Articles about Security

As the world increasingly turns to mobile devices to access the internet and conduct business, so firms are eager to put out their own apps.

But new research from security ratings company BitSight reveals that many companies may be rushing out apps that have vulnerabilities which could lead to data leakage, privilege abuse, unencrypted personally identifiable information (PII), and credential theft.

Continue reading →

Bitcoin has once again demonstrated its volatility, dropping in value by 10 percent following news of an attack and theft from the South Korean exchange Coinrail.

Coinrail has confirmed that it suffered a "cyber intrusion" and while it did not specify the value of the coins stolen, local news outlet Yonhap News estimated it to be $37.28 million based on a loss of about 30 percent of the coins traded on the exchange.

Continue reading →

A security researcher has discovered a vulnerability in the OnePlus 6 bootloader. The flaw makes it possible for someone to boot arbitrary or modified images -- even if the bootloader is locked.

Exploiting the vulnerability requires someone to have physical access to the phone, and after this it is a relatively simple task to restart the handset in fastboot mode. From here is would be possible to load a modified boot image, including one that has root access.

Continue reading →

Currency miners continue to top the malware charts according to Check Point Software's latest Global Threat Index.

May 2018 marks the fifth consecutive month where cryptomining malware has dominated Check Point's index. The Coinhive cryptominer impacted 22 percent of organizations globally during May -- up from 16 percent in April, an increase of nearly 50 percent.

Continue reading →

Last week event ticketing company Ticketfly suffered a cyberattack which saw the site taken offline for a number of days. The site is now back up and running, and Ticketfly has revealed the extent and impact of the hack.

The company says that data from 27 million Ticketfly accounts was accessed, including names, addresses, email addresses and phone numbers. Customers are assured that passwords and credit card details remain safe.

Continue reading →

Using one of four common attack vectors, 71 percent of surveyed IT professionals believe they could successfully hack any organization.

Based on a survey carried out among attendees to the RSA Conference in April 2018 by vulnerability management specialist Outpost24, 34 percent say that they would use social engineering, 23 percent say they would enter via insecure web applications, 21 percent via mobile devices, while a further 21 percent say they would enter via a public cloud.

Continue reading →

Cybercriminals are increasingly using the dark web to facilitate cryptocurrency theft on a large scale, according to cybersecurity company Carbon Black.

The company’s research has uncovered a total of $1.1 billion in cryptocurrency-related thefts during the past six months and finds there are currently an estimated 12,000 dark web marketplaces selling approximately 34,000 offerings related to crypto theft.

Continue reading →

As we enter the summer people start to go away on vacations and visit sporting events like this year's World Cup in Russia, potentially exposing their digital devices and data to extra risks.

VPN advice service vpnMentor has produced a report looking at the particular risks travelers face and how they can protect themselves.

Continue reading →

It's just a couple of weeks since we first heard about the VPNFilter malware. Linked to Russia, the malware hit 500,000 routers around the world, but now Cisco's Talos security researchers are warning that the problem is much worse than anyone thought.

Initially thought to only affect SOHO routers and storage devices from Linksys, MikroTik, Netgear, TP-Link, and QNAP , the at-risk list has been extended to include consumer-grade routers from Linksys, MikroTik, Netgear and TP-Link. Researchers have also discovered that the malware is more powerful than initial assessments suggested -- it is now known to be able to bypass SSL encryption and perform man-in-the-middle attacks.

Continue reading →

Mobile devices now account for around half of web traffic and inevitably that makes them more attractive to hackers who see new attack routes via mobile apps.

The Information Security Forum is launching a new paper, Securing Mobile Apps: Embracing Mobile, Balancing Control, describing the security challenges associated with acquiring, using and operating mobile apps, and suggesting actions to manage those challenges, while maintaining the business benefits.

Continue reading →

Security operations centers are understaffed according to 45 percent of professionals who work in them, and of those, 63 percent think they could use anywhere from two to 10 additional employees.

This is among the findings of a new survey from Exabeam released today at Infosecurity Europe. It shows 62 percent of managers and frontline employees see inexperienced staff as a problem, compared to just 21 percent of CIO and CISOs.

Continue reading →

MyHeritage -- a website that helps people research their family tree and also offers a DNA testing service -- has suffered a "cybersecurity incident". A file containing the usernames and hashed passwords of more than 92 million users was discovered on an external server by a security researcher.

The file was found to be genuine and MyHeritage is now undertaking an investigation to determine what happened. The security breach affects all users who signed up to the site up to October 26, 2017. The company says that it is taking steps to inform the relevant authorities in line with GDPR.

Continue reading →

A study by cybersecurity company Webroot in conjunction with the Ponemon Institute finds Florida to be the worst state in the US for cyber-hygiene.

Ponemon surveyed 4,000 people across the US about their cybersecurity knowledge and internet safety practices. Wyoming and Montana come close behind Florida in poor internet habits. The safest online behavior is displayed in New Hampshire, Massachusetts, and Utah.

Continue reading →

A poll of 1,000 IT professionals across North America and Europe finds that while 88 percent of respondents acknowledge the importance of endpoint management, nearly a third don't know how many endpoints they actually manage.

The study by identity and access management company LogMeIn shows a worrying 30 percent of IT professionals don't know how many endpoint devices exist within their organization. Those who do report an average of 750 endpoints including servers, employee computers and mobile devices.

Continue reading →

Serverless computing is increasingly popular as it allows developers to upload code for functions to the cloud rather than run it on local servers.

But specialist in serverless security PureSec has released a report detailing how hackers can turn a single vulnerable serverless function into a virtual cryptomining farm by taking advantage of the scaleable nature of the architecture.

Continue reading →