that the data was not sold to the analytics companies (it was provided free of charge) and, thirdly, that the data was public anyway. All three of these points will come as little comfort to Grindr users, but the company has said that it will now stop the practice of sharing HIV-related information.

Continue reading →

A new study from independent testing lab AV-Comparatives reveals that of over 200 Android security apps tested the majority are dubious, unsafe or ineffective.

The company downloaded 204 apps from the Google Play store in January this year and found 84 of the apps detected over 30 percent of malicious samples, and had zero false alarms. 79 detected under 30 percent of malware samples and/or had a high false alarm rate.

Continue reading →

Correctly calculating the probability of risk is becoming critical to organizations. And it’s not just because it is essential and fundamental to good Risk Management practice, but also because new laws such as GDPR are mandating it. Security measures must be appropriate to the risk, and the risk is suffering a data breach. So, calculating the probability of a data breach happening, regardless of scope, is vital to determining appropriate security measures.

ISACA, previously known as the Information Systems Audit and Control Association but now known solely by its acronym, talks about the probability of risk as:

Continue reading →

It feels like almost every week, we hear of a new breach, and each week, we’re thankful it wasn’t our company. But how long can we dodge the breach bullet? No one wants to be the next headline, but what can we do to ensure that we aren’t?

The common denominator in virtually every breach is that somehow, someone who shouldn’t have access to your company’s system and data sources has found a way in. The bad guys are smart, creative and motivated, and can use even the smallest opening.

Continue reading →

As if the Meltdown and Spectre chip vulnerabilities weren't bad enough in their own right, the patches designed to fix them caused a further series of problems. A Swedish researcher recently discovered that Microsoft's Meltdown fixes lowered security in Windows 7 and Windows Server 2008 R2, and now the company has issued a fix.

As the new patch is being released outside of the usual schedule, it is indicative of the importance of the security update. KB4100480 is a kernel update for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 that addresses CVE-2018-1038 problems.

Continue reading →

The higher education sector has seen a big increase in cryptocurrency mining activity according to a new report from AI security company Vectra.

Vectra used its Cognito platform to monitor traffic and collect metadata from more than 4.5 million devices and workloads from customer cloud, data center and enterprise environments. It discovered that, of all the cryptocurrency mining detections, 60 percent occurred in higher education.

Continue reading →

According to new research, 79 percent of healthcare professionals say they are concerned about the cyber security of their own healthcare information.

At the same time, 68 percent believe their organizations are doing enough to protect patient privacy and personal information from cyber attackers.

Continue reading →

Data breach checking website Have I Been Pwned (HIBP) -- used by governments and individuals around the world -- has announced a new partnership with 1Password.

The arrangement is a first for Troy Hunt's site, but it comes just over a month after 1Password started using a password-checker he developed. Hunt says that he has turned down numerous offers to sponsor Have I Been Pwned, but feels that teaming up with 1Password makes sense.

Continue reading →

Two security issues have been discovered in Grindr, the gay dating app, which could reveal the location of users even if they opted to keep this information private. There are concerns that the privacy compromise could lead to harassment of Grindr users.

Trevor Faden created a site called C*ckBlocked (that's the actual name, we're not being prudish and getting out our censorship pens) which was designed to give Grindr users the chance to see who had blocked them. By exploiting a security loophole similar to the one exposed in the recent Facebook/Cambridge Analytica scandal, Faden's site was able to access a wealth of private data including deleted photos and user locations.

Continue reading →

Security teams are faced with an increasing range of problems, from the volume of attacks, to lack of visibility into networks and shortage of skills.

Endpoint security specialist Carbon Black is launching its own Carbon Black Integration Network (CbIN), a technology partner program designed to improve cybersecurity through collective defense.

Continue reading →

In the wake of the Cambridge Analytica scandal and revelations about call and text logging, Facebook simply could not have got away with doing nothing. Mark Zuckerberg has hardly prostrated himself in front of users in his various recent interviews, but today Facebook announces a series of changes to privacy settings.

The social network is making it easier to find and use privacy settings, and providing users with information about how to delete the data Facebook stores about them.

Continue reading →

Over half (57 percent) of organizations suspect their mobile workers have been hacked, or caused a mobile security issue, in the last 12 months according to a new study.

The study by mobile connectivity specialist iPass shows that public Wi-Fi is the most common source of incidents, with 81 percent of respondents saying they had seen Wi-Fi related security incidents in the last year.

Continue reading →

If you're running Windows 7 and you've not yet installed the March updates, now is very much the time to do so. It turns out that the Meltdown patches released in January and February actually opened up a security hole in both Windows 7 and Windows Server 2008 R2.

A Swedish security researcher found that the patches changed access permissions for kernel memory, making it possible for anyone to read from and write to user processes, gain admin rights and modify data in memory.

Continue reading →

One of the basic problems businesses face in preventing attacks is effective discovery and identification of their technology assets.

This is made worse by the growth of BYOD and Internet of Things devices. Israel-based Axonius is looking to solve this problem with the launch of its Cybersecurity Asset Management Platform to enable customers to see and secure all their devices.

Continue reading →