Articles about Security

A security flaw in Microsoft Teams made it possible for attackers to take over accounts just by getting a victim to view a GIF. The vulnerability stemmed from the way in which Teams handles images and could allow for account takeovers and data theft.

Security firm CyberArk discovered the issue over a month ago and then worked with the Microsoft Security Research Center under Coordinated Vulnerability Disclosure to get the vulnerability fixed. With COVID-19 leading to a huge increase in the number of people working remotely and relying on the likes of Zoom and Teams, the prospect of such an easily exploitable vulnerability is concerning.

Continue reading →

Well known for its endpoint protection and malware removal solutions, Malwarebytes is now moving into the online privacy space with the launch of its own VPN.

Malwarebytes Privacy aims to offer best-in-class encryption without compromising on performance. It doesn't log the user's online activities and it offers a choice of virtual servers from over 30 countries in order to protect their real location.

Continue reading →

The ever changing landscape of cybersecurity means it can be hard for any one organization to stay on top of all the latest threats.

To address this problem, Trustwave is expanding its cybersecurity collaboration platform to help businesses around the world meet security challenges.

Continue reading →

It is a little while since Proton Technologies announced that ProtonVPN was being open sourced to help build trust in the service. Now the company has done the same for the Android version of ProtonMail, and this means that all ProtonMail and ProtonVPN apps are now open source

Just as with ProtonVPN, the open sourcing of ProtonMail opens it up not only to the scrutiny of anyone who cares to trawl through the source code, but it has also been subjected to a third-party security audit.

Continue reading →

Researchers at Check Point have revealed how a sophisticated cybercrime gang managed to trick three UK private equity firms to steal hundreds of thousands of pounds.

The gang, named 'The Florentine Banker,' got away with over £500,000 following a complex business email compromise (BEC) attack.

Continue reading →

Security firm ZecOps has published research about security vulnerabilities affecting iPhones and iPads. The critical flaws are yet to patched by Apple and are said to be actively used to target high-profile users such as journalists, employees of Fortune 500 companies and VIPs.

What's particularly worrying about the flaws is that they can be exploited by sending a message that appears to be blank. Opened in iOS Mail, the message can be used to run code and spy on activity without the need for any interaction from the victim. There is a suggestion that a nation-state could be involved.

Continue reading →

Zoom Video Communications has announced details of Zoom 5.0, a major update to its video conferencing client which goes a long way to addressing many of the security and privacy issues that have been found in recent weeks.

With the upcoming release, users can benefit from the addition of AES 256-bit GCM encryption, as well as the ability to choose routing options for calls.

Continue reading →

The need to protect remote working is exercising many organizations at the moment. Abnormal Security is launching a new Microsoft Teams Protection product to help guard the platform against social engineering attacks.

It automatically detects suspicious messages sent within a customer's Microsoft Teams environment, lowering the risk of phishing attacks infiltrating internal Teams communication channels.

Continue reading →

The latest Global Security Report from Trustwave, based on analysis of more than a trillion logged events in 2019, reveals that corporate systems continue to be most targeted by cybercriminals, at 54 percent.

This is followed by e-commerce at 22 percent down five percent when compared to 2018. Cloud services have seen the biggest increase and are now the third most targeted environment accounting for 20 percent of investigated incidents up significantly from seven percent the previous year.

Continue reading →

New research from vulnerability management specialist Kenna Security seeks to quantify the comparative risk of using assets based on Microsoft, Apple, Linux, or Unix platforms, as well as network devices.

The study finds that asset mix plays a key role in determining the number of security vulnerabilities an organization has to contend with every month along with its ability to minimize cyber risk.

Continue reading →

A new survey reveals that 75 percent of respondent companies rely on legacy network security technologies from big-name vendors such as Cisco, Palo Alto Networks and Fortinet.

The study from secure network provider Tempered also shows 70 percent would opt to make their networks invisible to bad actors if that was possible, but these older technologies don't allow it.

Continue reading →

Zoom's privacy and security issues have been in the headlines for a number of weeks now, causing concern for lots of users. But many people have no option but to use the software after it has been selected by the company they work for.

If you find that you have to use Zoom, there are steps you can take to ensure your experience is as safe as possible. Security firm Kaspersky has offered up a series of tips to boost your security and privacy on the platform.

Continue reading →

Just a quarter (24 percent) of end-of-life equipment is being cleaned up and reused, while 39 percent of organizations physically destroy end-of-life IT equipment according to a new study.

Research from data erasure specialist Blancco Technology Group looks at the issues associated with the corporate sustainability practices that some of the world's largest enterprises are following today.

Continue reading →

While many industries are struggling to continue during the lockdown, the cybercrime business is gearing up to exploit the economic stimulus and relief payments being offered around the world.

Researchers at Check Point have seen COVID-19 related cyberattacks rise to an average of 14,000 a day this month, which is six times the average number of daily attacks compared to March.

Continue reading →

The unrelenting criticism of Zoom continues, with India being the latest to slap an official ban on the video conferencing tool.

Voicing concerns that Zoom is "not a safe platform", the Indian Cyber Coordination Centre issued an advisory saying that the tool is "not for use by government offices/officials for official purpose". But the country recognizes that many people will want or need to continue using Zoom and the ministry of home affairs has issued a helpful guide to safe use of the service.

Continue reading →