Gaining threat intelligence from the dark web can be a difficult task for security providers due to its unstructured nature.
Similarly, when data breaches occur, companies often face the problem of knowing exactly which data has been exposed on underground marketplaces.
With the 24th Winter Olympics due to start in Pyeongchang, South Korea in a few weeks, athletes are not the only ones preparing for the event.
A report from security analytics platform Cybereason shows that hackers and cyber criminals are gearing up too, the scale and cost of the event making it a prime target.
In the increasingly complex threat landscape faced by businesses, insiders continue to be a problem, accounting for around half of data breaches, according to a recent Forrester report.
One way that companies are combating this threat is with the use of User and Entity Behavior Analytics (UEBA). This detects abnormal behavior, adds contextual information to confirm the behavior is abnormal, and then prioritizes the riskiest insiders for analysts to investigate.
The idea of security by design is something we'll hear much more of as GDPR implementation looms. But many organizations still struggle when it comes to implementing a least privilege security model.
Access management specialist Thycotic is launching a new command line interface for its Secret Server privileged account management solution, enabling DevOps teams to bring best practice privileged account management to their code, build scripts, and configuration files.
While the notorious Meltdown and Spectre chip bugs are still yet to pose a real threat in their own right, it's rather a different story when it comes to the patches designed to fix the problems. Microsoft had to pause the rollout of patches after reports that they were leaving some AMD systems unbootable.
Now the software giant has released two new updates -- one for Windows 7 (KB4073578) and one for Windows 8.1 (KB4073576) -- to fix the "Unbootable state for AMD devices" issue. But it's not all good news. These are updates that have to be manually downloaded and installed, and Microsoft has provided no instructions about how to use them.
Cyber attacks driven by ransom demands are on the increase as criminals seek to cash in on the soaring values of crypto currencies according to a new report.
The 2017-2018 Global Application and Network Security Report from cyber security company Radware finds that reported ransom attacks surged in the past year, increasing 40 percent from the 2016 survey. Half of companies surveyed suffered a financially motivated attack in the past year.
While a majority of businesses around the world have adopted cloud services, a study released today reveals a wide gap in the level of security precautions applied by companies in different markets.
The study from digital security company Gemalto finds that German businesses are more cautious when it comes to sharing sensitive information in the cloud (61 percent) than British (35 percent), Brazilian (34 percent) and Japanese (31 percent) organizations.
The Meltdown and Spectre bugs have been in the headlines for a couple of weeks now, but it seems the patches are not being installed on handsets. Analysis of more than 100,000 enterprise mobile devices shows that just a tiny percentage of them have been protected against the vulnerabilities -- and some simply may never be protected.
Security firm Bridgeway found that just 4 percent of corporate phones and tablets in the UK have been patched against Spectre and Meltdown. Perhaps more worryingly, however, its research also found that nearly a quarter of enterprise mobile devices will never receive a patch because of their age.
2017 delivered a good deal of excitement (as well as massive, massive headaches) in IT security. WannaCry attacked more than 300,000 computers in 150 countries only to be followed by Petya a month later. And the pain extended beyond the enterprise when consumers bore the brunt of one of the most devastating hacks to hit the U.S.: the Equifax breach. The Equifax hack reportedly affected 145.5 million U.S. consumers -- or approximately 44 percent of the U.S. population -- leaving people vulnerable to financial fraud for potentially the rest of their lives.
These were just some of the year’s lowlights, all of which point to a future where nearly every organization is reliant on successful cybersecurity. It can literally mean the difference between a company’s survival and extension. As such, 2018 should be all about advancing enterprise security initiatives, and below are my top predictions to ensure the integrity of systems across the globe.
A number of OnePlus customers have reported unusual credit card transactions after buying products from the smartphone maker's online store. And, today, OnePlus announces a formal investigation.
OnePlus reveals that the complaints come only from users who have made direct purchases and adds that purchases involving third-party services -- PayPal, for example -- are not affected.
Malwarebytes warns that fake Meltdown and Spectre patches are being used to spread Smoke Loader malware
News of the Meltdown and Spectre processor bugs quickly spread around the world, as companies and individuals tried to protect their systems. But in addition to concerns about the performance hit patches may have on computers, Malwarebytes has also issued a stark warning about fake patches.
The security firm warns that criminals have used interest in Meltdown and Spectre to push out fraudulent bug fixes that are laced with Smoke Loader malware.
Google has removed more than 60 games from the Play Store after security firm Check Point discovered they were laced with malware and serving up porn ads. Check Point claims that the games were aimed at children, but Google says this was not the case.
The AdultSwine malware was found to be bundled in a number of games, many of which had been downloaded millions of times. As well as displaying pornographic ads, the malware also tried to trick users into installing fake security tools, and also encouraged people to register for expensive premium services.
With GDPR implementation only a few months away, a worrying new survey shows that 55 percent of UK businesses are still unaware of the GDPR regulations.
The study by compliance solution PORT.im also reveals that only 27 percent of businesses believe GDPR applies to them, despite 73 percent saying that they collect personal data on their customers -- a strong indication that GDPR does apply.
Most of the security vulnerabilities we write about are hard to exploit by the average computer user. I consider myself fairly experienced but, honestly, without a step by step guide I would not be able to "hack" a program or operating system even with the full bug report in front of me. And even then I probably would not know what to do to get any meaningful data from it anyway.
But some security vulnerabilities are so easy to exploit that anyone can do it. Unlocking the App Store menu in System Preferences on macOS High Sierra 10.13 is one of them.
A new survey from Kaspersky Lab reveals that there is a major disconnect between employees and their employer's IT security guidelines.
In a survey of almost 8,000 full-time employees, 49 percent of those employees surveyed consider protection from cyber threats to be a shared responsibility, but only 12 percent of respondents are fully aware of their organization’s IT security policies and rules.