Articles about Security

If you have personal files that you want to be able to access when on the go, but don’t trust cloud providers to keep them safe, and are worried about the dangers of storing them on a USB memory stick which could be easily lost or stolen, the best solution is to use a 100 percent hardware encrypted USB drive like the Aegis Padlock SSD.

This is a much more secure solution than using software encryption and is designed to meet NIST FIPS (Federal Information Processing Standard) 140-2 Level 2 requirements. The SSD drive protects data as it’s being written with military grade 256-bit AES XTS encryption, and is small enough to fit comfortably in any pocket.

Continue reading →

Millennials and members of Generation Z suffer more from cyberthreats than baby boomers do, according to a new report from the National Cyber Security Alliance and data analytics company CybSafe.

Kicking off Cybersecurity Awareness Month, the report, based on polling of 2,000 people across the US and UK, shows that 44 percent of millennials and 51 percent of Gen Zers have experienced a cyber threat while only 21 percent of baby boomers have.

Continue reading →

The death of the password has been predicted for a long time, but although it's been augmented by things like multi-factor authentication and biometrics, it still clings to life.

However, businesses are looking for ways to eliminate fraud without impacting the customer experience. One way to do this is to use location technology to provide ‘zero factor’ authentication, allowing businesses to protect themselves and their customers without disrupting the customer experience.

Continue reading →

Active Directory, the directory-based identity services platform, is used by 90 percent of enterprises worldwide making it an attractive target for hackers.

New research part sponsored by Attivo Networks and conducted by Enterprise Management Associates (EMA) shows half of organizations experienced an attack on Active Directory in the last two years, with over 40 percent saying the attack was successful.

Continue reading →

Google is announcing its sponsorship of the Secure Open Source (SOS) pilot program, run by the Linux Foundation, which financially rewards developers for enhancing the security of critical open source projects.

Google is starting with a $1 million investment and plans to expand the scope of the program based on community feedback.

Continue reading →

Activity on dark web marketplaces that trade access to compromised networks has increased dramatically in the last year with sales up 50 percent, according to a new report by the threat research team at Lumu Technologies.

Criminal gangs are diversifying their monetization vehicles to extract maximum value from their efforts. Where in the past they would have been selling credit card and bank details, now access to mail servers, networks and more is on offer. Access to remote desktop protocols is particularly attractive.

Continue reading →

The National Security Agency (NSA) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) have joined forces to publish guidelines design to help people make informed choices when selecting a VPN.

In the joint NSA-CISA information sheet, the organizations provide help and advice in a range of areas including not only choosing a reliable, trustworthy VPN, but also how to configure a VPN for maximum security and a reduced attack surface.

Continue reading →

Researchers from the Computer Science departments of Birmingham and Surrey Universities have discovered a way for hackers to make large, unauthorized payments from locked iPhones by exploiting the functionality of Apple Pay.

The academic researchers found that the attack works on Visa cards in Express Transit mode in an iPhone's wallet. They were able to make a contactless payment of £1,000 (around $1,350) without unlocking the iPhone being used. Despite having been reported to Apple a year ago, the issue remains unfixed.

Continue reading →

Security experts have spent years driving home the message that HTTPS connections are safer, but a new report released today reveals that 91.5 percent of malware arrived over encrypted connections in the second quarter of this year.

The quarterly internet security report from WatchGuard Technologies also shows alarming surges across fileless malware threats, dramatic growth in ransomware and a big increase in network attacks.

Continue reading →

Financial crime is on the increase and attackers must be stopped in their tracks. Financial service organizations new and old need to ensure they have the right technology in place to predict, detect and deter fraud, whilst ensuring minimal disruption to the customer journey.

We spoke to Martin Rehak, CEO of Resistant AI to find out how sophisticated artificial intelligence can detect known criminal practices and more importantly, predict the unknown emerging patterns of financial crime.

Continue reading →

High-profile ransomware and software supply chain disruptions are driving increased attention on software security, according to the latest Building Security In Maturity Model (BSIMM) report from Synopsys.

The BSIMM12 data indicates a 61 percent increase in software security groups' identification and management of open source over the past two years, almost certainly due to the popularity of open source components in modern software and the rise of attacks using open source projects as vectors.

Continue reading →

It isn't just big companies that suffer from cyberattacks. Increasingly smaller companies have become attractive targets as they have fewer resources to defend themselves.

Managed detection and response specialist deepwatch is today launching a new solution for medium sized businesses to significantly strengthen their protection against cyber threats.

Continue reading →

A majority of companies in the Forbes Global 2000 have been slow to adopt domain security measures that could help prevent them from ransomware attacks.

A new report from CSC finds 57 percent of the Global 2000 are relying on off-the-shelf consumer-grade domain registrars who offer limited security mechanisms to protect against domain and DNS hijacking.

Continue reading →

It's well known that security teams are suffering from alert overload and new research from Invicti Security shows that false positives and the need for manual verification are serious problems.

Analysis of six years' worth of real-world vulnerability data shows enterprise security teams are spending nearly 10,000 hours a year checking unreliable vulnerability reports, and this could cost as much as half a million dollars annually.

Continue reading →

Microsoft is set to begin rolling out Windows 11 next week. For the most part, any programs you run on Windows 10 should run just fine on the new OS, although there will be exceptions.

Antivirus and security solutions are not all certified yet and installing security software that hasn't been fully tested with the new operating system could prove disastrous. Don't worry though, as antivirus testing service AV-Comparatives has done the hard work for you and today releases a list of "approved" security software. Is yours on the list?

Continue reading →