Articles about Security

Apple makes macOS High Sierra 10.13 safe again with emergency 'Supplemental Update'

Since macOS is a Unix-based operating system, it is often seen as being stable and secure. For the most part, the OS is. With that said, it is not perfect, and certainly not infallible. Quite frankly, no operating system is impervious to security issues.

Unfortunately for Apple, its latest and greatest desktop operating system, macOS High Sierra 10.13, has some very serious flaws. First, it was discovered that the supposedly secure keychain password system could be easily infiltrated by malware. Arguably worse, it was then discovered that encrypted APFS disks had their passwords erroneously saved in plain text in the "hint" field. Yeah, that is not only bad, but embarrassing too. Both of these issues were patched today, however, with the emergency "Supplemental Update."

Continue reading

Many UK SMBs don't invest in security solutions

open digital lock

A third of UK small businesses are risking their online safety by operating at or below the "security poverty line," according to new research from Duo Security.

The cybersecurity company partnered with YouGov to survey 1,0009 senior decision makers across the UK to determine how much they are spending on cybersecurity and whether government initiatives such as Cyber Essentials and Cyber Risk Aware have been effective at protecting SMBs from cyber threats.

Continue reading

Three-quarters of Brits worry about risks from connected homes

connected home

Despite their potential to reduce bills and make life easier, 76 percent of British consumers are worried about the impact of smart technology and connected homes.

A study by price comparison site MoneySuperMarket polled more than 2000 people and reveals many are fearful of the smart homes concept, with unapproved data collection cited as the greatest worry.

Continue reading

Human-driven AI can improve threat detection

Hackers and criminal syndicates are attacking enterprises with increasingly stealthy and sophisticated techniques. In response, companies are deploying a new generation of firewalls, IDS appliances, and Security Information and Event Monitoring (SIEM) servers to detect suspicious activity as quickly as possible.

Two problems are undermining these recent investments in IT security.

Continue reading

Equifax was aware of vulnerabilities prior to data breach

Security breach lock

The total number of people affected by the recent Equifax breach has risen after more details came to light.

According to new reports, the number of affected customers has now hit 148 million -- meaning that an additional 2.5 million people have been impacted.

Continue reading

New platform delivers relevant, risk-based threat intelligence

AI security

Keeping on top of the latest threats can be a major task, so it's no surprise that many businesses are turning to automated solutions to help ease the workload.

Threat intelligence provider Recorded Future is launching a new machine learning based platform called Threat Views which enables the delivery of relevant threat intelligence in real-time based on analysis of billions of data points in every language.

Continue reading

Update: every single Yahoo user was affected by 2013 data hack

The massive data theft from Yahoo in 2013 is even bigger than first thought. It was big enough when it was believed to have affected around a billion users, but Yahoo has now provided an update indicating that the number is in fact three billion. Or, to put it another way, every single Yahoo user.

Yahoo, now part of Oath, has issued a statement in which it stresses that the updated figure does not represent "a new security issue" and that plaintext passwords were not accessed. The biggest data breach in history just got even bigger, and it's going to take a lot for Yahoo, Oath and Verizon -- the new owner -- to move on from it.

Continue reading

HPE gave Russia access to Pentagon security software

HPE has come under fire over claims that it gave Russian defense forces access to review software it sold to the Pentagon to supposedly protect the agency's networks.

According to regulatory records seen by Reuters, HPE gave Russian defense agencies access to its ArcSight software as part of a bid to gain the certification needed to sell its software to the Russian public sector.

Continue reading

Equifax data breach may be state-sponsored

The Equifax hack that saw data of millions of Americans compromised might as well have been state-sponsored, new media reports have claimed .

As the investigation unfolds, reports have started coming out that some elements of the attack point to a state-sponsored play, although nobody is pointing any fingers.

Continue reading

Art for data's sake -- pop-up shop takes personal information as payment

data dollar store

Cyber security company Kaspersky Lab has been running an interesting experiment in London with a shop that only accepts personal data as payment.

The Data Dollar Store provided shoppers with the opportunity to get their hands on exclusive prints and artwork by street artist Ben Eine. The difference came at the checkout where the only way to pay was with Data Dollars -- a new currency created by Kaspersky Lab that consists of a customer's personal data held on smartphones such as images, video or texts.

Continue reading

Conversational interface helps insider threat detection

Threat

Lack of visibility into endpoints poses a major issue for enterprises as IT administrators can be left in the dark about where data is and how it's being used.

This means that when data breaches occur it can take longer to detect the source. A new tool from ThinAir aims to shorten this detection time by analyzing interactions and making information available via a conversational interface.

Continue reading

How to protect your company from 'zero-day' exploits

Is your company protected from zero-day exploits? Do you even understand what these threats are and how they can affect you? If you don’t, chances are you won’t be prepared when a hacker takes advantage of one of these exploits and steals a large amount of sensitive information from you.

Zero-day exploits are no joke -- some of the most costly cyber-attacks in history have come from hackers using these vulnerabilities. They can cost you more than just a lot of money; they can make your customers lose faith in your ability to protect their information. What can you do to deal with these exploits? Fortunately, there are a few ways to keep your network and the data you store safe and sound.

Continue reading

Cyber risks are being created by departments outside IT

risk jigsaw piece

More risks are being created by departments outside of IT, but it's still the IT department's problem according to a new survey.

The study by identity platform SailPoint shows that 55 percent of respondents believe one of the key reasons that non-IT departments introduce the most risk is that they often lack the understanding of what actions and behaviors are potentially hazardous.

Continue reading

UK's confused Home Secretary doesn't understand encryption -- but wants to 'combat' it anyway

The UK Home Secretary, Amber Rudd, has admitted that she doesn't understand end-to-end encryption, but still wants to "to find the best way to combat" it anyway. Speaking at the Conservative Party conference, she said that Silicon Valley had a "moral obligation" to help fight the crime and terrorism she believes is abetted by encryption technology.

Despite having previously voiced support for back doors into systems such as WhatsApp, Rudd said she does not want such access, nor is she seeking to ban encryption. Saying "I don't need to understand how encryption works to understand how it's helping -- end-to-end encryption -- the criminals," she added that she wants technology firms to make it easier for police and security services to access encrypted data.

Continue reading

How to properly implement identity and access management

ID verification

Identity and access management (IAM) is all about ensuring that the right people have the right access to the right resources and being able to prove that all the access is legitimate. But as those heavily involved in IAM know, that is much easier said than done. There’s a lot that goes into getting all of these elements "right."

First, you must set up the accounts that enable a user to get to the resources they need -- often called provisioning (and its dangerous sister, de-provisioning, when said user no longer needs that access). Second, in order for that account to grant the appropriate access, there has to be a concept of authorization which provides a definition for what is allowed and not allowed with that access. And third, there should be some way to make sure that provisioning and de-provisioning are done securely with efficiency and that the associated authorization is accurate -- i.e. everyone has exactly the access they need, nothing more and nothing less.

Continue reading

© 1998-2017 BetaNews, Inc. All Rights Reserved. Privacy Policy.